A Post-exploitation Toolset for Interacting with the Microsoft Graph API

This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.

Using 5 simultaneous bacon ciphers. The hidden message can be the same length as the cover text.

You found the home of the rizzkitties. Litter box is around the corner. Hiss for help.

Labs for Practical Malware Analysis & Triage

A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts to achieve AV evasion, compiled for educational purposes. The contents of this repository…

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel

Hunting queries and detections

The Artillery Project is an open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.

oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

Tools for simulating threats

Status: summoned and unleashed upon DEF CON 26

Work in Progress

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

Compilation of Resources from TCM's Windows Priv Esc Udemy Course

Security automation content in SCAP, Bash, Ansible, and other formats

A collection of PowerShell modules for interacting with the Shodan API. Includes modules for returning information about the API, client IP, DNS, exploits, honeypot scores, hosts, ports, profiles, …

24 Lessons, 12 Weeks, Get Started as a Web Developer

A list of public penetration test reports published by several consulting firms and academic security groups.

Small and highly portable detection tests based on MITRE's ATT&CK.

Scoring Engine for Red/White/Blue Team Competitions

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

Tools, techniques, cheat sheets, and other resources to assist those defending organizations and detecting adversaries

Windows Events Attack Samples

These are the labs for my Intro class. Yes, this is public. Yes, this is intentional.