AV/EDR Lab environment setup references to help in Malware development

Remote command line LSASS extractor

A Python native library containing lots of useful functions to write efficient scripts to hack stuff.

evilginx3 + gophish

Check for LDAP protections regarding the relay of NTLM authentication

This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.

PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

Python script to enumerate users, groups and computers from a Windows domain through LDAP queries

A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.

game of active directory

This repository contains procedures found in the Feb 2022 conti leaks. They were taken from the "manual_teams_c" rocketchat channel in the leak and posted on may 10th, 2021 in the channel.

Kerberoast attack -pure python-

HackTheBox Vim Colorscheme

Quick Start/Setup of CI/CD for Offensive/Defensive Purposes

A comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

Wiki to collect Red Team infrastructure hardening resources

CVE-2020-0796 Pre-Auth POC

A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.

📁 Dotfiles used on my Unix systems

Collection of small JavaScript functions and scripts that can be used in the browser to interact with Lair

A not so awesome list of malware gems for aspiring malware analysts