Giters
Cedric Owens (cedowens)

cedowens

Geek Repo

404

followers

36

following

162

stars

Home Page:https://medium.com/red-teaming-with-a-blue-team-mentaility

Twitter:@cedowens

Github PK Tool:Github PK Tool

Cedric Owens's repositories

SwiftBelt

A macOS enumeration tool inspired by harmjoy's Windows-based Seatbelt enumeration tool. Author: Cedric Owens

Language:SwiftLicense:BSD-3-ClauseStargazers:307Issues:14Issues:3

C2-JARM

A list of JARM hashes for different ssl implementations used by some C2/red team tools.

Stargazers:131Issues:14Issues:1

Swift-Attack

Unit tests for blue teams to aid with building detections for some common macOS post exploitation methods.

Language:SwiftLicense:BSD-3-ClauseStargazers:102Issues:8Issues:0

EntitlementCheck

Scripts (python3 and Swift) for macOS to recursively check /Applications and also check /usr/local/bin, /usr/bin, and /usr/sbin for binaries with problematic/interesting entitlements. Also checks for hardened runtime enablement

Language:SwiftStargazers:89Issues:3Issues:2

Inject_Dylib

Swift code to programmatically perform dylib injection

Language:SwiftStargazers:49Issues:4Issues:0

SwiftBelt-JXA

JXA implementation of some SwiftBelt functions. Author: Cedric Owens

Language:JavaScriptLicense:BSD-3-ClauseStargazers:42Issues:5Issues:0

Spotlight-Enum-Kit

JXA and swift code that can perform some macOS situational awareness without generating TCC prompts.

Language:SwiftStargazers:36Issues:4Issues:1

Presentations

Collection of Slides From My Conference Talks

Stargazers:21Issues:3Issues:0

docker-arsenal

Spins up a docker container with several useful tools for offensive security in macOS/cloud environments. Also installs the needed dependencies for each tool/utility during docker setup.

Language:DockerfileLicense:GPL-3.0Stargazers:17Issues:3Issues:0

Helpful_aws-scripts

python3 scripts to help with aws triage needs

Language:PythonStargazers:17Issues:3Issues:0

Dylib_Runner

Swift code to run a dylib on disk

Language:SwiftStargazers:16Issues:2Issues:0

Gitlab-Searcher

python3 script that pulls gitlab data of interest using a gitlab personal access token

Language:PythonLicense:BSD-3-ClauseStargazers:13Issues:1Issues:0

HELK-automation

Scripts to automate HELK server standup in Digital Ocean and filebeat on macOS to help automation of sending endpoint security logs from macOS hosts into HELK for building detections content

Language:ShellStargazers:12Issues:3Issues:0

ioreg-and-sysctl-examples

Examples of programmatically interacting with ioreg and sysctl to query system info

Language:SwiftStargazers:9Issues:3Issues:0

GoBelt

Golang programmatically invoking my SwiftBelt-JXA macOS system enumerator project (Golang running SwiftBelt-JXA via cgo)

Language:GoStargazers:8Issues:0Issues:0

JXA-Firefox

JXA Scripts for extracting data from Firefox

Language:JavaScriptStargazers:8Issues:0Issues:0

zshrc-persist-JXA

JXA script to add a macho binary to ~/.zshrc for persistence

Language:JavaScriptLicense:GPL-3.0Stargazers:8Issues:3Issues:0

LocalAdminChecker

Threaded C# code that uses wmic to quickly check a host's /24 subnet for other hosts the current user has local admin access to. Author: Cedric Owens

Language:C#Stargazers:7Issues:1Issues:0

okta-sprayer

Python3 Script to perform a password spray against an okta instance

Language:PythonStargazers:6Issues:2Issues:0

dns-TXT-exfil-test

Simple client/server in golang to help with testing data exfil detections over DNS TXT records

Language:GoStargazers:5Issues:1Issues:0

chromedp-remotedebugger-example

An example of how to use chromedp to run Chrome headless with the remote debugger port programmatically (is still a wrapper around the Chrome binary)

Language:GoStargazers:4Issues:1Issues:0

dns-exfil-test

Language:GoLicense:BSD-3-ClauseStargazers:4Issues:3Issues:0

JenkinsHunter

python3 script that searches a network range for instances of unauthenticated Jenkins hosts. Author: Cedric Owens

Language:PythonStargazers:4Issues:1Issues:0

LOOBins

Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in macOS binaries and how they can be used by threat actors for malicious purposes.

Language:PythonLicense:GPL-3.0Stargazers:3Issues:0Issues:0

modified-tcc-clickjack

modified version of Ron Masas's TCC-Clickjack Swift project

Language:SwiftStargazers:3Issues:1Issues:0

Modlishka

Modlishka. Reverse Proxy.

Language:GoLicense:NOASSERTIONStargazers:2Issues:2Issues:0

DGA-test

simple code to help with DGA nxdomain response testing

Language:GoStargazers:1Issues:1Issues:0

ForgeArmory

ForgeArmory provides TTPs that can be used with the TTPForge (https://github.com/facebookincubator/ttpforge).

Language:SwiftLicense:MITStargazers:1Issues:0Issues:0

http-uri-test

Language:GoStargazers:1Issues:1Issues:1

objc_rust

Simple example of running JXA code from rust

Language:Objective-CStargazers:0Issues:0Issues:0