The repository tries to gather an information about Windows persistence mechanisms to make the protection/detection more efficient. Most of the information is well known for years, being actively used within various scenarios.
HijackLibs provides an curated list of DLL Hijacking candidates, mappings between DLLs and vulnerable executables, with additional metadata for more context. For defenders, this project can provide valuable information when trying to detect DLL Hijacking attempts; for red teamers, this project can help identify DLLs that can be used to achieve DLL Hijacking.
a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
Living Off The Land Drivers is a curated list of Windows drivers used by adversaries to bypass security controls and carry out attacks. The project helps security professionals stay informed and mitigate potential threats.
The ATT&CK Navigator is a web-based tool for annotating and exploring ATT&CK matrices. It can be used to visualize defensive coverage, red/blue team planning, the frequency of detected techniques, and more.
Discover RTT, the leading resource for Red Team Tools, Techniques, and Commands. Stay ahead of advanced persistent threats (by MITRE) with insights and guidance from seasoned security professionals. Explore now at rtt.secdu.de.
With offensive security, I have turned my passion into my core competency. With my services, I increase your technical IT security on the one hand and support you in setting up your internal defenders on the other.
Learn to safeguard your organization's AI with guidance and best practices from the industry leading Microsoft AI Red Team.
AttackIQ Academy combats cyberthreats with free courses by top experts. Enjoy hands-on learning in MITRE ATT&CK®, purple teaming, and breach & attack simulation, earning badges and certifications. Enhance your cybersecurity skills at no cost as part of the Informed Defender Community. Join us and become a cybersecurity hero today!
Living Off the Orchard. macOS Binaries (LOOBins) is designed to provide detailed information on various built-in macOS binaries and how they can be used by threat actors for malicious purposes.
The ATLAS Matrix shows the progression of tactics used in attacks as columns from left to right, with ML techniques belonging to each tactic below. & indicates an adaption from ATT&CK.
These are notes about all things focusing on, but not limited to, red teaming and offensive security.
Red Team Lab, Active Directory Lab, Red Team Trainings, Azure Pentesting, Azure Security, Azure Red Team Lab, Enterprise Security and Red Team Certifications (CRTP, CRTE, CRTM, CARTP and more)
GitHub public repositories matching the '#redteam' topic.
This project is aimed at providing technical guides on various hacking topics. The most advanced topics are Active Directory and Web services. Other topics will be added. The ultimate goal is centralize all hacking techniques.
The Technique Inference Engine (TIE) suggests techniques an adversary is likely to have used based on a set of observed techniques. Cyber defenders can use this data to prioritize specific techniques for threat hunting, and incident responders can use this information to highlight important lateral movement and persistence behaviors that are essential to threat eviction and recovery.
Your go-to source for expert red team tips and tricks. Elevate your cybersecurity game with our insightful content.
The Red Team Village is focused on training the art of critical thinking, collaboration, and strategy in offensive security. The RTV brings together information security professionals to share new tactics and techniques in offensive security. Attendees may spend all three days engaged in introductory workshops or challenge themselves in an immersive Capture the Flag competition to put their newly obtained skills to the test.
Experience, real-world, byte sized cloud security labs for training cyber warriors. From beginners to pros, our engaging platform allows you to secure your defenses, ignite your career and stay ahead of threats.
AMSI.fail generates obfuscated PowerShell snippets that break or disable AMSI for the current process. The snippets are randomly selected from a small pool of techniques/variations before being obfuscated. Every snippet is obfuscated at runtime/request so that no generated output share the same signatures.
Atomic Red Team™ is library of tests mapped to the MITRE ATT&CK framework. Security teams can use Atomic Red Team to quickly, portably, and reproducibly test their environments.
Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection. The list of websites below allow attackers to use their domain or subdomain.