nasbench

MindMaps

#ThreatHunting #DFIR #Malware #Detection Mind Maps

C2-Matrix-Indicators

This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix

SEDR-Internals

Symantec EDR Internals

procmon-malware-analysis-filters

Repository containing malware analysis filters for the Windows SysInternals' - Process Monitor tool

Multi-Threaded-BruteForcer

A script that automates a brute-force attack on a login page

sedr-localdatastore-parser

Parser for Symantec EDR "localdatastore" folder

Encoder-Decoder

A python script that contains multiple functionalities (Hashing, Encoding/Decoding...etc.)

BigBountyRecon

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Creds

Some usefull Scripts and Executables for Pentest & Forensics

CTFs

CTF's Writeups

CVE-2019-19547

CVE-2019-19547​ POC

CVE-2020-12593

CVE-2020-12593 POC

CVE-2020-5839

CVE-2020-5839 POC

ManageEngine-Application-Manager-XSS-POC

ZOHO Manage Engine Application Manager - XSS POC

nasbench.github.io

pywintrace

ETW Python Library

winprocs.dfir.tips

Yara-Rules

BabyShark

Basic C2 Server

component-object-model-sample

Sample code for Component Object Model (COM) setup and registration.

GhostLoader

GhostLoader - AppDomainManager - Injection - 攻壳机动队

Http-Asynchronous-Reverse-Shell

[POC] Asynchronous reverse shell using the HTTP protocol.

MAL-CL

MAL-CL (Malicious Command-Line)

PoCSubjectInterfacePackage

A proof-of-concept subject interface package (SIP) used to demonstrate digital signature subversion attacks.

python-sdb

Pure Python parser for Application Compatibility Shim Databases (.sdb files)

trevorc2

TrevorC2 is a legitimate website (browsable) that tunnels client/server communications for covert command execution.

w32

A wrapper of windows apis for the Go Programming Language.