LsvanDarko

monarch

Monarch - The Adversary Emulation Toolkit

Real-Time-Voice-Cloning

Clone a voice in 5 seconds to generate arbitrary speech in real-time

dvenom

🐍 Double Venom (DVenom) is a tool that provides an encryption wrapper and loader for your shellcode.

god-mode-rules

God Mode Detection Rules

steady-tun

Secure TLS tunnel with pool of prepared upstream connections

DataBouncing

DanderSpritz_docs

The goal of this project is to examine, reverse, and document the different modules available in the Equation Group's DanderSpritz post-exploitation framework leaked by the ShadowBrokers

DefenderHarvester

Expose a lot of MDE telemetry that is not easily accessible in any searchable form

obfuscator

PE bin2bin obfuscator

sliver-sdk

Sliver SDK

PoolPartyBof

A beacon object file implementation of PoolParty Process Injection Technique.

AtlasLdr

Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls

PESecurity

PowerShell module to check if a Windows binary (EXE/DLL) has been compiled with ASLR, DEP, SafeSEH, StrongNaming, and Authenticode.

fishy

Toolkit for Filesystem based Data Hiding Techniques.

pacu

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

CloakQuest3r

Uncover the true IP address of websites safeguarded by Cloudflare & Others

NetfoxDetective

Network Forensic Extendable Analysis Tool

PoolParty

A set of fully-undetectable process injection techniques abusing Windows Thread Pools

evilrdp

bluffs

Bluetooth Forward and Future Secrecy Attacks and Defenses (BLUFFS) [CVE 2023-24023]

GhostWriting

GhostWriting Injection Technique.

Nemesis

An offensive data enrichment pipeline

IMDSpoof

IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.

AD-Canaries

The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory Canary objects.

Uncoder_IO

An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.

RestrictedPython

A restricted execution environment for Python to run untrusted code.

miasm

Reverse engineering framework in Python

BestEdrOfTheMarket

Little user-mode AV/EDR evasion lab for training & learning purposes

dnschef-ng

DNSChef (NG) - DNS proxy for Penetration Testers and Malware Analysts

MDE-DFIR-Resources

A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.