This repository is a documentation of my adventures with Stratus Red Team – a tool for adversary emulation for the cloud. Stratus Red Team is “Atomic Red Team for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner. We run the attacks covered in the Stratus Red Team repository oneRead More
Powershell module implementing various cmdlets to interact with Azure and Azure AD from an offensive perspective. Helpful utilities dealing with access token based authentication, switching from Az to AzureAD and az cli interfaces, easy to use pre-made attacks such as Runbook-based command execution and more. The Most Valuable Cmdlets This toolkit brings lots of variousRead More
This python package is used to execute Atomic Red Team tests (Atomics) across multiple operating system environments. (What’s new?) Why? atomic-operator enables security professionals to test their detection and defensive capabilities against prescribed techniques defined within atomic-red-team. By utilizing a testing framework such as atomic-operator, you can identify both your defensive capabilities as wellRead More
Commonly used tools for Red Teaming Engagements, Physical Security Assessments, and Tactical Covert Entry. In this list I decided to share most of the tools I utilize in authorized engagements, along with my personal ranking of their value based on their usage and for you to consider if they should be in your toolkit, includingRead More
O365-Doppelganger is NOT a replacement for hardcore phishing activities. There are several other tools which perform OAuth and OTA capture which is not the aim of O365-Doppelganger. O365-Doppelganger is a quick handy script to harvest credentials of a user during Red Teams. This repository is a quick hack of one of my old red teamRead More
[*] Scheduled task is one of the most popular attack technique in the past decade and now it is still commonly used by hackers/red teamers for persistence and lateral movement. A number of C# tools were already developed to simulate the attack using scheduled task. I have been playing around with some of them butRead More
My experiments in weaponizing Rust for implant development and general offensive operations. Why Rust? It is faster than languages like C/C++ It is multi-purpose language, bearing excellent communities It has an amazing inbuilt dependency build management called Cargo It is LLVM based which makes it a very good candidate for bypassing static AV detection SuperRead More
Red team operations involve miscellaneous skills, last several months and are politically sensitive; they require a lot of monitoring, consolidating and caution. Wavestone’s red team operations management software, Abaddon, has been designed to make red team operations faster, more repeatable, stealthier, while including value-added tools and bringing numerous reporting capabilities. Because: There are tons ofRead More
A tool to hunt/mine for Cobalt Strike beacons and “reduce” their beacon configuration for later indexing. Hunts can either be expansive and internet wide using services like SecurityTrails, Shodan, or ZoomEye or a list of IP’s. Getting started Install melting-cobalt Configure your tokens to begin the hunt Mine Beacons to begin reducing them Review resultsRead More
VECTR documentation can be found here: https://docs.vectr.io VECTR Community Discord Channel: https://discord.gg/2FRd8zf728 VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios. VECTR provides the ability to create assessment groups, which consist of a collection of Campaigns and supporting TestRead More
