Sergey Senin's repositories
shadow_storage
Secure store files on USB disk
adalanche
Active Directory ACL Visualizer - who's really Domain Admin?
ADCSPwn
A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.
ADHuntTool
official repo for the AdHuntTool (part of the old RedTeamCSharpScripts repo)
aesedb
async parser for JET
al-khaser
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
Azure-Sentinel
Cloud-native SIEM for intelligent security analytics for your entire enterprise.
azureOutlookC2
Azure Outlook Command & Control. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP = Abuse Microsoft Graph API for C2 Operations.
community-threats
The largest, public library of adversary emulation plans in JSON. A place to share custom SCYTHE threats with the community. #ThreatThursday
EDD
Enumerate Domain Data
exo
A process manager & log viewer for dev
HandleKatz
PIC lsass dumper using cloned handles
HOLLOW
EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode
ImproHound
Identify the attack paths in BloodHound breaking your AD tiering
Inveigh
.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
iocs
Indicators from Unit 42 Public Reports
ItWasAllADream
A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE
PowerShell-1
A series of scripts
PrintNightmare-LPE
CVE-2021-1675 (PrintNightmare)
PurpleSharp
PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
pypykatz
Mimikatz implementation in pure Python
pywhisker
Python version of the C# tool for "Shadow Credentials" attacks
SharpRDPHijack
A POC Remote Desktop (RDP) session hijack utility for disconnected sessions
TeamViewer_Forensics
A series of functions to parse Teamviewer logs to answer specific questions
ThreadStackSpoofer
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
veeam-creds
Python script to emulate vSsphere responses to retrieve stored passwords from weeam
win10script
This is the Ultimate Windows 10 Script from a creation from multiple debloat scripts and gists from github.
Windows10Debloater
Script to remove Windows 10 bloatware.