pawnmuncher

ligolo_sstuff

My ligolo hacks

IntelOwl

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

linWinPwn

linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks

pawnmuncher.github.io

ADenum

AD Enum is a pentesting tool that allows to find misconfiguration through the the protocol LDAP and exploit some of those weaknesses with kerberos.

adx-automotive-demos

Demos

Azure-Network-Security

Resources for improving Customer Experience with Azure Network Security

AzureAD-Attack-Defense

This publication is a collection of various common attack scenarios on Azure Active Directory and how they can be mitigated or detected.

azureOutlookC2

Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Microsoft Graph API for C2 Operations.

certsync

Dump NTDS with golden certificates and UnPAC the hash

CloudFlair

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

cloudflare-origin-ip

Try to find the origin IP of a webapp protected by Cloudflare.

CVE-2022-47966-Scan

Python scanner for CVE-2022-47966. Supports ~10 of the 24 affected products.

decider

A web application that assists network defenders, analysts, and researcher in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.

docker-fundamentals

Course Assets for https://learn.cantrill.io/p/docker-fundamentals/

Hunting-Queries-Detection-Rules

Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

kali-ansible-setup

Ansible playbook top setup a Kali VM as per my customizations

MAAD-AF

MAAD Attack Framework - An attack tool for simple, fast & effective security testing of M365 & Azure AD.

malicious-pdf

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

mcrit

mqttToKusto

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

PentestGPT

A GPT-empowered penetration testing tool

pwnspoof

red-team-scripts

A collection of red teaming and adversary emulation related tools, scripts, techniques, notes, etc

review-checklists

This repo contains code and examples to operationalize spreadsheet-based checklists that can be used for Azure design reviews on multiple technologies.

ScubaGear

Automation to assess the state of your M365 tenant against CISA's baselines

stringsifter

A machine learning tool that ranks strings based on their relevance for malware analysis.

trojan-source

Trojan Source: Invisible Vulnerabilities

wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.