Blake Regan's repositories
Hash-Huntress
PowerShell framework to detect the existence of files matching SHA-256 hashes provided to the framework, located in file path(s) provided to the framework, using WindowsRM. This tool was built to be a flexible framework that can be tailored to fit many situations.
ClamAVscan
Utilizing ClamAV, automatically scan USB drive for virus or malware, once mounted to a Raspberry Pi, or Linux device.
Get-LocalMembership-Domain
Powershell script to query local group membership on domain joined computers. Great for identifying a baseline, maintenance, and Incident Response.
Force-Reset-LAPS
Powershell script to force reset LAPS passwords across a domain by specifiying an OU or OU's. New values update at next Group Policy Enforcement.
Domain-Seek-And-Remove-Files
Powershell framework to find and remove files by name on Windows Active Directory domain. This script was built with purpose to cleanup vulnerable exe and utilities by name across a domain.
Presentations
Slide decks from presentations
MicrosoftActiveDirectoryModule
MicrosoftActiveDirectory Powershell Module
Perform-ResetNotify
Incident Response tool to reset a user or user(s) password, and send a notification email to the manager listed in AD, as well as helpdesk, and any other parties. A second email is sent, to manager, and same audience, using Office Message Encryption, with the password for first logon.
ad-honeypot-autodeploy
Deploy a small, intentionally insecure, vulnerable Windows Domain for RDP Honeypot fully automatically.
DefenderCheck
Identifies the bytes that Microsoft Defender flags on.
DomainPasswordSpray
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!
mitre-assistant
A more flexible & useful att&ck client
threat-tools
Tools for simulating threats
ValidateADObjectCheckIn
Utility to identify AD Member servers by LastLogonDate, using a TimeObject that you define.
Apollo
A .NET Framework 4.0 Windows Agent
awesome-flipperzero
🐬 A collection of awesome resources for the Flipper Zero device.
CSS-Exchange
Exchange Server support tools and scripts
dnSpy
.NET debugger and assembly editor
mass_triage_tools
Mass Triage Tools
MFASweep
A tool for checking if MFA is enabled on multiple Microsoft Services
onedrive_user_enum
pentest tool to enumerate valid onedrive users
Responder
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
ScareCrow
ScareCrow - Payload creation framework designed around EDR bypass.
SharpWMI
SharpWMI is a C# implementation of various WMI functionality.
velociraptor
Digging Deeper....
WIN-FOR
Windows Forensics Environment Builder