Pinned Repositories
aggressor-scripts
Cobalt Strike Aggressor Scripts
cs2modrewrite
Convert Cobalt Strike profiles to modrewrite scripts
domainhunter
Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names
malleable-c2
Cobalt Strike Malleable C2 Design and Reference Guide
metatwin
The project is designed as a file resource cloner. Metadata, including digital signature, is extracted from one file and injected into another.
pasties
A collection of random bits of information common to many individual penetration tests, red teams, and other assessments
random_c2_profile
Cobalt Strike random C2 Profile generator
red-team-scripts
A collection of Red Team focused tools, scripts, and notes
threatbox
ThreatBox is a standard and controlled Linux based attack platform. I've used a version of this for years. It started as a collection of scripts, lived as a rolling virtual machine, existed as code to build a Linux ISO, and has now been converted to a set of ansible playbooks. Why Ansible? Why not? This seemed a natural evolution.
tinyshell
Threat Express's Repositories
threatexpress/malleable-c2
Cobalt Strike Malleable C2 Design and Reference Guide
threatexpress/domainhunter
Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names
threatexpress/red-team-scripts
A collection of Red Team focused tools, scripts, and notes
threatexpress/random_c2_profile
Cobalt Strike random C2 Profile generator
threatexpress/cs2modrewrite
Convert Cobalt Strike profiles to modrewrite scripts
threatexpress/metatwin
The project is designed as a file resource cloner. Metadata, including digital signature, is extracted from one file and injected into another.
threatexpress/tinyshell
threatexpress/aggressor-scripts
Cobalt Strike Aggressor Scripts
threatexpress/pasties
A collection of random bits of information common to many individual penetration tests, red teams, and other assessments
threatexpress/threatbox
ThreatBox is a standard and controlled Linux based attack platform. I've used a version of this for years. It started as a collection of scripts, lived as a rolling virtual machine, existed as code to build a Linux ISO, and has now been converted to a set of ansible playbooks. Why Ansible? Why not? This seemed a natural evolution.
threatexpress/subshell
SubShell is a python command shell used to control and execute commands through HTTP requests to a webshell. SubShell acts as the interface to the remote webshells.
threatexpress/invoke-pipeshell
SMB Named Pipe shell
threatexpress/portplow
PortPlow is a distributed port and system scanning & enumeration service. It enables the quick and automated enumeration of ports and services from multiple systems managed by a central console.
threatexpress/persistence-aggressor-script
initial commit
threatexpress/edc
Event Data Collector
threatexpress/mythic2modrewrite
Generate Apache mod_rewrite rules for Mythic C2 profiles
threatexpress/threat-mitigation
Threat Mitigation Strategies
threatexpress/procdot_sandbox
ProcDot Malware Sandbox
threatexpress/cobaltstrike_payload_generator
Quickly generate every payload type for each listener and optionally host via HTTP.
threatexpress/redteamguide
Home of https://redteam.guide
threatexpress/threatexpress
threatexpress/tools
Tools