LDAPmonitor – Monitor Creation, Deletion And Changes To LDAP Objects Live During Your Pentest Or System Administration!

Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration! With this tool you can quickly see if your attack worked and if it changed LDAP attributes of the target object. Features Feature Python (.py) CSharp (.exe) Powershell (.ps1) LDAPS support ✔️ ✔️ ✔️ Random delay in seconds between queriesRead More

SysFlow – Cloud-native System Telemetry Pipeline

This repository hosts the documentation and issue tracker for all SysFlow projects. Quick reference Documentation:the SysFlow Documentation Where to get help:the SysFlow Community Slack Where to file issues:the github issue tracker Source of this description:repo’s readme (history) Docker images:docker hub | GHCR What is SysFlow? The SysFlow Telemetry Pipeline is a framework for monitoring cloudRead More

UnhookMe – An Universal Windows API Resolver And Unhooker Addressing Problem Of Invoking Unmonitored System Calls From Within Of Your Red Teams Malware

In the era of intrusive AVs and EDRs that introduce hot-patches to the running processes for their enhanced optics requirements, modern adversaries must have a robust tool to slide through these watchguards. The propsed implementation of dynamic imports resolver that would be capable of unhooking used functions in-the-fly is yet another step towards strengthening adversaryRead More

FindObjects-BOF – A Cobalt Strike Beacon Object File (BOF) Project Which Uses Direct System Calls To Enumerate Processes For Specific Loaded Modules Or Process Handles

A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific modules or process handles. What is this repository for? Use direct systems calls within Beacon Object files to enumerate processes for specific loaded modules (e.g. winhttp.dll, amsi.dll or clr.dll). Use direct systems calls within Beacon Object filesRead More

BlueCloud – Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D

Cyber Range deployment of HELK and Velociraptor! Automated terraform deployment of one system running HELK + Velociraptor server with one registered Windows endpoint in Azure or AWS. A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small HELK + Velociraptor R&D lab. Use Cases EDR Testing lab Penetration Testing lab SIEMRead More

DNS-Black-Cat(DBC) – Multi Platform Toolkit For An Interactive DNS Shell Commands Exfiltration, By Using DNS-Cat You Will Be Able To Execute System Commands In Shell Mode Over DNS Protocol

Multi-platform toolkit for an interactive C2C DNS shell, by using DNS-Black-Cat, you will be able to execute system commands in shell mode over a fully encrypted covert channel. Server ported as a python script, which acts as DNS server with required functionalities to provide interactive shell command interface. Client ported as the following file formatsRead More

KubeArmor – Container-aware Runtime Security Enforcement System

Introduction to KubeArmor KubeArmor is a container-aware runtime security enforcement system that restricts the behavior (such as process execution, file access, networking operation, and resource utilization) of containers at the system level. KubeArmor operates with Linux security modules (LSMs), meaning that it can work on top of any Linux platforms (such as Alpine, Ubuntu, andRead More

Kraker – Distributed Password Brute-Force System That Focused On Easy Use

Kraker is a distributed password brute-force system that allows you to run and manage the hashcat on different servers and workstations, focused on easy of use. There were two main goals during the design and development: to create the most simple tool for distributed hash cracking and make it fault-tolerant. Kraker consists of two mainRead More

WdToggle – A Beacon Object File (BOF) For Cobalt Strike Which Uses Direct System Calls To Enable WDigest Credential Caching

A Proof of Concept Cobalt Strike Beacon Object File which uses direct system calls to enable WDigest credential caching and circumvent Credential Guard (if enabled). Additional guidance can be found in this blog post: https://outflank.nl/blog/?p=1592 Background This PoC code is based on the following excellent blog posts: Exploring Mimikatz – Part 1 – WDigest BypassingRead More

Gatekeeper – First Open-Source DDoS Protection System

Gatekeeper is the first open source DoS protection system. It is designed to scale to any peak bandwidth, so it can withstand DoS attacks both of today and of tomorrow. In spite of the geographically distributed architecture of Gatekeeper, the network policy that describes all decisions that have to be enforced on the incoming trafficRead More