Pinned Repositories
active-directory-pentest
Advanced-Process-Injection-Workshop
CobaltStrike-Toolset
Aggressor Script, Kits, Malleable C2 Profiles, External C2 and so on
dashboards-reporting
ebpf
Elastic's eBPF
GMSAPasswordReader
Hunting-Queries-Detection-Rules
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
logstash-input-jdbc
Logstash Plugin for JDBC Inputs
opensearch-build-libraries
PCAP-ATTACK
PCAP Samples for Different Post Exploitation Techniques
theomilan3's Repositories
theomilan3/PurpleCloud
A little tool to play with Azure Identity - Azure Active Directory lab creation tool
theomilan3/go-ucfg
Golang universal configuration
theomilan3/logstash-filter-elastic_integration
Placeholder for the Elastic Integrations filter for Logstash, which will run Ingest Pipelines
theomilan3/Uncoder_IO
An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.
theomilan3/elastic-integration-corpus-generator-tool
Command line tool used for generating events corpus dynamically given a specific integration
theomilan3/detection-rules
Rules for Elastic Security's detection engine
theomilan3/SharpUp
SharpUp is a C# port of various PowerUp functionality.
theomilan3/industry
This repository provides holistic architecture design and reference implementation for industry cloud based on proven success of large scale deployments and at-scale adoption with customers and partners.
theomilan3/website
Kubernetes website and documentation repo:
theomilan3/gMSADumper
Lists who can read any gMSA password blobs and parses them if the current user has access.
theomilan3/terraform-provider-ec
Terraform provider for the Elasticsearch Service and Elastic Cloud Enterprise
theomilan3/testfx
MSTest framework and adapter
theomilan3/security-docs
Home for Elastic Security Documentation
theomilan3/DCSecurityOperations
A collection of Microsoft Sentinel workbooks and analytics rules.
theomilan3/luceneutil
Various utility scripts for running Lucene performance tests
theomilan3/ADRecon1111111111
ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.
theomilan3/opensearch-build-libraries
theomilan3/MDE-DFIR-Resources
A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.
theomilan3/ebpf
Elastic's eBPF
theomilan3/PXEThief
PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager
theomilan3/WinPwn111
Automation for internal Windows Penetrationtest / AD-Security
theomilan3/MFT_Browser
$MFT directory tree reconstruction & FILE record info
theomilan3/Direct-Syscalls-vs-Indirect-Syscalls
The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
theomilan3/SweetPotato1222
Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019
theomilan3/precompiled-binaries
Collection of useful pre-compiled .NET binaries or other executables for penetration testing Windows Active Directory environments
theomilan3/ntlmv1-multi
NTLMv1 Multitool
theomilan3/CSSG
Cobalt Strike Shellcode Generator
theomilan3/Threat-Hunting-and-Detection
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
theomilan3/penetration-testing
Penetration testing notes consolidated from many sources including courses, certifications, videos, and other documented notes
theomilan3/mortar
evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)