pprpst

pprpst's Stars

• mandiant/commando-vm

  Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com

  Language:PowerShell6.9k2832311.3k

• LordNoteworthy/al-khaser

  Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

  Language:C++5.8k2391011.2k

• mitre/caldera

  Automated Adversary Emulation Platform

  Language:Python5.5k1677521.1k

• clong/DetectionLab

  Automate the creation of a lab environment complete with security tooling and logging best practices

  Language:HTML4.6k154598981

• mandiant/capa

  The FLARE team's open-source tool to identify capabilities in executable files.

  Language:Python4.1k83964514

• TheWover/donut

  Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

  Language:C3.5k80103626

• ufrisk/MemProcFS

  MemProcFS

  Language:C3k83287367

• decalage2/oletools

  oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

  Language:Python2.9k102650564

• byt3bl33d3r/OffensiveNim

  My experiments in weaponizing Nim (https://nim-lang.org/)

  Language:Nim2.8k6929351

• elastic/detection-rules

  Language:Python1.9k901.5k487

• Neo23x0/yarGen

  yarGen is a generator for YARA rules

  Language:Python1.5k9134281

• NotPrab/.NET-Deobfuscator

  Lists of .NET Deobfuscator and Unpacker (Open Source)

  1.2k707260

• CCob/SharpBlock

  A method of bypassing EDR's active projection DLL's by preventing entry point exection

  Language:C#1.1k2010155

• Sentinel-One/CobaltStrikeParser

  Language:Python1k3718191

• Tylous/ZipExec

  A unique technique to execute binaries from a password protected zip

  Language:Go1k239156

• Apr4h/CobaltStrikeScan

  Scan files or process memory for CobaltStrike beacons and parse their configuration

  Language:C#8932713114

• Neo23x0/munin

  Online hash checker for Virustotal and other services

  Language:Python8094242147

• pan-unit42/iocs

  Indicators from Unit 42 Public Reports

  Language:PHP6961437150

• DissectMalware/XLMMacroDeobfuscator

  Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)

  Language:Python5682361115

• CCob/lsarelayx

  NTLM relaying for Windows made easy

  Language:C++53011264

• RedSiege/EXCELntDonut

  Excel 4.0 (XLM) Macro Generator for injecting DLLs and EXEs into memory.

  Language:Python499201196

• plackyhacker/Suspended-Thread-Injection

  Another meterpreter injection technique using C# that attempts to bypass Defender

  Language:C#2534347

• med0x2e/NoAmci

  Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().

  Language:C#2137047

• RomanEmelyanov/CobaltStrikeForensic

  Toolset for research malware and Cobalt Strike beacons

  Language:HTML20511040

• iomoath/SharpStrike

  A Post exploitation tool written in C# uses either CIM or WMI to query remote systems.

  Language:C#1975051

• EncodeGroup/UAC-SilentClean

  New UAC bypass for Silent Cleanup for CobaltStrike

  Language:C#1879129

• SherifEldeeb/TinyMet

  A "tiny" meterpreter stager

  Language:C++12713043

• curated-intel/Initial-Access-Broker-Landscape

  A visualized overview of the Initial Access Broker (IAB) cybercrime landscape

  107819

• center-for-threat-informed-defense/attack_to_veris

  🚨ATTENTION🚨 The VERIS mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.

  Language:Python707027

• apger/SA-RBA

  Risk Based Alerting Supporting Add-On (SA) for Splunk

  Language:Python441269