Ricardo Dias's starred repositories
SharpCollection
Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.
Sentinel-Queries
Collection of KQL queries
tiny_tracer
A Pin Tool for tracing API calls etc
SharpBlock
A method of bypassing EDR's active projection DLL's by preventing entry point exection
TangledWinExec
PoCs and tools for investigation of Windows process execution techniques
awesome-detection-engineering
Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.
Generate-Macro
This Powershell script will generate a malicious Microsoft Office document with a specified payload and persistence method.
HijackLibs
Project for tracking publicly disclosed DLL Hijacking opportunities.
programming-for-kids
book for parents and kids.
ProcMonXv2
Process Monitor X v2
RefleXXion
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.
OffensiveAutoIt
Offensive tooling notes and experiments in AutoIt v3 (https://www.autoitscript.com/site/autoit/)
WindowsPrivilegeEscalation
Collection of Windows Privilege Escalation (Analyse/PoC/Exp...)
AH2021Workshop
Malware development for red teaming workshop
AutonomousThreatSweeper
Threat Hunting queries for various attacks
TheDefendersGuide
The Github project for The Defender's Guide by Luke Paine and Jonathan Johnson
ControlCompass.github.io
Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques
sensor-mappings-to-attack
Sensor Mappings to ATT&CK is a collection of resources to assist cyber defenders with understanding which sensors and events can help detect real-world adversary behaviors in their environments.
invoke-atomic-attire-logger
ATTiRe logging for Invoke-Atomicredteam