DFIR LABS - A compilation of challenges that aims to provide practice in simple to advanced concepts in the following topics: Digital Forensics, Incident Response, Malware Analysis and Threat Hunting.

Hardcore Debugging

A toolset to make a system look as if it was the victim of an APT attack

.NET deobfuscator and unpacker.

Wireshark dissector for Smartloader malware

Version 2 of the Graphical Realism Framework for Industrial Control Simulation (GRFICS)

A repository of credential stealer formats

🙈 Volkswagen detects when your tests are being run in a CI server, and makes them pass.

AWS Attack Path Management Tool - Walking on the Moon

Automation for internal Windows Penetrationtest / AD-Security

Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!

Pentesting cheatsheet with all the commands I learned during my learning journey. Will try to to keep it up-to-date.

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Pers…

RedGuard is a C2 front flow control tool,Can avoid Blue Teams,AVs,EDRs check.

A resource containing all the tools each ransomware gangs uses

Open Dataset of Cobalt Strike Beacon metadata (2018-2022)

Moriarty is designed to enumerate missing KBs, detect various vulnerabilities, and suggest potential exploits for Privilege Escalation in Windows environments.

A GUI and CLI tool for removing bloat from executables

Example code samples from our ScriptBlock Smuggling Blog post

Using Discord as a C2 - Proof of Concept

Powershell script deobfuscation using AST in Python

smbclient-ng, a fast and user friendly way to interact with SMB shares.

A centralized and enhanced memory analysis platform

This repo contains some Amsi Bypass methods i found on different Blog Posts.

HappyCamper is a Proof-of-Concept (PoC) tool designed for system administrators to enhance the security of Living off the Land Binaries (LoLBins) within enterprise environments

PoC for using MS Windows printers for persistence / command and control via Internet Printing