Abusing Intune for Lateral Movement over C2

Generate test data that is not only realistic but also contextually meaningful

system call hook for Linux

BloodHound Attack Research Kit

Halberd : Multi-Cloud Attack Tool

Simulate DragonForce Ransomware with AtomicRedTeam

Docker container for running CobaltStrike 4.10

Process dumper wrote in rust.

LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. This project gathers procedural examples from public reports …

Presentations from Conferences

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

Building environments to replicate small networks and deploy applications

An encyclopedia for offensive and defensive security knowledge in cloud native technologies.

Scripts to interact with Microsoft Graph APIs

This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.

Remove all resources from an Azure Tenant and it's Subscriptions.

C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps

Automated .NET AppDomain hijack payload generation

REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.

Hunting queries and detections

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

iOS Logs, Events, And Plist Parser

Import custom queries into BloodHound CE from a legacy BloodHound JSON file.

An Ansible Role that installs Bloodhound CE on a Debian based system.

Azure mindmap for penetration tests

Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI