张德帅's repositories
Hacking-With-Golang
Golang安全资源合集
Benchmarks
常用服务器、数据库、中间件安全配置基线 - 基本包括了所有的操作系统、数据库、中间件、网络设备、浏览器,安卓、IOS、云的安全配置 For benchmarks.cisecurity.org
Webapp_rule.yaml
exploitable 3rd-party web applications on a network
IOXIDResolver
Collects Remote Network Interfaces
AzureADLateralMovement
Lateral Movement graph for Azure Active Directory
CheckSafeBoot
I used this to see if an EDR is running in Safe Mode
dankAlerts
dankAlerts is powered by Sysmon and Memes. Would you notice if a suspicious process was recorded in the event log?
Exploit_Dev
Exploits, Exploits, Exploits and more Exploits!
Fake-flash.cn
www.flash.cn 的钓鱼页,中文+英文
GhostLoader
GhostLoader - AppDomainManager - Injection - 攻壳机动队
impacket
Impacket is a collection of Python classes for working with network protocols.
jackdaw
gather gather gather
Kamerka-GUI
Ultimate Internet of Things/Industrial Control Systems reconnaissance tool.
m0chan.github.io
m0chan.github.io
OffensivePipeline
OffensivePipeline allows to download, compile (without Visual Studio) and obfuscate C# tools for Red Team exercises.
POPFuckProxy
POP3 MITM example
pwn-pulse
Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)
pyrdp
RDP man-in-the-middle (mitm) and library for Python 3 with the ability to watch connections live or after the fact
RogueWinRM
Windows Local Privilege Escalation from Service Account to System
SharpCore
SharpCore is a C#.NET Remote Administration Tool (RAT) Framework
Spray-AD
A Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passwords.
UhOh365
A script that can see if an email address is valid in Office365 (user/email enumeration). This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering assessments to find which emails exist and which don't.
Weaponry
;)