Stars
Open-source reconnaissance tool to identify attack surface of any organization.
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec, Compliance/Audit Management, Privacy and supporting +90 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI…
Curated list of resources for security Governance, Risk Management, Compliance and Audit professionals and enthusiasts (if they exist).
Various notes I have compiled during the OSEP PEN-300 course.
Open Source Vulnerability Management Platform
Directory Services Internals (DSInternals) PowerShell Module and Framework
WAU daily updates apps as system and notify connected users. (Allowlist and Blocklist support)
SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol.
Attack Graph Visualizer and Explorer (Active Directory) ...Who's *really* Domain Admin?
AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses
Reproducible, static, curl binaries for Linux, macOS and Windows
The SpecterOps project management and reporting engine
autoNTDS is an automation script designed to simplify the process of dumping and cracking NTDS hashes using secretsdump.py and hashcat
Logging Made Easy (LME) is a no cost, open source platform that centralizes log collection, enhances threat detection, and enables real-time alerting, helping small to medium-sized organizations s…
A curated list of tools for incident response
Privilege Escalation Enumeration Script for Windows
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
This script will enable you to reset the krbtgt account password and related keys while minimizing the likelihood of Kerberos authentication issues being caused by the operation.
The Penetration Testing Execution Standard (PTES) Automation Framework
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
This is just an semi-automated fully working, no-bs, non-metasploit version of the public exploit code for MS17-010