Serverless AITM Simulation Framework for Entra ID and M365

A powerful Python library and CLI tool for parsing, analyzing, and manipulating YARA rules through Abstract Syntax Tree (AST) representation

The Hunt for Malicious Strings

Windows forensics Engine

A comprehensive list of all free email domain providers.

Yet Another Memory Analyzer for malware detection and Guarding Operations with YARA and SIGMA

A tool for exploring each layer in a docker image

Cloud Native Runtime Security

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and comprehensive network discovery. Export results as BloodHound‑…

Aralez is a triage tool for Windows and Linux that automates the collection of system information, network/process data, and files.

Windows FeatureUsage Analyzer: Extract and analyze Windows registry FeatureUsage artifacts for forensic investigation. Tracks app switching, Start Menu usage, search patterns, and user behavior wit…

Multilayered AV/EDR Evasion Framework

.NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS

A high-speed forensic timeline engine for Windows forensic artifact CSV output built for DFIR investigators. Quickly consolidate CSV output from processed triage evidence for Eric Zimmerman (EZ Too…

Rule Engine for Dynamic Malware Analysis and Research

Repository of Yara rules dedicated to Phishing Kits Zip files

SoaPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.

FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (ext4, XFS) journals (not systemd-journald logs), generates timelines, and detects suspicious activities.

psexecsvc - a python implementation of PSExec's native service implementation

MemProcFS

Virtual whiteboard for sketching hand-drawn like diagrams

This program is designed to demonstrate various process injection techniques

UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of U…

Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry

a tiny program to consume from ETW providers for research

A BloodHound collector for Microsoft Configuration Manager