purpleteam

There are 16 repositories under purpleteam topic.

• LOLBAS-Project / LOLBAS

  Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

  lolbinslolscriptsredteamblueteampurpleteamdfirliving-off-the-land
  Language:XSLT 6632
• HackTools

  LasCC / HackTools

  The all-in-one browser extension for offensive security professionals 🛠

  bug-bountycheatsheetchrome-extensionfirefox-addonhackhack-toolshackbarhackinghackingtoolshacktoolsmetasploitmsfvenompayloadspurpleteamredteamreverse-shellweb-pentestersxss-payloads
  Language:TypeScript 5478

• api0cradle / UltimateAppLockerByPassList

  The goal of this repository is to document the most common techniques to bypass AppLocker.

  applockerbypassawlrulesredteamblueteampurpleteam
  Language:PowerShell 1817

• api0cradle / LOLBAS

  Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

  lolbinslolscriptsredteamblueteampurpleteamdfirliving-off-the-land
  Language:XSLT 1582

• ahmedkhlief / APT-Hunter

  APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

  threat-huntingpurpleteampython3windows-eventlogapt-attacksincident-responseforensic-analysiswindows-event-logs
  Language:Python 1156

• cyb3rxp / awesome-soc

  A collection of sources of documentation, as well as field best practices, to build/run a SOC

  certcsirtdetectionsocsiemsirpsoasoartiparchitectureincident-responsemanagementmitre-attackpurpleteamrisk-managementttp
  1031
• PlumHound

  PlumHound / PlumHound

  Bloodhound for Blue and Purple Teams

  activedirectoryblueteampurpleteambloodhoundbloodhoundadinfosecactive-directorybloodhoundad-cypher-queriespurple-teamsplumhound-tasksbloodhoundad-pathfinding-engineneo4jbluehoundattack-pathsactivedirectorycypher-queryredteamreporting-tool
  Language:Python 1022

• FalconForceTeam / FalconFriday

  Hunting queries and detections

  kqlblueteamhuntingpurpleteamsentineldefender-atpdefender-for-endpoint
  657

• ch33r10 / EnterprisePurpleTeaming

  Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study by Xena Olsen.

  adversaryadversary-emulationadversary-simulationadversaryemulationpurple-teampurpleteamred-teamredteam
  621

• bluecapesecurity / PWF

  Practical Windows Forensics Training

  cybersecurityforensicsblueteampurpleteam
  Language:PowerShell 546

• scythe-io / purple-team-exercise-framework

  Purple Team Exercise Framework

  ptefpurpleteamexerciseframeworkadversaryemulationpurpleteamredteamblueteamadversarysimulation
  542

• iknowjason / PurpleCloud

  A little tool to play with Azure Identity - Azure Active Directory lab creation tool

  azurepentestpurpleteamsiemdfirdfir-automationazure-lab
  Language:Python 479
• GoodHound

  idnahacks / GoodHound

  Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.

  active-directoryactivedirectorybloodhoundblueteamcybersecurityneo4jpurpleteampy2neopythonpython3redteam
  Language:Python 439
• slack-watchman

  PaperMtn / slack-watchman

  Slack enumeration and exposed secrets detection tool

  blueteamblue-teamcybersecurityinfosecslacktoolsredteamred-teampurpleteampurple-teamslack-apislack-workspacesmonitoring
  Language:Python 290

• DefensiveOrigins / AtomicPurpleTeam

  Atomic Purple Team Framework and Lifecycle

  purpleteamhuntingattackattack-defenseattack-detectionlifecycle-managementlifecyclefamework
  272

• Ziconius / FudgeC2

  FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.

  powershellsecurity-toolssecuritycommand-and-controlc2python3redteamreadteamingpurpleteamimplantcybersecurityoffensive-securitypost-exploitation
  Language:Python 245

• Viralmaniar / Remote-Desktop-Caching-

  This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

  blueteamredteamhackinginternal-pentestpenetration-testingredteamingforensicsforensics-investigationsforensic-analysisinfrastructure-monitoringblue-teamhacking-toolshacking-attack-toolspurpleteam
  Language:Python 210
• awesome-lists

  mthcht / awesome-lists

  Security lists for SOC detections

  blueteamhacktoolskeywordslistoffensive-securitypurpleteamredteamsecuritysocawesomeawesome-listawesome-listsctiiocmispopen-source
  Language:PowerShell 206

• AnLoMinus / Diablo

  Diablo ~ Hacking / Pentesting & Reporting

  diablohackingpentestingreportingscanningblueteampurpleteamredteamreporterportscanportscanner
  Language:Shell 190
• gitlab-watchman

  PaperMtn / gitlab-watchman

  Finding exposed secrets and personal data in GitLab

  blueteamblue-teamcybersecurityinfosecgitlabtoolsredteamred-teamgitlab-watchmanpurpleteampurple-teamgitlab-apimonitoringdlpdata-loss-prevention
  Language:Python 188
• Atomic-Red-Team-Intelligence-C2

  blackbotsecurity / Atomic-Red-Team-Intelligence-C2

  ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabilities via .NET's DLR.

  redteamdotnetcsharppython3red-teamsoffensive-securitypost-exploitationmitre-attackpowershell-scriptspurpleteampurple-team
  Language:Python 165

• DefensiveOrigins / APT-Lab-Terraform

  Purple Teaming Attack & Hunt Lab - Terraform

  terraformazurepurpleteamlabs
  Language:HCL 156

• TH3xACE / EDR-Test

  Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team].

  aggressor-scriptscobalt-strikecobaltstrikeedrpurple-teampurpleteammitre-attack
  143
• Purpleteam

  mthcht / Purpleteam

  Purpleteam scripts simulation & Detection - trigger events for SOC detections

  blueteamdetectionlinuxmitre-attackoffensive-scriptspurpleteamredteamsecuritysiemsimulationsoctacticstechniqueswindowsawesomeawesome-listiocthreat-huntingthreathuntingdetection-engineering
  Language:PowerShell 123

• iknowjason / BlueCloud

  Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.

  cyberrangecyber-rangeedr-testingpentestingblue-teamdfir-automationdfirpurpleteam
  Language:HTML 120

• purpleteam-labs / purpleteam

  CLI component of OWASP PurpleTeam

  security-regression-testingapplication-securitycloud-securitybuild-toolcipurpleteamcliweb-securitydevsecopsdevsecops-pipelinesecurity-testinghacktoberfest
  Language:JavaScript 113

• Viralmaniar / MurMurHash

  This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

  redteamblueteamphishingphishing-detectioncybersecurityinfosecsecurity-toolsredteamingthreathuntingthreat-intelligencethreatintelthreatintelligenceproactive-securitymurmurhashmurmurhash3blueteamingpurpleteam
  Language:Python 111

• cr0nx / awesome-linux-attack-forensics-purplelabs

  This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.

  attack-defenseblueteamdetectiondfirinjectionlinuxpurplelabspurpleteamredteamrootkit
  108

• jwillyamz / ezEmu

  See adversary, do adversary: Simple execution of commands for defensive tuning/research (now with more ELF on the shelf)

  purpleteamadversary-emulationsecurity-testinglinux-securitymitre-attack
  Language:C# 102
• NIST-to-Tech

  mikeprivette / NIST-to-Tech

  An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

  nist-cybersecurity-frameworkcybersecuritynistnist-csfblueteamredteampurpleteamcyber-securitycyber-security-teamnist800-53pentestingpentesting-toolspentestinfosecinfosec-approvedinfosec-referencenetsecnetsec-toolsnetsecurityvulnerability
  102

• ziesemer / ad-privileged-audit

  Provides various Windows Server Active Directory (AD) security-focused reports.

  securitysecurity-auditsecurity-auditing-toolactive-directorypowershellsecurity-hardeningsystem-hardeningcybersecurityforensicsauditingsecurity-toolsblueteamreporting-toolinformation-gatheringaccount-managementdfirpurpleteamrisk-assessment
  Language:PowerShell 81

• netsecurity-as / recon365

  Gather information from an email address connected to Office 365

  active-directoryblueteamcybersecurityo365-securityosintpurpleteamreconredteam
  Language:Python 78

• Sam0x90 / CTI

  Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on

  adversary-emulationadversary-simulationctipurpleteamthreat-intelligence
  Language:PowerShell 75

• MrM8BRH / CRLJ

  The repository is a valuable resource for individuals looking to enhance their knowledge and skills in cybersecurity. It provides in-depth materials and guides for various cybersecurity domains.

  blueteamcybersecuritycybersecurity-educationcybersecurity-resourcesddoshackingmrm8brhosintpenetration-testingpurpleteamredteamroadmapsoc-analyst
  64
• github-watchman

  PaperMtn / github-watchman

  Monitoring GitHub for sensitive data shared publicly

  blueteamblue-teamcybersecurityinfosecgithubtoolsredteamred-teampurpleteampurple-teamgithub-apimonitoringdlpdata-loss-prevention
  Language:Python 64
• adversarial-threat-modelling

  ssnkhan / adversarial-threat-modelling

  Supporting material for my presentation "Adversarial Threat Modelling — A Practical Approach to Purple Teaming in the Enterprise"

  threat-intelligencemitre-attackpurpleteamadversary-emulationadversary-simulationctiredteamblueteam
  Language:Shell 49