Golang anti-vm framework for Red Team and Pentesters

Find, list, and inspect processes from Go (golang).

Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox, VM Detect package. Windows ONLY.

Sample queries and data as part of the Microsoft Press book, The Definitive Guide to KQL

Forensic toolkit for iOS sysdiagnose feature

A centralized and enhanced memory analysis platform

DFIR project to collect and analyze events in Google Workspace

☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud

A query aggregator for OSINT based threat hunting

NapierOne. A Publicly Available Modern Mixed File Data Set. The data set is suitable for a variety of testing scenarios such as Ransomware testing, Malware testing, forensic testing, file compressi…

Collaborative Incident Response platform

BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world.…

Neo-reGeorg is a project that seeks to aggressively refactor reGeorg

Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability).

Microsoft SharePoint Server Elevation of Privilege Vulnerability

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.

A pcap capture analysis helper

Binary instrumentation framework based on FRIDA

This contains notes and slides for my Objective by the Sea talk

SpyGuard is a forked and enhanced version of TinyCheck. SpyGuard's main objective is to detect signs of compromise by monitoring network flows transmitted by a device.

A toolkit for the post-mortem examination of Docker containers from forensic HDD copies

Search Index Database Reporter