rootsecdev's repositories
Azure-Red-Team
Azure Security Resources and Notes
Microsoft-Blue-Forest
Creating a hardened "Blue Forest" with Server 2016/2019 Domain Controllers
Presentations
Presentations from Conferences
CVE-2023-46604
Achieving a Reverse Shell Exploit for Apache ActiveMQ (CVE_2023-46604)
Powershell-Repository
Collection of useful powershell scripts
reverse_shells
Interesting Reverse Shell Repository
CTF_Exploits
Various Custom Scripts for CTF's
Anti-Virus-Evading-Payloads
During the exploitation phase of a pen test or ethical hacking engagement, you will ultimately need to try to cause code to run on target system computers. Whether accomplished by phishing emails, delivering a payload through an exploit, or social engineering, running code on target computers is part of most penetration tests. That means that you will need to be able to bypass antivirus software or other host-based protection for successful exploitation. The most effective way to avoid antivirus detection on your target's computers is to create your own customized backdoor. Here is a simple way to evade anti-virus software when creating backdoors!
DomainPasswordSpray
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!
EntraIDPasskeyHelper
PowerShell module to manage the Entra ID device-bound passkey feature
Evilginx2-Phishlets
Evilginx3 Phishlets version (0.2.3 & above) Only For Testing/Learning Purposes
GraphRunner
A Post-exploitation Toolset for Interacting with the Microsoft Graph API
Office365itpros
Office 365 for IT Pros PowerShell examples
PowerShell-Obfuscation-Bible
A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts to achieve AV evasion, compiled for educational purposes. The contents of this repository are the result of personal research, including reading materials online and conducting trial-and-error attempts in labs and pentests.
family-of-client-ids-research
Research into Undocumented Behavior of Azure AD Refresh Tokens
Kubernetes
Kubernetes Pentesting Repo
onedrive_user_enum
onedrive user enumeration - pentest tool to enumerate valid o365 users
Remove-StaleGuests
This script removes stale Azure AD Guest accounts.
TokenTactics
Azure JWT Token Manipulation Toolset