pawnmuncher's repositories
ligolo_sstuff
My ligolo hacks
ADenum
AD Enum is a pentesting tool that allows to find misconfiguration through the the protocol LDAP and exploit some of those weaknesses with kerberos.
adx-automotive-demos
Demos
Azure-Network-Security
Resources for improving Customer Experience with Azure Network Security
AzureAD-Attack-Defense
This publication is a collection of various common attack scenarios on Azure Active Directory and how they can be mitigated or detected.
azureOutlookC2
Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Microsoft Graph API for C2 Operations.
certsync
Dump NTDS with golden certificates and UnPAC the hash
CloudFlair
🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
cloudflare-origin-ip
Try to find the origin IP of a webapp protected by Cloudflare.
CVE-2022-47966-Scan
Python scanner for CVE-2022-47966. Supports ~10 of the 24 affected products.
decider
A web application that assists network defenders, analysts, and researcher in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.
docker-fundamentals
Course Assets for https://learn.cantrill.io/p/docker-fundamentals/
Hunting-Queries-Detection-Rules
Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
kali-ansible-setup
Ansible playbook top setup a Kali VM as per my customizations
MAAD-AF
MAAD Attack Framework - An attack tool for simple, fast & effective security testing of M365 & Azure AD.
malicious-pdf
đź’€ Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
PentestGPT
A GPT-empowered penetration testing tool
red-team-scripts
A collection of red teaming and adversary emulation related tools, scripts, techniques, notes, etc
review-checklists
This repo contains code and examples to operationalize spreadsheet-based checklists that can be used for Azure design reviews on multiple technologies.
ScubaGear
Automation to assess the state of your M365 tenant against CISA's baselines
stringsifter
A machine learning tool that ranks strings based on their relevance for malware analysis.
trojan-source
Trojan Source: Invisible Vulnerabilities
wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.