rootsecdev Goto Github PK
Type: User
Type: User
POC of SecureWorks' recent Azure Active Directory password brute-forcing vuln
A script to test credentials against Active Directory Federation Services (ADFS), allowing password spraying or bruteforce attacks.
During the exploitation phase of a pen test or ethical hacking engagement, you will ultimately need to try to cause code to run on target system computers. Whether accomplished by phishing emails, delivering a payload through an exploit, or social engineering, running code on target computers is part of most penetration tests. That means that you will need to be able to bypass antivirus software or other host-based protection for successful exploitation. The most effective way to avoid antivirus detection on your target's computers is to create your own customized backdoor. Here is a simple way to evade anti-virus software when creating backdoors!
Adversary Tactics - PowerShell Training
Small and highly portable detection tests based on MITRE's ATT&CK.
AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.
Azure Security Resources and Notes
Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Microsoft Graph API for C2 Operations.
Creates a malicious ODF document help leak NetNTLM Creds
A collection of manifests that will create pods with elevated privileges.
Configuration guidance for implementing BitLocker. #nsacyber
Python implementation for Active Directory certificate abuse
This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.
Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]
Cybersecurity Evaluation Tool
CTF Walkthrough
Various Custom Scripts for CTF's
PoC for CVE-2020-0601
CVE-2021-40444 PoC
Achieving a Reverse Shell Exploit for Apache ActiveMQ (CVE_2023-46604)
This tool is for letting you know how strong your disable_functions is and how you can bypass that.
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!
PowerShell module to manage the Entra ID device-bound passkey feature
Evilginx3 Phishlets version (0.2.3 & above) Only For Testing/Learning Purposes
Research into Undocumented Behavior of Azure AD Refresh Tokens
Complied .net Binaries for Ghostpack Tools
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.