Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Moridrin SSV Events allows PHP Local File Inclusion.This issue affects SSV Events: from n/a through 3.2.7.
#REDTEAM
NEW

The Technique Inference Engine (TIE) suggests techniques an adversary is likely to have used based on a set of observed techniques. Cyber defenders can use this data to prioritize specific techniques for threat hunting, and incident responders can use this information to highlight important lateral movement and persistence behaviors that are essential to threat eviction and recovery.

The ATLAS Matrix shows the progression of tactics used in attacks as columns from left to right, with ML techniques belonging to each tactic below. & indicates an adaption from ATT&CK.

NEW

Living Off The Land Drivers is a curated list of Windows drivers used by adversaries to bypass security controls and carry out attacks. The project helps security professionals stay informed and mitigate potential threats.

GitHub public repositories matching the '#redteam' topic.

Experience, real-world, byte sized cloud security labs for training cyber warriors. From beginners to pros, our engaging platform allows you to secure your defenses, ignite your career and stay ahead of threats.

Red Team Lab, Active Directory Lab, Red Team Trainings, Azure Pentesting, Azure Security, Azure Red Team Lab, Enterprise Security and Red Team Certifications (CRTP, CRTE, CRTM, CARTP and more)

NEW

Your go-to source for expert red team tips and tricks. Elevate your cybersecurity game with our insightful content.

NEW

Adversary techniques for credential theft and data compromise.

This project is aimed at providing technical guides on various hacking topics. The most advanced topics are Active Directory and Web services. Other topics will be added. The ultimate goal is centralize all hacking techniques.

a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

With offensive security, I have turned my passion into my core competency. With my services, I increase your technical IT security on the one hand and support you in setting up your internal defenders on the other.

Tools and Techniques for Red Team / Penetration Testing.

HijackLibs provides an curated list of DLL Hijacking candidates, mappings between DLLs and vulnerable executables, with additional metadata for more context. For defenders, this project can provide valuable information when trying to detect DLL Hijacking attempts; for red teamers, this project can help identify DLLs that can be used to achieve DLL Hijacking.

Discover RTT, the leading resource for Red Team Tools, Techniques, and Commands. Stay ahead of advanced persistent threats (by MITRE) with insights and guidance from seasoned security professionals. Explore now at rtt.secdu.de.

NEW

Living Off The Land Payload Generator.

Learn to safeguard your organization's AI with guidance and best practices from the industry leading Microsoft AI Red Team.

The goal of the LOLBAS project is to document every binary, script, and library that can be used for Living Off The Land techniques.

These are notes about all things focusing on, but not limited to, red teaming and offensive security.

NEW

Living Off the Orchard. macOS Binaries (LOOBins) is designed to provide detailed information on various built-in macOS binaries and how they can be used by threat actors for malicious purposes.

NEW

AMSI.fail generates obfuscated PowerShell snippets that break or disable AMSI for the current process. The snippets are randomly selected from a small pool of techniques/variations before being obfuscated. Every snippet is obfuscated at runtime/request so that no generated output share the same signatures.

The Red Team Village is focused on training the art of critical thinking, collaboration, and strategy in offensive security. The RTV brings together information security professionals to share new tactics and techniques in offensive security. Attendees may spend all three days engaged in introductory workshops or challenge themselves in an immersive Capture the Flag competition to put their newly obtained skills to the test.

NEW

The repository tries to gather an information about Windows persistence mechanisms to make the protection/detection more efficient. Most of the information is well known for years, being actively used within various scenarios.

Atomic Red Teamâ„¢ is library of tests mapped to the MITRE ATT&CK framework. Security teams can use Atomic Red Team to quickly, portably, and reproducibly test their environments.

Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection. The list of websites below allow attackers to use their domain or subdomain.