wawa's repositories
Active-Directory-Exploitation-Cheat-Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
artillery
The Artillery Project is an open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
attack-guardduty-navigator
A MITRE ATT&CK Navigator export for AWS GuardDuty Findings
CobaltStrike
CobaltStrike's source code
detection-rules
Collection of YARA-L 2.0 sample rules for the Chronicle Detection API
esper
Esper Complex Event Processing, Streaming SQL and Event Series Analysis
evtxtoelk
A lightweight tool to load Windows Event Log evtx files into Elasticsearch.
Godzilla
Godzilla source code
HealthChecker
Exchange Server Performance Health Checker Script
linux-observability-with-bpf
Code snippets from the O'Reilly book
LogonTracer
Investigate malicious Windows logon by visualizing and analyzing Windows event log
Malleable-C2-Profiles
Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x.
Microsoft-365-Defender-Hunting-Queries
Sample queries for Advanced hunting in Microsoft 365 Defender
nishang
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
nuclei
Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.
ODH
A chrome extension to show online dictionary content.
OSSEM
Open Source Security Events Metadata (OSSEM)
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
reverse-shell-generator
Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)
sec-dev-in-action-src
《白帽子安全开发实战》配套代码
SecCon-Framework
Security configuration is complex. With thousands of group policies available in Windows, choosing the “best” setting is difficult. It’s not always obvious which permutations of policies are required to implement a complete scenario, and there are often unintended consequences of some security lockdowns. The SECCON Baselines divide configuration into Productivity Devices and Privileged Access Workstations. This document will focus on Productivity Devices (SECCON 5, 4, and 3). Microsoft’s current guidance on Privileged Access Workstations can be found at http://aka.ms/cyberpaw and as part of the Securing Privileged Access roadmap found at http://aka.ms/privsec.
siembol
An open-source, real-time Security Information & Event Management tool based on big data technologies, providing a scalable, advanced security analytics framework.
SysmonCommunityGuide
TrustedSec Sysinternals Sysmon Community Guide
Talon
A password guessing tool that targets the Kerberos and LDAP services within the Windows Active Directory environment.
WatchAD
AD Security Intrusion Detection System
zbn
安全编排与自动化响应平台