Adam (adam-duby)

adam-duby

Geek Repo

Company:USMA

Location:New York

Github PK Tool:Github PK Tool

Adam's starred repositories

MalwareSourceCode

Collection of malware source code for a variety of platforms in an array of different programming languages.

flare-vm

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

Language:PowerShellLicense:Apache-2.0Stargazers:6198Issues:202Issues:501

examples

Home for Elasticsearch examples available to everyone. It's a great way to get started.

Language:Jupyter NotebookLicense:Apache-2.0Stargazers:2632Issues:497Issues:144

EDR-Telemetry

This project aims to compare and evaluate the telemetry of various EDR products.

Windows-Local-Privilege-Escalation-Cookbook

Windows Local Privilege Escalation Cookbook

Language:PowerShellLicense:MITStargazers:879Issues:11Issues:1

WinDbg-Samples

Sample extensions, scripts, and API uses for WinDbg.

Language:C++License:MITStargazers:697Issues:56Issues:33

Ghidrathon

The FLARE team's open-source extension to add Python 3 scripting to Ghidra.

Language:JavaLicense:Apache-2.0Stargazers:675Issues:9Issues:67

forensictools

Collection of forensic tools

Language:Inno SetupLicense:Apache-2.0Stargazers:490Issues:4Issues:12

Voidgate

A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page.

Language:C++License:BSD-3-ClauseStargazers:409Issues:6Issues:2

WinDbg_Scripts

Useful scripts for WinDbg using the debugger data model

arttoolkit.github.io

A RedTeam Toolkit

Language:HTMLLicense:GPL-3.0Stargazers:373Issues:6Issues:2

PCAP-ATTACK

PCAP Samples for Different Post Exploitation Techniques

MDE-DFIR-Resources

A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.

python-for-cybersecurity

This repository holds the Python scripts discussed in the Infosec Institute's Python for Cybersecurity learning Path

Language:JavaScriptLicense:GPL-3.0Stargazers:289Issues:12Issues:7

CVE-2024-26229

CWE-781: Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code

Musa.Veil

Collection of undocumented Windows API declarations.

Language:CLicense:MITStargazers:275Issues:13Issues:5

hunter

A threat hunting / data analysis environment based on Python, Pandas, PySpark and Jupyter Notebook.

Language:Jupyter NotebookLicense:MITStargazers:232Issues:26Issues:2

Packer_Development

Slides & Code snippets for a workshop held @ x33fcon 2024

Language:CLicense:BSD-3-ClauseStargazers:210Issues:3Issues:1

pcaps

Public Repository of all Publicly Available Packet Captures that I've used or come across

windows-security-internals

A repository for additional files related to the book Windows Security Internals with PowerShell from No Starch Press.

Language:PowerShellLicense:Apache-2.0Stargazers:110Issues:3Issues:0

SimpleEDR

Simple EDR that injects a DLL into a process to place a hook on specific Windows API

Language:NimStargazers:88Issues:2Issues:0

Events-Ripper

Project based on RegRipper, to extract add'l value/pivot points from TLN events file

Language:PerlLicense:GPL-3.0Stargazers:72Issues:6Issues:1

CVE-2024-21345

Proof-of-Concept for CVE-2024-21345

Language:CStargazers:69Issues:3Issues:0

oca-iob

Augmentation to Machine Readable CTI

Language:PythonLicense:NOASSERTIONStargazers:25Issues:6Issues:2

Microsoft-ASR-to-MITRE-ATTACK-Mapping-Project

This project aims to bridge the gap between Microsoft Attack Surface Reduction (ASR) rules and MITRE ATT&CK by mapping ASR rules to their corresponding ATT&CK techniques. The primary goal is to enhance the understanding of how ASR rules align with the ATT&CK framework.

License:GPL-3.0Stargazers:19Issues:0Issues:0

CVE-2024-21338

PoC for the Untrusted Pointer Dereference in the appid.sys driver