Optiv Source Zero

ScareCrow

ScareCrow - Payload creation framework designed around EDR bypass.

Freeze

Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods

Mangle

Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs

Ivy

Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environment to load, decrypt and execute shellcode.

Freeze.rs

Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST

Go365

An Office365 User Attack Tool

Talon

A password guessing tool that targets the Kerberos and LDAP services within the Windows Active Directory environment.

mobile-nuclei-templates

Registry-Recon

Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon

Dent

A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.

InsecureShop

An Intentionally designed Vulnerable Android Application built in Kotlin.

OSINT_Encyclopedia

Your go-to resource for all things OSINT

Microsoft365_devicePhish

A proof-of-concept script to conduct a phishing attack abusing Microsoft 365 OAuth Authorization Flow

blemon

Universal BLE Monitoring with Frida (or Objection)

rest-api-goat

KnockKnock

Enumerate valid users within Microsoft Teams and OneDrive with clean output.

rustyIron

rustyIron is a tool that takes advantage of functionality within Ivanti's MobileIron MDM solution to perform single-factor authentication attacks. rustyIron can locate the MobileIron MDM authentication endpoint, validate the authentication strategy of the environment, perform user enumeration, brute-force registration PIN values, and perform single-factor authentication attacks.

airCross

airCross is a tool that takes advantage of API functionality within VMWare's AirWatch MDM solution to perform single-factor authentication attacks. airCross can locate AirWatch authentication endpoint, validate the authentication strategy of the environment, collect GroupID authentication values, conduct single-factor authentication, and perform user enumeration, in some instances.

CVE-2020-15931

Netwrix Account Lockout Examiner 4.1 Domain Admin Account Credential Disclosure Vulnerability

BadOutlook

(kinda) Malicious Outlook Reader

nvdsearch

A National Vulnerability Database (NVD) API query tool

doppelganger

Doppelgänger is firmware that runs on ESP32 devices that can be embedded within commercially available RFID readers with the intent of capturing access control card data while performing physical security assessments. Doppelgänger keeps the operator's ease of access, maintenance, and operational communications in mind.

evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Yara-Rules

showSSID

VisualLockPickingWorkstation

The Visual Lock Picking Workstation is a Raspberry Pi enclosure which makes it possible to capture live video from a cutaway lock. It is intended as an instructional device which can be used to display the inner workings of a lock while teaching lock picking.

warmap-go

pyautoaws

Simple Python wrapper for Terraform/Ansible to build AWS resources

pre2k

Netskope-Terraform-Examples

Sample Terraform Files to deploy, and manage Netskope private access publishers and applications