Skip to content

bastill/Some_Pentesters_SecurityResearchers_RedTeamers

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 

Repository files navigation

Some_Pentesters_SecurityResearchers_RedTeamers

Special thanks to Peerlyst Community for mentioning me on the list (27_Influential_Penetration_Testers) but for me, "john" from Purple team [https://lnkd.in/eVfKuah] + these guys in below list are Influential Security Researchers/Pentesters/Red Teamers...

Note: in my opinion they have/had good researches & codes + videos (i learned a lot useful things from these guys), this is not all of them in my list & you can make your own list better than me ;D ...

Some_Pentesters_SecurityResearchers_RedTeamers

# [offensive] Nomi Sec , (PoC in GitHub) => https://github.com/nomi-sec/PoC-in-GitHub 
# [offensive] Amarjit Labhuram , (Malware Development C# workshop for AfricaHackon 2021) => https://github.com/chr0n1k/AH2021Workshop
+ [offensive] @bishopfox , (Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing) => https://github.com/BishopFox/sliver
! [defensive] LOLBAS-Project, (LOLBAS project is to document every binary, script & library that can be used for Living Off The Land techniques) => https://github.com/LOLBAS-Project/LOLBAS
+ [offensive] @0xrepnz , (APC Internals Research Code) => https://github.com/repnz/apc-research
+ [offensive] Nettitude , (PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming) => https://github.com/nettitude/PoshC2
+ [offensive] @waldoirc , (YouMayPasser is an x64 implementation of Gargoyle) => https://github.com/waldo-irc/YouMayPasser
+ [offensive] @_Wra7h , (Process Ghosting [x64 only] in C#) => https://github.com/Wra7h/SharpGhosting
+ [offensive] @_Wra7h , (AppRecoveryCallback Inject PoC C#) => https://github.com/Wra7h/ARCInject 
+ [offensive] daem0nc0re , (C# Utilities for Windows Notification Facility WNF) => https://github.com/daem0nc0re/SharpWnfSuite
+ [offensive] @cerbersec , (loader written in C/C++ based on the Transacted Hollowing technique) => https://github.com/Cerbersec/Ares
+ [offensive] @daem0nc0re , (C# Tools and PoCs for Windows syscall investigation) => https://github.com/daem0nc0re/AtomicSyscall
! [defensive] @winternl_t , (syscall-detect) => https://github.com/jackullrich/syscall-detect
! [defensive] @slaeryan , (Detects Module Stomping as implemented by Cobalt Strike) => https://github.com/slaeryan/DetectCobaltStomp
! [defensive] @_Apr4h , (CobaltStrikeScan, Scan files or process memory for CobaltStrike beacons) => https://github.com/Apr4h/CobaltStrikeScan
! [defensive] Siemens Healthineers , ETWAnalyzer (Command line tool to analyze one/many ETW file/s with simple queries) => https://github.com/Siemens-Healthineers/ETWAnalyzer
! [defensive] KANKOSHEV , (Detect-HiddenThread-via-KPRCB, Detect removed thread from PspCidTable) => https://github.com/KANKOSHEV/Detect-HiddenThread-via-KPRCB
+ [offensive] @slaeryan , FALCONSTRIKE , (About A stealthy, targeted Windows Loader for delivering second-stage payloads) => https://github.com/slaeryan/FALCONSTRIKE
+ [offensive] Michael Maltsev , (A global injection and hooking example) => https://github.com/m417z/global-inject-demo
  [offensive] @GeorgePatsias1 , (Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion) ) => https://github.com/GeorgePatsias/ScareCrow-CobaltStrike
  [offensive] F-Secure Countercept , (research on module stomping) => https://github.com/countercept/ModuleStomping
  [defensive] @waldoirc , (Detect strange memory regions and DLLs ) => https://github.com/waldo-irc/MalMemDetect
  [defensive] Rabobank Cyber Defence Centre , (Detect Tactics, Techniques & Combat Threats) => https://github.com/rabobank-cdc/DeTTECT
  [offensive] CyberWarFare Labs , (Advanced-Process-Injection-Workshop by CyberWarFare Labs) => https://github.com/RedTeamOperations/Advanced-Process-Injection-Workshop
  [offensive] @KlezVirus , (SysWhispers on Steroids - AV/EDR evasion via direct system calls) => https://github.com/klezVirus/SysWhispers3
  [offensive] Mieleke Blaam , (Process-Hollowing, Great explanation of Process Hollowing [a Technique often used in Malware]) => https://github.com/m0n0ph1/Process-Hollowing
  [offensive] deepsight , (C2Centipede is a POC proxy for reverse HTTP shell tools (metasploit/empire) to evade beaconing detection) => https://github.com/deepsight/C2Centipede
  [offensive] Marshall Hallenbeck , (Red Team Attack Lab) => https://github.com/Marshall-Hallenbeck/red_team_attack_lab
  [defensive] @jordanklepser , (defender-detectionhistory-parser, A parser of Windows Defender's DetectionHistory forensic artifact) => https://github.com/jklepsercyber/defender-detectionhistory-parser
  [offensive] djhohnstein , (TSMSISrv_poc, C# POC for the SessionEnv dll hijack by utilizing called functions of TSMSISrv.dll) => https://github.com/djhohnstein/TSMSISrv_poc
  [offensive] @ajpc500  , (NimlineWhispers2, A tool for converting SysWhispers2 syscalls for use with Nim projects) => https://github.com/ajpc500/NimlineWhispers2
  [defensive] @ScarredMonk  , (SysmonSimulator, Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs) => https://github.com/ScarredMonk/SysmonSimulator
  [offensive] Paranoid Ninja   , (EtwTi-Syscall-Hook, A simple program to hook the current process to identify the manual syscall executions on windows) => https://github.com/paranoidninja/EtwTi-Syscall-Hook
  [offensive] AD995  , (bluffy, Convert shellcode into different formats) => https://github.com/ad-995/bluffy
  [offensive] FULLSHADE , (WARFOX is a software-based HTTPS beaconing Windows implant that uses a multi-layered proxy network for C2 communications.) => https://github.com/FULLSHADE/WarFox
  [offensive] John Tear , (injection technique using C# that attempts to bypass Defender) => https://github.com/plackyhacker/Suspended-Thread-Injection
  [offensive] @C5pider , (KaynLdr is a Reflective Loader written in C/ASM) => https://github.com/Cracked5pider/KaynLdr
  [offensive] Shai S , (Examine, create and interact with remote objects in other .NET processes) => https://github.com/theXappy/RemoteNET
  [offensive] John Tear , (Another method for unhooking AV/EDR) => https://github.com/plackyhacker/Peruns-Fart
  [offensive] John Tear , (spoof the command line when spawning a new process from C#) => https://github.com/plackyhacker/CmdLineSpoofer
  [offensive] 0xsp-SRD , (mortar, evasion technique to defeat and divert detection and prevention of security products AV/EDR/XDR) => https://github.com/0xsp-SRD/mortar
  [offensive] mobdk , (zCore, Optimized version, Nt/ZwProtectVirtualMemory has been removed with every syscall) => https://github.com/mobdk/zCore
  [offensive] mobdk , (CloneProcess, Clone running process with ZwCreateProcess) => https://github.com/mobdk/CloneProcess
  [offensive] John Tear , (Shellcode-Encryptor, simple shell code encryptor/decryptor/executor to bypass AVs) => https://github.com/plackyhacker/Shellcode-Encryptor
  [offensive] VollRagm , (KernelSharp, C# Kernel Mode Driver example using NativeAOT) => https://github.com/VollRagm/KernelSharp
  [defensive] Splunk , (Cmelting-cobalt, Cobalt Strike Scanner that retrieves detected Team Server beacons) => https://github.com/splunk/melting-cobalt
  [defensive] Ali Davanian , (CnCHunter is a fork of RiotMan, and it allows exploiting malware for active probing) => https://github.com/adava/CnCHunter
  [offensive] @mariuszbit , (Stracciatella, OpSec-safe Powershell runspace from within C# [aka SharpPick] with AMSI) => https://github.com/mgeeky/Stracciatella
  [offensive] @mariuszbit , (UnhookMe, UnhookMe is an universal Windows API resolver) => https://github.com/mgeeky/UnhookMe
  [offensive] @Kara4Search , (ThreadHijacking_CSharp, Process inject technique "Thread hijacking" via C#) => https://github.com/Kara-4search/ThreadHijacking_CSharp
  [offensive] @Kara4Search , (HellgateLoader_CSharp, Load shellcode via HELLGATE, Rewrite hellgate with C#.Net) => https://github.com/Kara-4search/HellgateLoader_CSharp
  [offensive] @Kara4Search , (FullDLLUnhooking_CSharp, Unhook DLL via cleaning the DLLs text section) => https://github.com/Kara-4search/FullDLLUnhooking_CSharp
  [offensive] @0xpwnisher , (Various WMI experiments in a closed environment) => https://github.com/pwn1sher/WMEye
  [offensive] @0xpwnisher , (UUID based Shellcode loader for your favorite C2) => https://github.com/pwn1sher/uuid-loader
  [offensive] wavestone-cdt , (EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections) => https://github.com/wavestone-cdt/EDRSandblast
  [offensive] @KleiberIngo , (Simple HTTP server for delivering & exfiltrating files/data) => https://github.com/IngoKl/HTTPUploadExfil
  [offensive] @Kara4Search , (Load ntdll.dll via file mapping to bypass API inline hook via C#) => https://github.com/Kara-4search/NewNtdllBypassInlineHook_CSharp
  [offensive] @Kara4Search , (MappingInjection via C#) => https://github.com/Kara-4search/MappingInjection_CSharp
  [offensive] mai1zhi2 , (SysWhispers2_x86_Sysenter is responsible for generating 32-bit program) => https://github.com/mai1zhi2/SysWhispers2_x86
  [offensive] @Jackson_T , (SysWhispers2 helps with evasion by generating header/ASM files) => https://github.com/jthuraisamy/SysWhispers2
  [offensive] @Jackson_T , (SysWhispers helps with evasion by generating header/ASM files) => https://github.com/jthuraisamy/SysWhispers
  [offensive] @PwnDexter , (SharpEDRChecker, New & improved C# Implementation of Invoke-EDRChecker) => https://github.com/PwnDexter/SharpEDRChecker
  [offensive] @PwnDexter , (Invoke-EDRChecker) => https://github.com/PwnDexter/Invoke-EDRChecker
  [offensive] @SolomonSklash , (A shellcode function to encrypt a running process image when sleeping) => https://github.com/SolomonSklash/SleepyCrypt
  [offensive] @aaaddress1 , (Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR) => https://github.com/aaaddress1/Skrull
  [offensive] @codewhitesec , (PIC lsass dumper using cloned handles) => https://github.com/codewhitesec/HandleKatz
  [offensive] @snovvcrash , (shellcode injection techniques) => https://github.com/snovvcrash/DInjector
  [offensive] @snovvcrash , (Process Hollowing Technique & Nim) => https://github.com/snovvcrash/NimHollow
  [offensive] John Tear , (A collection of C# shellcode injection techniques) => https://github.com/plackyhacker/Shellcode-Injection-Techniques
  [offensive] Moath Maharmeh , (SharpStrike is a post-exploitation tool written in C# that uses either CIM or WMI to query remote systems) => https://github.com/iomoath/SharpStrike
  [offensive] Moath Maharmeh , (Unmanaged PowerShell execution using DLLs or a standalone executable) => https://github.com/iomoath/PowerShx
  [offensive] @mariuszbit , (in-memory evasion technique & fluctuate between RW,NoAccess,RX memory protection) => https://github.com/mgeeky/ShellcodeFluctuation
  [offensive] @mariuszbit , (Thread Stack Spoofing/Call Stack Spoofing PoC) => https://github.com/mgeeky/ThreadStackSpoofer
  [offensive] @KlezVirus , (Template-Driven AV/EDR Evasion Framework) => https://github.com/klezVirus/inceptor
  [offensive] GetRektBoy724 , (Syscall Stub Stealer, Freshly steal Syscall stub straight from the disk) => https://github.com/GetRektBoy724/TripleS
  [offensive] pedro31851511 , (meterpeter, C2 Powershell Command & Control Framework with BuiltIn Commands) => https://github.com/r00t-3xp10it/meterpeter
  [defensive] Airbus CERT , (Wireshark plugin to work with ETW) => https://github.com/airbus-cert/Winshark
  [offensive] ahmedkhlief , (C2 server by Purple Team to do stealthy computer & AD enumeration) => https://github.com/ahmedkhlief/Ninja
  [offensive] zcgonvh , (Exploit for EfsPotato MS-EFSR EfsRpcOpenFileRaw) => https://github.com/zcgonvh/EfsPotato
  [offensive] @c__sto , (pure-go implementation of using direct syscalls to do Windowsy stuff) => https://github.com/C-Sto/BananaPhone
  [offensive] @aaaddress1 , (POC for Process Herpaderping, ProcssGhosting & miniCreateProcessEx techniques) => https://github.com/aaaddress1/PR0CESS
  [offensive] nettitude , (C# Reflective loader for unmanaged binaries) => https://github.com/nettitude/RunPE
  [defensive] @_forrestorr , (Moneta, memory scanner) => https://github.com/forrest-orr/moneta
  [defensive] @hasherezade , (Pe-Sieve, memory scanner) => https://github.com/hasherezade/pe-sieve
  [offensive] odzhan , (Shellcodes for Windows/Linux/BSD running on x86, AMD64, Arch32, Arch64) => https://github.com/odzhan/shellcode
  [offensive] mobdk , (Upsilon, execute shellcode with syscalls, no API like NtProtectVirtualMemory is used) => https://github.com/mobdk/Upsilon
  [defensive] @arch_rabbit , (Fibratus is a tool for exploration and tracing of the Windows kernel) => https://github.com/rabbitstack/fibratus
  [offensive] wireless90 , (1.ProcessHollowing, 2.Net APCQueue Injection Techniques) => https://github.com/wireless90/ProcessInjector.NET
  [offensive] @topotam77 , (PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions ) => https://github.com/topotam/PetitPotam
  [defensive] Rajiv Kulkarni , (FalconEye, Real-time detection software for Windows process injections) => https://github.com/rajiv2790/FalconEye
  [offensive] SafeBreach Labs , (Pinjectra is a C/C++ library that implements Process Injection techniques) => https://github.com/SafeBreach-Labs/pinjectra
  [offensive] RedCursorSecurityConsultin , (Tool to bypass LSA Protection [aka Protected Process Light]) => https://github.com/RedCursorSecurityConsulting/PPLKiller
  [off---def] @brsn76945860 , (Enumerating and removing kernel callbacks using signed vulnerable drivers) => https://github.com/br-sn/CheekyBlinder
  [offensive] Ralph May , (deploy a phishing engagement in the cloud) => https://github.com/ralphte/build_a_phish
  [defensive] @standa_t , (tool to help malware analysts tell that the sample is injecting code to another process) => https://github.com/tandasat/RemoteWriteMonitor
  [offensive] @safe_buffer , (LightMe is a Simple HTTP Server serving Powershell Scripts/Payloads after Obfuscate them) => https://github.com/WazeHell/LightMe
  [defensive] Microsoft , (MSFT, CPU/Memory performance-analysis,very useful ETW Codes & tools for Blue Teams/Defenders) => https://github.com/microsoft/perfview
  [offensive] @_S_aint_Iker , (Process Ghosting Tool [64 bits Only]) => https://github.com/IkerSaint/KingHamlet/
  [offensive] cube0x0 , (SharpeningCobaltStrike, in realtime compiling of dotnet v35/v40 exe/dll binaries + obfuscation...)https://github.com/cube0x0/SharpeningCobaltStrike
  [defensive] HoShiMin , (Avanguard, The Win32 Anti-Intrusion Library) => https://github.com/HoShiMin/Avanguard 
  [offensive] Nicholas Spagnola , (MalwareDev) => https://github.com/MakoSec/MalwareDev
  [offensive] @aaaddress1 , (RunPE-In-Memory, Run 32bit/64bit copy of Exe File in memory like an Application Loader) => https://github.com/aaaddress1/RunPE-In-Memory
  [offensive] Samuel Wong , (NET-Obfuscate, Obfuscate ECMA CIL [.NET IL] assemblies to evade Windows Defender AMSI.) => https://github.com/BinaryScary/NET-Obfuscate
  [offensive] @matterpreter , (OffensiveCSharp, collection of C# tooling & POCs for use on operations) => https://github.com/matterpreter/OffensiveCSharp
  [off---def] m0rv4i , (Syscalls-Extractor, extracting syscall numbers for an OS) => https://github.com/m0rv4i/Syscalls-Extractor
  [offensive] @_batsec_ , (DarkLoadLibrary, LoadLibrary for offensive operations) => https://github.com/bats3c/DarkLoadLibrary
  [offensive] @Yas_o_h , (Backstab is a tool capable of killing antimalware protected processes by leveraging sysinternals) => https://github.com/Yaxser/Backstab
  [offensive] @passthehashbrwn , (avoiding direct syscall detections) => https://github.com/passthehashbrowns/hiding-your-syscalls
  [offensive] @kevin_robertson , (cross-platform .NET IPv4/IPv6 machine-in-the-middle tool) => https://github.com/Kevin-Robertson/Inveigh
  [defensive] Lares , (Pushes Sysmon Configs) => https://github.com/LaresLLC/SysmonConfigPusher
  [offensive] Gabriel Landau , (Post/Article: Process Ghosting) => https://www.elastic.co/blog/process-ghosting-a-new-executable-image-tampering-attack
  [offensive] @mariuszbit , (Cobalt Strike C2 Reverse proxy) => https://github.com/mgeeky/RedWarden
  [offensive] Alex Davies , (Some C# Process Injection Techniques) => https://github.com/pwndizzle/c-sharp-memory-injection
  [defensive] Improsec A/S , (Identify the attack paths in BloodHound breaking your AD tiering) => https://github.com/improsec/ImproHound
  [offensive] @itm4n , (Dump the memory of a PPL with a userland exploit) => https://github.com/itm4n/PPLdump
  [offensive] @R0h1rr1m , (Userland API Unhooker Project) => https://github.com/frkngksl/Celeborn
  [offensive] @checkymander , (run python code on systems without Python installed) => https://github.com/checkymander/Zolom
  [off--docs] @joevest , (redteam guide) => https://redteam.guide/docs/
  [offensive] @positive_sec , (upload arbitrary data from devices without internet) => https://github.com/positive-security/send-my
  [offensive] @infosecn1nja , (Red Teaming/Adversary Simulation Toolkit) => https://github.com/infosecn1nja/Red-Teaming-Toolkit
  [defensive] @pathtofile , (Easy ETW Tracing for Security Research) => https://github.com/pathtofile/Sealighter
  [offensive] https://github.com/optiv , (Dent) => https://github.com/optiv/Dent
  [off--blog] @pentestlabltd , (blog) => https://pentestlaboratories.com/blog/
  [offensive] @dafthack , (Cloud Pentest Cheatsheets) => https://github.com/dafthack/CloudPentestCheatsheets
  [off---def] @ale_sp_brazil , (dotnet malware threat, internals & reversing) => http://www.blackstormsecurity.com/docs/ALEXANDREBORGES_DEFCON_2019.pdf
  [defensive] @_lpvoid , (TiEtwAgent is ETW-based process injection detection) => https://github.com/xinbailu/TiEtwAgent
  [defensive] ComodoSecurity , (OpenEDR is a free & open source platform EDR) => https://github.com/ComodoSecurity/openedr
  [defensive] wazuh , (Wazuh is a free & open source platform EDR) => https://github.com/wazuh/wazuh
  [off---def] @0gtweet , (Simple solutions allowing you to dig a bit deeper than usual) => https://github.com/gtworek/PSBits
  [defensive] @cyb3rops , (Raccine, A Simple Ransomware Protection) => https://github.com/Neo23x0/Raccine
  [offensive] @scrtsa , (avcleaner, C/C++ source obfuscator for antivirus bypass) => https://github.com/scrt/avcleaner
  [offensive] @Arno0x0x , (DNSExfiltrator, Transfering/exfiltrate a file over a DNS request covert channel) => https://github.com/Arno0x/DNSExfiltrator
  [offensive] Mauricio Velazco & Olindo Verrillo, (defcon-27, Writing custom backdoor payloads with C#) => https://github.com/mvelazc0/defcon27_csharp_workshop
  [offensive] @Ne0nd0g , (Merlin is a cross-platform post-exploitation C2 server + agent written in Golang) => https://github.com/Ne0nd0g/merlin
  [offensive] CyberArk , (Kubesploit is a cross-platform post-exploitation C2 server + agent with Golang) => https://github.com/cyberark/kubesploit
  [offensive] G0ldenGunSec , (Post/Article: Transactional NTFS + API Hooking to Trick the CLR into Loading Your Code “From Disk”) https://blog.redxorblue.com/2021/05/assemblylie-using-transactional-ntfs.html
  [offensive] @_lpvoid , (DripLoader, Evasive shellcode loader for bypassing event-based injection detection) => https://github.com/xinbailu/DripLoader 
  [defensive] 3lp4tr0n , (BeaconHunter , Behavior based monitoring and hunting tool built in C# tool leveraging ETW tracing) => https://github.com/3lp4tr0n/BeaconHunter
  [offensive] antonioCoco , (RemotePotato0, Windows Privilege Escalation from User to Domain Admin) => https://github.com/antonioCoco/RemotePotato0
  [defensive] OpenCTI , (open source platform allowing organizations to manage their cyber threat intelligence knowledge) => https://github.com/OpenCTI-Platform/opencti
  [offensive] hackerschoice , (two users behind NAT/Firewall to establish a TCP connection with each other) => https://github.com/hackerschoice/gsocket
  [offensive] @JulioUrena , (SharpNoPSExec, File less command execution for lateral movement) => https://github.com/juliourena/SharpNoPSExec
  [off---def] Mr.Un1k0d3r , (EDRs Hooked APIs + some useful EDRs info for during red team exercise) => https://github.com/Mr-Un1k0d3r/EDRs
  [offensive] Yarden Shafir , (Post/Article: Thread/Process State Change & EDR Hook Evasion Method) => https://windows-internals.com/thread-and-process-state-change/
  [defensive] ion-storm , (Sysmon EDR Active Response Features) => https://github.com/ion-storm/sysmon-edr
  [offensive] @tokyoneon_ , (Chimera, PowerShell obfuscation script designed to bypass AMSI and antivirus) => https://github.com/tokyoneon/Chimera
  [offensive] nodauf , (Grish ,Golang Interactive Reverse SHell) => https://github.com/nodauf/Girsh
  [offensive] @pedro31851511 , (reverse tcp shells in post-exploitation tasks) => https://github.com/r00t-3xp10it/redpill
  [offensive] Ryan Reeves , (3 Process Hollowing PoC) => https://github.com/reevesrs24/EvasiveProcessHollowing
  [off---def] Roberto Rodriguez @Cyb3rWard0g , (Education/Training: Threat Hunter Playbook) => https://threathunterplaybook.com/introduction.html
  [offensive] hasherezade , (Education/Training: Malware Training) => https://github.com/hasherezade/malware_training_vol1
  [offensive] 0xpat (Education/Training: Red/Purple Teamers [Malware development] ) => https://0xpat.github.io/
  [offensive] @ShitSecure , (Nim Codes for CBT CallBackTechniques) => https://github.com/S3cur3Th1sSh1t/Nim_CBT_Shellcode
  [offensive] @_EthicalChaos_ , (Mirrordump, dump lsass) => https://github.com/CCob/MirrorDump
  [off---def] @_EthicalChaos_ , (MiniHook, hooking native API calls ) => https://github.com/CCob/MinHook.NET
  [off---def] Black Lantern Security, (writehat , Pentest reporting tool written in Python) => https://github.com/blacklanternsecurity/writehat
  [offensive] jthuraisamy, (Enumerate and disable common sources of telemetry used by AV/EDR.) => https://github.com/jthuraisamy/TelemetrySourcerer
  [offensive] ChaitanyaHaritash , (Shellcode Execution via Callback Func) => https://github.com/ChaitanyaHaritash/Callback_Shellcode_Injection
  [offensive] S4R1N , (Shellcode Execution via Callback Func) => https://github.com/S4R1N/AlternativeShellcodeExec
  [offensive] Deep Instinct, (lsass Dumper) => https://github.com/deepinstinct/LsassSilentProcessExit
  [offensive] asaurusrex, (Project to check which Nt/Zw functions your local EDR is hooking) => https://github.com/asaurusrex/Probatorum-EDR-Userland-Hook-Checker
  [offensive] optive, ScareCrow (Bypass EDR hooks, Whitelisting) => https://github.com/optiv/ScareCrow
  [offensive] antonioCoco or @splinter_code , (Mapping-Injection) => https://github.com/antonioCoco/Mapping-Injection
  [offensive] @spotheplanet (C++, minidumpwritedump , [without mimikatz]) => https://github.com/mantvydasb/RedTeam-Tactics-and-Techniques/blob/master/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass.md
  [offensive] @m0rv4i (C#, SafetyDump PID/lsass dumper [in-memory]) https://github.com/m0rv4i/SafetyDump
  [offensive] https://twitter.com/marcosd4h  Minjector/Memhunter (injector/ETW) => https://github.com/marcosd4h/memhunter
  [offensive] sh4hin , GoPurple (injector) => https://github.com/sh4hin/GoPurple
  [offensive] odzhan , Injection Methods => https://github.com/odzhan/injection
  [offensive] monozgas , sRDI (injector) => https://github.com/monoxgas/sRDI
  [offensive] @r3n_hat , (C# c2, GRAT2) => https://github.com/r3nhat/GRAT2
  [offensive] @jxy__s , (Process herpaderping) => https://github.com/jxy-s/herpaderping
  [defensive] @jtsmith282 , Blue teams monitor systems => https://github.com/ION28/BLUESPAWN
  [offensive] @Ch0pin , (AVIator) => https://github.com/Ch0pin/AVIator
  [off--blog] @netbiosX (Education/Training: blog) => https://pentestlab.blog/
  [offensive] @TheRealWover , (donut) => https://github.com/TheWover/donut
  [offensive] @gentilkiwi , (mimikatz) => https://github.com/gentilkiwi/mimikatz
  [offensive] @_RastaMouse , (SharpC2) => https://github.com/SharpC2/SharpC2
  [offensive] @b4rtik , (SharpMiniDump) => https://github.com/b4rtik/SharpMiniDump
  [offensive] @FuzzySec , (Sharp-Suite) => https://github.com/FuzzySecurity/Sharp-Suite
  [offensive] @FuzzySec , (Fermion) => https://github.com/FuzzySecurity/Fermion
  [offensive] @cobbr_io , (C2, Covenant) => https://github.com/cobbr/Covenant
  [offensive] @cobbr_io , (SharpSploit) => https://github.com/cobbr/SharpSploit
  [offensive] @pedro31851511 => https://github.com/r00t-3xp10it/Meterpreter_Paranoid_Mode-SSL
  [offensive] @gweeperx  , (SSI ,injector) => https://github.com/DimopoulosElias/SimpleShellcodeInjector
  [defensive] @hasherezade , (hollows_hunter , memory scanner) => https://github.com/hasherezade/hollows_hunter
  [offensive] @byt3bl33d3r , (SILENTTRINITY) => https://github.com/byt3bl33d3r/SILENTTRINITY
  [offensive] badBounty , (directInjectorPOC) => https://github.com/badBounty/directInjectorPOC
  [off---def] mvelazc0 , (PurpleSharp) => https://github.com/mvelazc0/PurpleSharp
  [offensive] @slaeryan , (Red-Teamer/Pentester Tools) => https://github.com/slaeryan/AQUARMOURY
  [off---def] boh , (C# Tools) => https://github.com/boh/RedCsharp
  [offensive] shogunlab , (Education/Training: ebook) => https://github.com/shogunlab/building-c2-implants-in-cpp
  [off---def] redcanaryco , (Red-Teaming) => https://github.com/redcanaryco/atomic-red-team
  [offensive] @_batsec_ , (shad0w) => https://github.com/bats3c/shad0w
  [offensive] @_forrestorr , (DLL hollowing) => https://github.com/forrest-orr/phantom-dll-hollower-poc
  [off--blog] @jack_halon , (blog) => https://jhalon.github.io
  [offensive] @martinoj2009 , (ICMP Exfil tool) => https://github.com/martinoj2009/ICMPExfil
  [offensive] @mubix , (hak5) => https://www.youtube.com/c/hak5/playlists
  [off--blog] @bohops , (blog) => https://bohops.com
  [offensive] https://twitter.com/buffaloverflow
  [offensive] https://twitter.com/domchell
  [off--blog] OsandaMalith , (blog) => https://osandamalith.com
  [off--blog] @_xpn_ , (blog) => https://blog.xpnsec.com
  [off--blog] @am0nsec , (blog) => https://ntamonsec.blogspot.com
  [off--blog] @peewpw , (blog) => https://www.peew.pw
  [offensive] https://twitter.com/5ub34x
  [offensive] https://twitter.com/vvalien1
  [off--blog] @424f424f , (blog) => https://medium.com/@rvrsh3ll

Some Videos About Pentesters & Red/Purple/Blue Teams (Offensive/Defensive teams + SOC/CTI...), these Videos made by Security Researchers/Pentesters/Red/Purple/Blue Teamers...

Note: i think you should watch these videos one by one, As Pentester/Red/Blue/Purple Teamer (Security Teams) these videos will help you a lot... (these video was useful to me a lot, but this list was for New Videos & i will add more videos (new/old videos) to this new list soon...

Note: these guys in these videos are "humble" which is important to me & their videos is very useful (technically).

"Humble" + "Useful" + "Pro" = "these guys ;D in this video list ..."

(videos: last update 11 Sep 2022)

+ (Nullcon: How To Bypass AM-PPL & Disable EDRs - A Red Teamer's Story-Stephen Kho & Juan Sacco) => https://www.youtube.com/watch?v=QtObgEfy5Jw
+ (Introduction to Threat Modeling | Siddhant Chouhan | Winja Unplugged) => https://www.youtube.com/watch?v=mpw-Lsqa5Ls
+ (Develop Your Own RAT: EDR + AV Defense by Dobin Rutishauser) => https://www.youtube.com/watch?v=w0bh7s7bVXI
+ (Building A Red Team – The Best Defense Is A Good Offense by Daniel Fabian) => https://www.youtube.com/watch?v=yfgfixMKFGI
+ (Command & Control Freak: Cloud Edition by Dagmawi Mulugeta) => https://www.youtube.com/watch?v=grCToZwUacc
(Jake Williams presents update on Cyber Threat Intelligence program) => https://youtu.be/MHfGIY2IyXE?t=414
(ATT&CK Updates: Data Sources and Detection, by Alexia Crumpton) => https://www.youtube.com/watch?v=eBeIRYeq7SM
(State of ATT&CK - ATT&CKcon 3.0 Day 1) => https://www.youtube.com/watch?v=1JLZkNe085g
(When Insiders ATT&CK! - ATT&CKcon 3.0 Day 2) => https://www.youtube.com/watch?v=qJ3DrNAbtxg 
(Mapping to MITRE ATT&CK - ATT&CKcon 3.0 Day 1) => https://www.youtube.com/watch?v=uYJAoedpJkQ
(ATT&CKing the Red/Blue Divide - ATT&CKcon 3.0 Day 2) => https://www.youtube.com/watch?v=lxAQiq2XtEQ
(Insights Into Highly Valued Data Sources) => https://www.youtube.com/watch?v=ba2e9pWxboU
(racking Noisy Behavior and Risk-Based Alerting with ATT&CK, by Haylee Mills) => https://www.youtube.com/watch?v=qqNUmfOW3gU
(Prioritizing Detection Implementation with Intelligence and ATT&CK, by Lindsay Kaye & Scott Small) => https://www.youtube.com/watch?v=pwl7L_Lh9_c
(Knowledge for the Masses: Storytelling with ATT&CK!) => https://www.youtube.com/watch?v=eRHw-An9NuI
(What is ATT&CK Coverage Anyway? Breadth and Depth Analysis w/ Atomic Red Team) => https://www.youtube.com/watch?v=RRq8jqFY6ts
(Blue-Team-as-Code: Lessons From Real-world Red Team Detection Automation Using Logs, By Oleg Kolesnikov & Den Iuzvyk) => https://www.youtube.com/watch?v=fz6SYlfvc-Y
(BH, Process Injection Techniques - Gotta Catch Them All, By Itzik Kotler and Amit Klein) => https://www.youtube.com/watch?v=xewv122qxnk
(BH, Exploiting Windows COM/WinRT ServicesExploiting Windows COM/WinRT Services, By XueFeng Li & Zhiniang Peng) => https://www.youtube.com/watch?v=KeQ0PHrHDVs
(BH, The Dark Age of Memory Corruption Mitigations in the Spectre Era, By Andrea Mambretti & Alexandra Sandulescu) => https://www.youtube.com/watch?v=vI7ABcuclpg
(BH, Rope: Bypassing Behavioral Detection of Malware with Distributed ROP-Driven Execution, By Daniele Cono D'Elia & Lorenzo Invidia) => https://www.youtube.com/watch?v=PBDHhOtc0zM
(BH, Securing Open Source Software - End-to-end, At massive scale, Together, By Jennifer Fernick & Christopher Robinson) => https://www.youtube.com/watch?v=S2ZFF5LyL_Y
(BH, Anatomy of Native IIS Malware, By Zuzana Hromcova) => https://www.youtube.com/watch?v=OwCmuQHHOUA
(BH, CnCHunter: An MITM-Approach to Identify Live CnC Servers, By Ali Davanian, Ahmad Darki & Michalis Faloutsos) => https://www.youtube.com/watch?v=UNQ-ZnbYfeQ
(BH, Fixing a Memory Forensics Blind Spot: Linux Kernel Tracing, By Andrew Case & Golden Richard) => https://www.youtube.com/watch?v=6oe7qL7-WoI
(BH, Locknote: Conclusions and Key Takeaways from Black Hat Europe 2021) => https://www.youtube.com/watch?v=neEytnFh_TY
(BH, Threat Hunting in Active Directory Environment By Anurag Khanna & Thirumalai Natarajan Muthiah) => https://www.youtube.com/watch?v=lBIaLmvVpBE
(BH, How Did the Adversaries Abusing the Bitcoin Blockchain Evade Our Takeover?) => https://www.youtube.com/watch?v=y8Z9KnL8s8s
(BH, Reverse Engineering Compliance by Adam Shostack) => https://www.youtube.com/watch?v=j7nDXgLahhU
(BH, Domain Borrowing, Catch My C2 Traffic if You Can) => https://www.youtube.com/watch?v=eVr0kKdgM2I
(BH, Mem2Img, Memory-Resident Malware Detection via Convolution Neural Network) => https://www.youtube.com/watch?v=6SDdUVejR2w
(Malware Traffic and CyberChef Magic 2021-08-19, by Doug Burks) => https://www.youtube.com/watch?v=dF2zWBO-Dgc
(Quick Malware Analysis with Security Onion, pcap from 2021-08-05, by Doug Burks) => https://www.youtube.com/watch?v=KBjr1fdb3jY
(DEF CON 29 Adversary Village, Mauricio Velazco, PurpleSharp Automated Adversary Simulation) => https://www.youtube.com/watch?v=yi1epKf0lcM
(DEF CON 29 Adversary Village, Jose Garduno, C2Centipede APT level C2 communications for common rev) => https://www.youtube.com/watch?v=m6ygA5oPSQo
(BHIS, No SPAN Port? No Tap? No Problem!, John Strand) => https://www.youtube.com/watch?v=EqjmZqa_Dho
(BHIS, How to Build a Phishing Engagement, Coding TTP's, Ralph May) => https://www.youtube.com/watch?v=VglCgoIjztE
(2021 Threat Detection Report , Red Canary) => https://www.youtube.com/watch?v=wk5qVUZnJp0
(Advanced Memory Forensics [Windows], Threat_Hunting & Initial Malware_Analysis [P1]) => https://www.youtube.com/watch?v=WB29XIUZjRU
(Workshop Track, Atomic red team , Carrie & Darin) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/b11b2349625349bfbfd3981ab9aced32/watch?source=CHANNEL
(Jason Downey, Six Things No One !@#$ing Told Me About Pentesting) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/249e698776384175a51f78b58bc75f86/watch?source=CHANNEL
(Jake Williams, Seeing the Forest Through the Trees Foundations of Event Log Analysis) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/47b94dcf6ba246cfb8657dbde5bd2e1f/watch?source=CHANNEL
(Dave Kennedy, Designing an Offensive Strategy for Defense) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/91b6bdc4a42f438a9fee0a6dcc4781de/watch?source=CHANNEL
(Madhav Bhatt & Brad Richardson, Red Team Engagements How to Train Your Blue Team to Hunt Adversaries) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/f8e577b0951d42d2895ae7b815743a7a/watch?source=CHANNEL
(Mauricio Velazco, PurpleSharp) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/c05f7c791eae4cc884931b40db37bb79/watch?source=CHANNEL
(Ralph May, Automate your Redteam) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/d2946bef40254e86aa1d439fbe7b965f/watch?source=CHANNEL
(Brian Donohue, Atomic Red Team) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/63ba587692a04df1b44a37e69f7bdf51/watch?source=CHANNEL
(Jorge Orchilles, Operationalizing Purple Team) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/240b20fd5c304f96b992eee10313e2ec/watch?source=CHANNEL
(SPECIAL WEBCAST, New Wave of Ransomware Attacks: How did this happen?, John Strand) => https://www.youtube.com/watch?v=v1jmrk758cM
(Hak5 ...) => https://www.youtube.com/c/hak5/playlists
(WWHF, Abusing Microsoft Office for Post-Exploitation, Kyle Avery) => https://www.youtube.com/watch?v=tWQNM2vuQEM
(Hands-On Purple Team Workshop with Tim Schulz, June 2) => https://www.youtube.com/watch?v=oogvR1U7Cls
(Collaborate and Validate, Let's talk Purple Teaming with SCYTHE & PlexTrac) => https://www.youtube.com/watch?v=XtC6xoIiHJU
(Practical Exploitation with Mubix, formerly Metasploit Minute) => https://www.youtube.com/playlist?list=PLW5y1tjAOzI3n4KRN_ic8N8Qv_ss_dh_F
(SCYTHE: #ThreatThursday, Conti Ransomware) => https://www.youtube.com/watch?v=R4rKnjs2VvA
(RTV: Threat Hunting With Elastic Security by Aravind Putrevu & Haran Kumar) => https://www.youtube.com/watch?v=E0Iix1jxVvo
(The SOC Puzzle: Where Does Threat Hunting Fit?, 2020 Threat Hunting & Incident Response Summit) => https://www.youtube.com/watch?v=Ut1t_n6NPQE
(Purple Team Maturity Model, Jorge Orchilles & Tim Schulz) => https://www.youtube.com/watch?v=iE0CgG0MAH4
(BHIS, Getting Started in Pentesting The Cloud: Azure, Beau Bullock) => https://www.youtube.com/watch?v=u_3cV0pzptY
(Topic 03 VQL Fundamentals Pt 2) => https://www.youtube.com/watch?v=tsmb_CuLVlE
(Live Launch: 2021 Threat Detection Report) => https://www.youtube.com/watch?v=wk5qVUZnJp0
(UniCon21) => https://www.youtube.com/watch?v=4WUauzWKa9M
(the Purple Team exercise is done: Now What? with Daniel DeCloss Founder & CEO PlexTrac) => https://www.youtube.com/watch?v=HNG3HNEcHs8
(1-10-60 Detection Metrics with Dmitri Alperovitch & Bryson Bort) => https://www.youtube.com/watch?v=arzi5LCI_Uk
(Detection Mechanisms for Common RedTeam TTPs) => https://www.youtube.com/watch?v=DSTsF0w3jMw 
(Threat Hunting with Sysmon - Binary Defense) => https://www.youtube.com/watch?v=pnnnCgTyZo8
(Hands-On Purple Team Workshop with Tim Schulz.March 31) => https://www.youtube.com/watch?v=v7j1ZJy-BFw
(Purple Team Exercise Framework PTEF Workshop) => https://www.youtube.com/watch?v=kGCH-DjGM8M
(PurpleTeamSummit Hands-On Purple Team Workshop) => https://www.youtube.com/watch?v=rwOh9MC0M7E
(Hands-On Purple Team Workshop with Tim Schulz) => https://www.youtube.com/watch?v=kTEBhfzLoXM
(BHIS-Your Free and Open Source EDR Options!, John Strand) => https://www.youtube.com/watch?v=yrFnlbwFG_E
(BHIS-EMERGENCY WEBCAST: OK, let's talk about ransomware, John Strand) => https://www.youtube.com/watch?v=wKAQB4Yp-k4
(BHIS-OPSEC Fundamentals for Remote Red Teams, Michael Allen) => https://www.youtube.com/watch?v=AHwfV3NFlno
(Atomic Purple Team Framework and Life Cycle, Kent Ickler & Jordan Drysdale) => https://www.youtube.com/watch?v=_KqtVWrw_Gc
(IPv6: How to Securely Start Deploying, Joff Thyer) => https://www.youtube.com/watch?v=ft35bUVxiLQ
(A Blue Team's Perspective on Red Team Hack Tools) => https://www.youtube.com/watch?v=0mIN2OU5hQE
(Active Defense & Cyber Deception - Part 1) => https://www.youtube.com/watch?v=uxktoNrIk4Q
(Active Defense & Cyber Deception - Part 2) => https://www.youtube.com/watch?v=qGwqYjJZclU
(Active Defense & Cyber Deception - Part 3) => https://www.youtube.com/watch?v=vmfB2u6rXtk
(Enterprise Recon For Purple Teams) => https://www.youtube.com/watch?v=5c4KHB8dZMw
(In-Depth SILENTTRINITY Demo, Explanation & Walkthrough!) => https://www.youtube.com/watch?v=0_b3A1SOyVw
(How to attack when LLMNR, mDNS, and WPAD attacks fail - Eavesarp) => https://www.youtube.com/watch?v=cKDdy0JFXpA
(Endpoint Security Got You Down? No PowerShell? No Problem.) => https://www.youtube.com/watch?v=IGMj9paeEWM
(Two Covert Command & Control (C2) Channels) => https://www.youtube.com/watch?v=USYXKK1MDU0
(Attack Tactics 5: Zero to Hero Attack) => https://www.youtube.com/watch?v=kiMD0JFFheI
(RITA, Finding Bad Things on Your Network Using Free & Open Source Tools) => https://www.youtube.com/watch?v=mpCBOQSjbOA
(WWHF Deadwood 2020-Everything You've Been Told About Threat Hunting is a Lie, Lesley Carhart) => https://www.youtube.com/watch?v=5mdsV2FTDR8
(WWHF Deadwood 2020-Don C. Weber, Detecting Encrypted Radio Communications Using Universal) => https://www.youtube.com/watch?v=fgJaNIAlk0E
(WWHF Deadwood 2020-Jorge Orchilles, Emulating Adversaries Via Attack Chains) => https://www.youtube.com/watch?v=BDzw9cGEJos
(WWHF Deadwood 2020-Dan DeCloss, Purple Teaming With Runbooks for Plextrac) => https://www.youtube.com/watch?v=8kuutYNz0I8
(WWHF Deadwood 2020-A Quickstart Guide to Insider Threats, Adam Mashinchi) => https://www.youtube.com/watch?v=GKK0ZS07neY
(WWHF Deadwood 2020-Stephen Spence, Converting Blue Team into Advanced Host-Based Alerting) => https://www.youtube.com/watch?v=Jlf-CMFYNtw
(WWHF Deadwood 2020-Resilient Detection Engineering, Olaf Hartong) => https://www.youtube.com/watch?v=zMPouyUNX5c
(WWHF Deadwood 2020-Tao and the Art of Tshark Fields, Chris Brenton) => https://www.youtube.com/watch?v=lQCTPTGWYv0
(WWHF Deadwood 2020-Exploits, Research, Tools, and the Impact to Security, Dave Kennedy) => https://www.youtube.com/watch?v=iVNxfvU5xm8
(WWHF Deadwood 2020-Upping Your Defenses & Detections For the Low Price of FREE, Kent & Jordan) => https://www.youtube.com/watch?v=S0VaNt3i9JU
(Functional Testing: A New Era of Pentesting, The December Roundup-Cloud Pentesting, Jon Helmus) => https://www.youtube.com/watch?v=wYMNd5oks5s
(Unicorn Evangelism: The Case for Purple Teaming, Kent Icker & Jordan Drysdale) => https://www.youtube.com/watch?v=VxUgr0MrBJA
(Move Aside Script Kiddies–Malware Execution in the Age of Advanced Defenses, Joff Thyer) => https://www.youtube.com/watch?v=wTmQ5FaRmf4

About

Some Pentesters, Security Researchers, Red Teamers which i learned from them a lot...

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published