mr-r3b00t

CVE-2023-3519

GoDark

Go Dark

KQL

This is for my crappy (but hopefully useful) MDE and Sentinel KQL queries! #KQLThePlanet

3cx_march_2023

badusernames

msft_abuse_report

common_cisco_vpn_usernames

Terminator-1

Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes

windows-ssh-backdoor

windows ssh backdoor requires local admin

b3_conti

A crappy batch file to simulate a human operator doing on box enum (windows) via cmd exec

CVE-2023-20198-IOS-XE-Scanner

nuke_azure

Remove all resources from azure except ones with *shell* in their name

shell-backdoor

all shell backdoor in the world

actions_on_target

Action on target fun

download_hibp

maltrail

Malicious traffic detection system

set_domain_computer_owner

Powershell to set the domain computer owner to "Domain Admins"

TakeMyRDP2.0

An updated version of keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing it to record keystrokes in certain contexts (like in mstsc.exe and CredentialUIBroker.exe)

zerotier-kali

ZoomOff

Blocklists from zooms site

aurora_astealer_c2_ips

baddies infra

enum_esxi_build_number

fortinet_multiple_dhcp_pools_for_one_interface

get-ual

inhaler

Hashes plaintext passwords

MsgKit

A .NET library to make MSG files without the need for Outlook

parrot

Like a canary but a parrot :P

scout

turla

win_security_log_parse

get the ip address from security failure events