Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advanced techniques to dump memory, allowing to access sensitive da…

This repo contains my pentesting template that I have used in PWK and for current assessments. The template has been formatted to be used in Obsidian

The only tool/technique to punch holes through firewalls/NATs where multiple clients & server can be behind separate NATs without any 3rd party involvement. Pwnat is a newly developed technique, ex…

A resource containing all the tools each ransomware gangs uses

Open source templates you can use to bootstrap your security programs

Azure Governance Visualizer aka AzGovViz is a PowerShell script that captures Azure Governance related information such as Azure Policy, RBAC (a lot more) by polling Azure ARM, Storage and Microsof…

Azure Security Resources and Notes

Damn Vulnerable Restaurant is an intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethical hackers and security engineers.

Table of AD and Azure assets and whether they belong to Tier Zero

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

An Archive of Ransomware Notes Past and Present Collected by Zscaler ThreatLabz

A collection of resources, tools and more for penetration testing and securing Microsofts cloud platform Azure.

Lateral Movement

A Post-exploitation Toolset for Interacting with the Microsoft Graph API

A collection of awesome penetration testing resources, tools and other shiny things

RedCloudOS is a Cloud Adversary Simulation Operating System for Red Teams to assess the Cloud Security of Leading Cloud Service Providers (CSPs)

A fork of the great TokenTactics with support for CAE and token endpoint v2

Generate graphs and charts based on password cracking result

ChatGPT queries via OpenAI API in your terminal

A project created with an aim to emulate and test exfiltration of data over different network protocols.

Miscellaneous scripts for pentesting

More examples using the Impacket library designed for learning purposes.

A collection of awesome security hardening guides, tools and other resources

Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS

Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR

Rule for hashcat or john. Aiming to crack how people generate their password

The Microsoft Defender for Office 365 Recommended Configuration Analyzer (ORCA)

A C# utility for interacting with SCCM