esdnwoozyv1's Projects
PowerShell scripts for Office 365 reports and investigations
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
A toolset to make a system look as if it was the victim of an APT attack
Security control framework mappings to MITRE ATT&CK provide a critically important resource for organizations to assess their security control coverage against real-world threats and provide a bridge for integrating ATT&CK-based threat information into the risk management process.
AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.
an awesome list of honeypot resources
list of all the pastebins across all protocols (Tor, ZeroNet, etc.)
A curated list of awesome threat detection and hunting resources
Cloud-native SIEM for intelligent security analytics for your entire enterprise.
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
Beacon Kibana Executable Report. Aggregates Sysmon Network Events With Elasticsearch and Kibana
Open source education content for the researcher community
CredPhish is a PowerShell script designed to invoke legitimate credential prompts and exfiltrate passwords over DNS.
A CSRF attack involves a victim user, a trusted site, and a malicious site. The victim user holds an active session with a trusted site and simultaneously visits a malicious site. The malicious site injects a HTTP request for the trusted site into the victim user session compromising its integrity. In this lab, you will be attacking a web-based message board system using CSRF attacks. We modi- fied an open-source message board application called phpBB to make it vulnerable to CSRF attacks. The original application has implemented several countermeasures for avoiding CSRF attacks
A collection of resources for Threat Hunters
Free hands-on digital forensics labs for students and faculty
Web path scanner
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Docker Compose setup for DVWA with all available PHP versions
Config files for my GitHub profile.
Endpoint detection for remote hosts for consumption by RITA and Elasticsearch
fsociety Hacking Tools Pack ā A Penetration Testing Framework
The Hunting ELK
IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix related
Template-Driven AV/EDR Evasion Framework
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Scripted Local Linux Enumeration & Privilege Escalation Checks
Linux enumeration tool for pentesting and CTFs with verbosity levels