purpleteam

There are 18 repositories under purpleteam topic.

LOLBAS-Project / LOLBAS
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
blueteam dfir living-off-the-land lolbins lolscripts purpleteam redteam
Language:XSLT 8100
HackTools
LasCC / HackTools
The all-in-one browser extension for offensive security professionals 🛠
reverse-shell hacking hack-tools chrome-extension firefox-addon hacktools payloads xss-payloads web-pentesters hack msfvenom metasploit hackbar cheatsheet purpleteam redteam bug-bounty hackingtools
Language:TypeScript 6386
api0cradle / UltimateAppLockerByPassList
The goal of this repository is to document the most common techniques to bypass AppLocker.
applocker bypass awl rules redteam blueteam purpleteam
Language:PowerShell 2021
api0cradle / LOLBAS
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
blueteam dfir living-off-the-land lolbins lolscripts purpleteam redteam
Language:XSLT 1611
cyb3rxp / awesome-soc
A collection of sources of documentation, as well as field best practices, to build/run a SOC
architecture cert csirt detection incident-response management mitre-attack purpleteam risk-management siem sirp soa soar soc tip ttp
1547
ahmedkhlief / APT-Hunter
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
apt-attacks forensic-analysis incident-response purpleteam python3 threat-hunting windows-event-logs windows-eventlog
Language:Python 1388
PlumHound
PlumHound / PlumHound
Bloodhound Reporting for Blue and Purple Teams
active active-directory activedirectory attack-paths bloodhound bloodhoundad bloodhoundad-cypher-queries bloodhoundad-pathfinding-engine bluehound blueteam cypher-query directory infosec neo4j penetration-testing plumhound-tasks purple-teams purpleteam redteam reporting-tool
Language:Python 1241
FalconForceTeam / FalconFriday
Hunting queries and detections
blueteam defender-atp defender-for-endpoint hunting kql purpleteam sentinel
842
scythe-io / purple-team-exercise-framework
Purple Team Exercise Framework
adversaryemulation adversarysimulation blueteam ptef purpleteam purpleteamexerciseframework redteam
738
bluecapesecurity / PWF
Practical Windows Forensics Training
blueteam cybersecurity forensics purpleteam
Language:PowerShell 693
ch33r10 / EnterprisePurpleTeaming
Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study by Xena Olsen.
adversary adversary-emulation adversary-simulation adversaryemulation purple-team purpleteam red-team redteam
667
iknowjason / PurpleCloud
A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4
azure azure-lab dfir dfir-automation pentest purpleteam siem
Language:Python 604
GoodHound
idnahacks / GoodHound
Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.
active-directory activedirectory bloodhound neo4j py2neo python3 blueteam redteam purpleteam cybersecurity python
Language:Python 476
slack-watchman
PaperMtn / slack-watchman
Slack enumeration and exposed secrets detection tool
blueteam blue-team cybersecurity infosec slack tools redteam red-team purpleteam purple-team slack-api slack-workspaces monitoring
Language:Python 392
cr0nx / awesome-linux-attack-forensics-purplelabs
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
attack-defense blueteam detection dfir injection linux purpleteam redteam rootkit purplelabs
328
DefensiveOrigins / AtomicPurpleTeam
Atomic Purple Team Framework and Lifecycle
purpleteam hunting attack attack-defense attack-detection lifecycle-management lifecycle famework
298
Ziconius / FudgeC2
FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.
powershell security-tools security command-and-control c2 python3 redteam readteaming purpleteam implant cybersecurity offensive-security post-exploitation
Language:Python 256
AnLoMinus / Diablo
Diablo ~ Hacking / Pentesting & Reporting
diablo hacking pentesting reporting scanning blueteam purpleteam redteam reporter portscan portscanner
Language:Shell 244
Viralmaniar / Remote-Desktop-Caching-
This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.
blueteam redteam hacking internal-pentest penetration-testing redteaming forensics forensics-investigations forensic-analysis infrastructure-monitoring blue-team hacking-tools hacking-attack-tools purpleteam
Language:Python 222
DarkSpaceSecurity / RunAs-Stealer
RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging
blueteam hacking hacking-tool malware malware-analysis malware-development malware-research pentesting pentesting-tools purpleteam redteam
Language:C++ 203
gitlab-watchman
PaperMtn / gitlab-watchman
Finding exposed secrets and personal data in GitLab
blueteam blue-team cybersecurity infosec gitlab tools redteam red-team gitlab-watchman purpleteam purple-team gitlab-api monitoring dlp data-loss-prevention
Language:Python 202
Purpleteam
mthcht / Purpleteam
Purpleteam scripts simulation & Detection - trigger events for SOC detections
blueteam detection linux mitre-attack offensive-scripts purpleteam redteam security siem simulation soc tactics techniques windows awesome awesome-list ioc threat-hunting threathunting detection-engineering
Language:PowerShell 191
Atomic-Red-Team-C2
darmado / Atomic-Red-Team-C2
ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabilities via .NET's DLR.
redteam dotnet csharp python3 red-teams offensive-security post-exploitation mitre-attack powershell-scripts purpleteam purple-team
Language:Python 177
DefensiveOrigins / APT-Lab-Terraform
Purple Teaming Attack & Hunt Lab - Terraform
terraform azure purpleteam labs
Language:HCL 161
TH3xACE / EDR-Test
Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team].
aggressor-scripts cobalt-strike cobaltstrike edr purple-team purpleteam mitre-attack
157
iknowjason / BlueCloud
Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.
blue-team cyber-range cyberrange dfir dfir-automation edr-testing pentesting purpleteam
Language:HTML 137
purpleteam-labs / purpleteam
CLI component of OWASP PurpleTeam
application-security build-tool ci cli cloud-security devsecops devsecops-pipeline hacktoberfest purpleteam security-regression-testing security-testing web-security
Language:JavaScript 131
DarkSpaceSecurity / SpyAI
Intelligent Malware that takes screenshots for entire monitors and exfiltrate them through Trusted Channel Slack to the C2 server that's using GPT-4 Vision to analyze them and construct daily activity — frame by frame
ai blueteam hacking hacking-tool hackingtool malware purpleteam redteam redteam-tools redteaming redteamtool
Language:C++ 126
NIST-to-Tech
mikeprivette / NIST-to-Tech
An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)
nist-cybersecurity-framework cybersecurity nist nist-csf blueteam redteam purpleteam cyber-security cyber-security-team nist800-53 pentesting pentesting-tools pentest infosec infosec-approved infosec-reference netsec netsec-tools netsecurity vulnerability
126
Viralmaniar / MurMurHash
This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.
redteam blueteam phishing phishing-detection cybersecurity infosec security-tools redteaming threathunting threat-intelligence threatintel threatintelligence proactive-security murmurhash murmurhash3 blueteaming purpleteam
Language:Python 118
MrM8BRH / CRLJ
The repository is a valuable resource for individuals looking to enhance their knowledge and skills in cybersecurity. It provides in-depth materials and guides for various cybersecurity domains.
blueteam cybersecurity cybersecurity-education cybersecurity-resources ddos hacking mrm8brh osint penetration-testing purpleteam redteam roadmap soc-analyst
113
CroodSolutions / AutoPwnKey
AutoPwnKey is a red teaming framework and testing tool using AutoHotKey (AHK), which at the time of creation proves to be quite evasive. It is our hope that this tool will be useful to red teams over the short term, while over the long term help AV/EDR vendors improve how they handle AHK scripts.
ahk ahk-script attack-simulation av-bypass av-evasion edr-bypass edr-evasion evasion-techniques exploit-code exploit-development exploitation-framework purple-team purpleteam
Language:AutoHotkey 108
jwillyamz / ezEmu
See adversary, do adversary: Simple execution of commands for defensive tuning/research (now with more ELF on the shelf)
purpleteam adversary-emulation security-testing linux-security mitre-attack
Language:C# 104
ziesemer / ad-privileged-audit
Provides various Windows Server Active Directory (AD) security-focused reports.
account-management active-directory auditing blueteam cybersecurity dfir forensics information-gathering powershell purpleteam reporting-tool risk-assessment security security-audit security-auditing-tool security-hardening security-tools system-hardening
Language:PowerShell 104
RootUp / SmuggleShield
Protection against HTML smuggling attacks.
blueteam purpleteam redteam security htmlsmuggling
Language:JavaScript 99
tidalcyber / cyber-threat-profiling
A library of reference materials, tools, and other resources to aid threat profiling, threat quantification, and cyber adversary defense
adversarial-attacks cybersecurity purpleteam ransomware risk threat-intelligence threat-modeling
98

purpleteam

LOLBAS-Project / LOLBAS

LasCC / HackTools

api0cradle / UltimateAppLockerByPassList

api0cradle / LOLBAS

cyb3rxp / awesome-soc

ahmedkhlief / APT-Hunter

PlumHound / PlumHound

FalconForceTeam / FalconFriday

scythe-io / purple-team-exercise-framework

bluecapesecurity / PWF

ch33r10 / EnterprisePurpleTeaming

iknowjason / PurpleCloud

idnahacks / GoodHound

PaperMtn / slack-watchman

cr0nx / awesome-linux-attack-forensics-purplelabs

DefensiveOrigins / AtomicPurpleTeam

Ziconius / FudgeC2

AnLoMinus / Diablo

Viralmaniar / Remote-Desktop-Caching-

DarkSpaceSecurity / RunAs-Stealer

PaperMtn / gitlab-watchman

mthcht / Purpleteam

darmado / Atomic-Red-Team-C2

DefensiveOrigins / APT-Lab-Terraform

TH3xACE / EDR-Test

iknowjason / BlueCloud

purpleteam-labs / purpleteam

DarkSpaceSecurity / SpyAI

mikeprivette / NIST-to-Tech

Viralmaniar / MurMurHash

MrM8BRH / CRLJ

CroodSolutions / AutoPwnKey

jwillyamz / ezEmu

ziesemer / ad-privileged-audit

RootUp / SmuggleShield

tidalcyber / cyber-threat-profiling