David B.'s repositories
SUDO_KILLER
A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.
OffensiveCloud
Offensive security and Penetration Testing TTP for Cloud based environment (AWS / Azure / GCP)
AutomatedBadLab
Scripts to provision vulnerable and testing environments using AutomatedLab
AzureAD-Attack-Defense
This publication is a collection of various common attack scenarios on Azure Active Directory and how they can be mitigated or detected.
BlueTeam-Tools
Tools and Techniques for Blue Team / Incident Response
ciso-assistant-community
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +33 frameworks worldwide: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, Essential Eight, NYDFS-500, DORA, NIST AI RMF, 800-53, 800-171, CyFun, CJIS, AirCyber and so much more
evil-winrm-UA
The ultimate WinRM shell for hacking/pentesting
GOAD
game of active directory
hacktricks
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
KBlast
Windows Kernel Offensive Toolset
KeePwn
A python tool to automate KeePass discovery and secret extraction.
ldeep
In-depth ldap enumeration utility
LinikatzV2
Linikatz V2 is a bash script which allows post-exploitation tasks on UNIX computers joined to Active Directory
Locksmith
A small tool built to detect and fix common misconfigurations in Active Directory Certificate Services.
MFASweep
A tool for checking if MFA is enabled on multiple Microsoft Services
Misconfiguration-Manager
Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.
MultiDump
MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly.
OffensiveNim
My experiments in weaponizing Nim (https://nim-lang.org/)
psudohash
Generates millions of keyword-based password mutations in seconds.
PurpleOps
An open-source self-hosted purple team management web application.
RedTeam-Tools
Tools and Techniques for Red Team / Penetration Testing
rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance
RustRedOps
🦀 | RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team, with a specific focus on the Rust programming language. (In Construction)
SharpTokenFinder
C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps
ssh3
SSH3: faster and rich secure shell using HTTP/3, checkout our article here: https://arxiv.org/abs/2312.08396
tor-socks-proxy
🐳 Tiny Docker image (🤏 10MB) as 🧅 Tor SOCKS5 proxy 🛡
trufflehog
Find and verify credentials
VISION-ProcMon
A ProcessMonitor visualization application written in rust.