Nairuz.Abulhul's starred repositories
pentest-scripts-2
More miscellaneous, one-off scripts I created while red-teaming and pentesting.
Bloodhound-Custom-Queries
Custom Query list for the Bloodhound GUI based off my cheatsheet
Red-Team-Infrastructure-Wiki
Wiki to collect Red Team infrastructure hardening resources
offensive-bookmarks
A collection of bookmarks for penetration testers, bug bounty hunters, malware developers, reverse engineers and anyone who is just interested in infosec topics.
thewhiteh4t.github.io
thewhiteh4t's Blog
Supp-truder
Supertruder but better
Red-Teaming-Toolkit
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
pingcastle
PingCastle - Get Active Directory Security at 80% in 20% of the time
pentest-checklist
An accurated list of things to test while pentesting
RedTeam-OffensiveSecurity
Tools & Interesting Things for RedTeam Ops
TREVORspray
TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!
exchange-penetration-testing
The great Microsoft exchange hack: A penetration tester’s guide (exchange penetration testing)
TCM-Security-Sample-Pentest-Report
Sample pentest report provided by TCM Security
security-study-plan
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
Today-I-Learnt
Here I track my learnings! ✍🏻 📚
ActiveDirectoryLab
A walkthrough on how I set up Microsoft Server 2019 on a Virtual Machine to run Active Directory on it. I then configure a Domain Controller that will allow me to run a domain. After that I ran a Powershell script to create over 1000 users in Active Directory and log into those newly created accounts on another client that uses the domain I set up to connect to the internet. This lab simulates a business environment.
DomainPasswordSpray
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!
BadBlood
BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
PSAttack-1
A portable console aimed at making pentesting with PowerShell a little easier.