pprpst's Stars
mandiant/commando-vm
Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com
LordNoteworthy/al-khaser
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
mitre/caldera
Automated Adversary Emulation Platform
clong/DetectionLab
Automate the creation of a lab environment complete with security tooling and logging best practices
mandiant/capa
The FLARE team's open-source tool to identify capabilities in executable files.
TheWover/donut
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
ufrisk/MemProcFS
MemProcFS
decalage2/oletools
oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
byt3bl33d3r/OffensiveNim
My experiments in weaponizing Nim (https://nim-lang.org/)
elastic/detection-rules
Neo23x0/yarGen
yarGen is a generator for YARA rules
NotPrab/.NET-Deobfuscator
Lists of .NET Deobfuscator and Unpacker (Open Source)
CCob/SharpBlock
A method of bypassing EDR's active projection DLL's by preventing entry point exection
Sentinel-One/CobaltStrikeParser
Tylous/ZipExec
A unique technique to execute binaries from a password protected zip
Apr4h/CobaltStrikeScan
Scan files or process memory for CobaltStrike beacons and parse their configuration
Neo23x0/munin
Online hash checker for Virustotal and other services
pan-unit42/iocs
Indicators from Unit 42 Public Reports
DissectMalware/XLMMacroDeobfuscator
Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)
CCob/lsarelayx
NTLM relaying for Windows made easy
RedSiege/EXCELntDonut
Excel 4.0 (XLM) Macro Generator for injecting DLLs and EXEs into memory.
plackyhacker/Suspended-Thread-Injection
Another meterpreter injection technique using C# that attempts to bypass Defender
med0x2e/NoAmci
Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().
RomanEmelyanov/CobaltStrikeForensic
Toolset for research malware and Cobalt Strike beacons
iomoath/SharpStrike
A Post exploitation tool written in C# uses either CIM or WMI to query remote systems.
EncodeGroup/UAC-SilentClean
New UAC bypass for Silent Cleanup for CobaltStrike
SherifEldeeb/TinyMet
A "tiny" meterpreter stager
curated-intel/Initial-Access-Broker-Landscape
A visualized overview of the Initial Access Broker (IAB) cybercrime landscape
center-for-threat-informed-defense/attack_to_veris
🚨ATTENTION🚨 The VERIS mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.
apger/SA-RBA
Risk Based Alerting Supporting Add-On (SA) for Splunk