Sandman – NTP Based Backdoor For Red Team Engagements In Hardened Networks

Sandman is a backdoor that is meant to work on hardened networks during red team engagements. Sandman works as a stager and leverages NTP (a protocol to sync time & date) to get and run an arbitrary shellcode from a pre-defined server. Since NTP is a protocol that is overlooked by many defenders resulting inRead More

ProtectMyTooling – Multi-Packer Wrapper Letting Us Daisy-Chain Various Packers, Obfuscators And Other Red Team Oriented Weaponry

Script that wraps around multitude of packers, protectors, obfuscators, shellcode loaders, encoders, generators to produce complex protected Red Team implants. Your perfect companion in Malware Development CI/CD pipeline, helping watermark your artifacts, collect IOCs, backdoor and more. ProtectMyToolingGUI.py With ProtectMyTooling you can quickly obfuscate your binaries without having to worry about clicking through all theRead More

dnsReaper – Subdomain Takeover Tool For Attackers, Bug Bounty Hunters And The Blue Team!

DNS Reaper is yet another sub-domain takeover tool, but with an emphasis on accuracy, speed and the number of signatures in our arsenal! We can scan around 50 subdomains per second, testing each one with over 50 takeover signatures. This means most organisations can scan their entire DNS estate in less than 10 seconds. YouRead More

AWS-Threat-Simulation-and-Detection – Playing Around With Stratus Red Team (Cloud Attack Simulation Tool) And SumoLogic

This repository is a documentation of my adventures with Stratus Red Team – a tool for adversary emulation for the cloud. Stratus Red Team is “Atomic Red Team for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner. We run the attacks covered in the Stratus Red Team repository oneRead More

AzureRT – A Powershell Module Implementing Various Azure Red Team Tactics

Powershell module implementing various cmdlets to interact with Azure and Azure AD from an offensive perspective. Helpful utilities dealing with access token based authentication, switching from Az to AzureAD and az cli interfaces, easy to use pre-made attacks such as Runbook-based command execution and more. The Most Valuable Cmdlets This toolkit brings lots of variousRead More

Atomic-Operator – A Python Package Is Used To Execute Atomic Red Team Tests (Atomics) Across Multiple Operating System Environments

This python package is used to execute Atomic Red Team tests (Atomics) across multiple operating system environments. (What’s new?)   Why? atomic-operator enables security professionals to test their detection and defensive capabilities against prescribed techniques defined within atomic-red-team. By utilizing a testing framework such as atomic-operator, you can identify both your defensive capabilities as wellRead More

RedTeam-Physical-Tools – Red Team Toolkit – A Curated List Of Tools That Are Commonly Used In The Field For Physical Security, Red Teaming, And Tactical Covert Entry

Commonly used tools for Red Teaming Engagements, Physical Security Assessments, and Tactical Covert Entry. In this list I decided to share most of the tools I utilize in authorized engagements, along with my personal ranking of their value based on their usage and for you to consider if they should be in your toolkit, includingRead More

O365-Doppelganger – A Quick Handy Script To Harvest Credentials Off Of A User During A Red Team And Get Execution Of A File From The User

O365-Doppelganger is NOT a replacement for hardcore phishing activities. There are several other tools which perform OAuth and OTA capture which is not the aim of O365-Doppelganger. O365-Doppelganger is a quick handy script to harvest credentials of a user during Red Teams. This repository is a quick hack of one of my old red teamRead More

ScheduleRunner – A C# Tool With More Flexibility To Customize Scheduled Task For Both Persistence And Lateral Movement In Red Team Operation

[*] Scheduled task is one of the most popular attack technique in the past decade and now it is still commonly used by hackers/red teamers for persistence and lateral movement. A number of C# tools were already developed to simulate the attack using scheduled task. I have been playing around with some of them butRead More

X