hxnoyd

Ricardo Dias's starred repositories

traitor

:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

Language:GoMIT6633 125 42

SharpCollection

Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.

2267 36 33

hayabusa

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Language:RustGPL-3.02222 42 622

nanodump

The swiss army knife of LSASS dumping

Language:CMIT1754 31 28

Phant0m

Windows Event Log Killer

Language:C1751 61 11

tiny_tracer

A Pin Tool for tracing API calls etc

Language:C++1280 40 39

SharpBlock

A method of bypassing EDR's active projection DLL's by preventing entry point exection

Language:C#1104 20 10

TangledWinExec

PoCs and tools for investigation of Windows process execution techniques

Language:C#BSD-3-Clause871 21 3

Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.

CC0-1.0811 270

Generate-Macro

This Powershell script will generate a malicious Microsoft Office document with a specified payload and persistence method.

Language:PowerShell669 47 15

HijackLibs

Project for tracking publicly disclosed DLL Hijacking opportunities.

GPL-3.0657 19 15

programming-for-kids

book for parents and kids.

Language:PythonNOASSERTION594 15 9

ProcMonXv2

Process Monitor X v2

Language:C++MIT579 25 8

RefleXXion

RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.

Language:C++480 70

flare

An analytical framework for network traffic and behavioral analytics

Language:PythonMIT444 38 27

OffensiveAutoIt

Offensive tooling notes and experiments in AutoIt v3 (https://www.autoitscript.com/site/autoit/)

Language:AutoItBSD-2-Clause415 14 3

WindowsPrivilegeEscalation

Collection of Windows Privilege Escalation (Analyse/PoC/Exp...)

GPL-2.0304 100

AH2021Workshop

Malware development for red teaming workshop

Language:C#211 70

AutonomousThreatSweeper

Threat Hunting queries for various attacks

201 200

TheDefendersGuide

The Github project for The Defender's Guide by Luke Paine and Jonathan Johnson

142 100

ControlCompass.github.io

Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques

Language:JavaScriptMIT121 6 3

AIMOD2

Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proactively identify, engage and prevent cyber threats denying or mitigating potential damage to the organization.

Language:HTMLNOASSERTION84 3 10

MalwareMorphology

Language:C++75 20

log4j-poc

A Docker based LDAP RCE exploit demo for CVE-2021-44228 Log4Shell

Language:Java68 4 6

sensor-mappings-to-attack

Sensor Mappings to ATT&CK is a collection of resources to assist cyber defenders with understanding which sensors and events can help detect real-world adversary behaviors in their environments.

Language:PythonApache-2.045 53 1

ATTiRe

Attack Tool Timing and Reporting - Structured Attack Logging Format

MIT21 6 2

Cloud-Security-Purple-Teaming

1200

invoke-atomic-attire-logger

ATTiRe logging for Invoke-Atomicredteam

Language:PowerShellMIT8 50

function-call-stacks

6 20