Defensive Origins's repositories
APT06202001
Applied Purple Teaming - (ITOCI4hr) - Infrastructure, Threat Optics, and Continuous Improvement - June 6, 2020
AtomicPurpleTeam
Atomic Purple Team Framework and Lifecycle
APT-Lab-Terraform
Purple Teaming Attack & Hunt Lab - Terraform
APT-Lab-FastOpticsSetup
Scripts to threat optics stack quickly / abbreviated and automated. Run after APT-Lab-Terraform
APT-PreReqs
Applied Purple Teaming Course Pre-Requisites
SentinelKQL
Some supporting KQL queries for a blog
OpticsBuilder
Install Threat Optics
BloodHound
Six Degrees of Domain Admin
MSSentinelSysmonParser
A simple parser for Sysmon logs through EID28 for Microsoft Sentinel
SILENTTRINITY
An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR
APT22Things
Location for a few things necessary for APT22
BadBlood
BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
windows-event-forwarding
A repository for using windows event forwarding for incident detection and response
ADD_Extras
ADD Extras
DomainPasswordSpray
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!
DTEsrc2022
Additional resources for DTE 2022
HostRecon
This function runs a number of checks on a system to help provide situational awareness to a penetration tester during the reconnaissance phase. It gathers information about the local system, users, and domain information. It does not use any 'net', 'ipconfig', 'whoami', 'netstat', or other system commands to help avoid detection.
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
PowerTools
PowerTools is a collection of PowerShell projects with a focus on offensive operations.
sysmon-modular
A repository of sysmon configuration modules
SysmonCommunityGuide
TrustedSec Sysinternals Sysmon Community Guide