Atomic Red Team™ is library of tests mapped to the MITRE ATT&CK framework. Security teams can use Atomic Red Team to quickly, portably, and reproducibly test their environments.
The Business Logic Attack Definition (BLADE) Framework, is an open-source knowledge-base created to help cybersecurity professionals identify the phases, tactics and techniques used by adversaries to exploit weaknesses in the business logic of web facing systems (websites and APIs). There are a range of attack frameworks (such as Mitre ATT&CK and Lockheed-Martin Kill Chain) available to allow cyber-security experts to model and respond to traditional cyber-attacks which aimed to exploit technology weaknesses in systems. These frameworks are not well suited for modelling business logic focused attacks yet these kind of attacks are becoming increasingly common.
Discover with a good dose of nostalgia, the Malware Museum and explore the history of notorious malware from the past.
GitHub public repositories matching the '#redteam' topic.
Living Off the Orchard. macOS Binaries (LOOBins) is designed to provide detailed information on various built-in macOS binaries and how they can be used by threat actors for malicious purposes.
HijackLibs provides an curated list of DLL Hijacking candidates, mappings between DLLs and vulnerable executables, with additional metadata for more context. For defenders, this project can provide valuable information when trying to detect DLL Hijacking attempts; for red teamers, this project can help identify DLLs that can be used to achieve DLL Hijacking.
Discover RTT, the leading resource for Red Team Tools, Techniques, and Commands. Stay ahead of advanced persistent threats (by MITRE) with insights and guidance from seasoned security professionals. Explore now at rtt.secdu.de.
Experience, real-world, byte sized cloud security labs for training cyber warriors. From beginners to pros, our engaging platform allows you to secure your defenses, ignite your career and stay ahead of threats.
Understanding how the adversary operates is essential to effective cybersecurity. CAPEC™ helps by providing a comprehensive dictionary of known patterns of attack employed by adversaries to exploit known weaknesses in cyber-enabled capabilities. It can be used by analysts, developers, testers, and educators to advance community understanding and enhance defenses.
Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection. The list of websites below allow attackers to use their domain or subdomain.
Well in this new book I will start to learn some Red Team Topics, and I will work on learning as much as possible, I will try to keep this updated, to newer things that I may find, I think this will help around in my future projects. I am following the MITRE ATTACK Framework and just adapting it to something for me to understand, I will make this public for anyone that want's to learn in this awesome field. If anything is wrong I will try my best to fix it.
a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
The ATT&CK Navigator is a web-based tool for annotating and exploring ATT&CK matrices. It can be used to visualize defensive coverage, red/blue team planning, the frequency of detected techniques, and more.
These are notes about all things focusing on, but not limited to, red teaming and offensive security.
Listing of Bishop Fox Security Research in the form of technical, security advisories, and industry blog posts.
The Red Team Village is focused on training the art of critical thinking, collaboration, and strategy in offensive security. The RTV brings together information security professionals to share new tactics and techniques in offensive security. Attendees may spend all three days engaged in introductory workshops or challenge themselves in an immersive Capture the Flag competition to put their newly obtained skills to the test.
Red Team Lab, Active Directory Lab, Red Team Trainings, Azure Pentesting, Azure Security, Azure Red Team Lab, Enterprise Security and Red Team Certifications (CRTP, CRTE, CRTM, CARTP and more)
The Technique Inference Engine (TIE) suggests techniques an adversary is likely to have used based on a set of observed techniques. Cyber defenders can use this data to prioritize specific techniques for threat hunting, and incident responders can use this information to highlight important lateral movement and persistence behaviors that are essential to threat eviction and recovery.
The repository tries to gather an information about Windows persistence mechanisms to make the protection/detection more efficient. Most of the information is well known for years, being actively used within various scenarios.
Living Off The Land Drivers is a curated list of Windows drivers used by adversaries to bypass security controls and carry out attacks. The project helps security professionals stay informed and mitigate potential threats.
AMSI.fail generates obfuscated PowerShell snippets that break or disable AMSI for the current process. The snippets are randomly selected from a small pool of techniques/variations before being obfuscated. Every snippet is obfuscated at runtime/request so that no generated output share the same signatures.
AttackIQ Academy combats cyberthreats with free courses by top experts. Enjoy hands-on learning in MITRE ATT&CK®, purple teaming, and breach & attack simulation, earning badges and certifications. Enhance your cybersecurity skills at no cost as part of the Informed Defender Community. Join us and become a cybersecurity hero today!
Learn to safeguard your organization's AI with guidance and best practices from the industry leading Microsoft AI Red Team.
This project is aimed at providing technical guides on various hacking topics. The most advanced topics are Active Directory and Web services. Other topics will be added. The ultimate goal is centralize all hacking techniques.
Dive into cutting-edge cybersecurity insights with White Knight Labs' blog. Explore original research, thought leadership, and practical guides. Stay ahead with our expert analyses.
The ATLAS Matrix shows the progression of tactics used in attacks as columns from left to right, with ML techniques belonging to each tactic below. & indicates an adaption from ATT&CK.
With offensive security, I have turned my passion into my core competency. With my services, I increase your technical IT security on the one hand and support you in setting up your internal defenders on the other.
