Skip to content

Random Stuff for Cyber Security Incident Response

Notifications You must be signed in to change notification settings

karolplombon/xknow_infosec

 
 

Repository files navigation

Github recommendations

Assembly

AutoIt

  • Bioruebe/UniExtract2 - Universal Extractor 2 is a tool to extract files from any type of archive or installer.

Batchfile

Boo

C

C#

C++

CSS

Go

  • slyd0g/WhiteChocolateMacademiaNut - Interact with Chromium-based browsers' debug port to view open tabs, installed extensions, and cookies
  • M00NLIG7/ChopChopGo - Rapidly Search and Hunt through Linux Forensics Artifacts
  • quarkslab/kdigger - Kubernetes focused container assessment and context discovery tool for penetration testing
  • inguardians/peirates - Peirates - Kubernetes Penetration Testing tool
  • anchore/grype - A vulnerability scanner for container images and filesystems
  • aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  • iovisor/kubectl-trace - Schedule bpftrace programs on your kubernetes cluster using the kubectl
  • Rolix44/Kubestroyer - Kubernetes exploitation tool
  • cilium/hubble - Hubble - Network, Service & Security Observability for Kubernetes using eBPF
  • kubeshark/kubeshark - The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and payloads going in, out and across containers, pods, nodes and cluste
  • BloodHoundAD/AzureHound - Azure Data Exporter for BloodHound
  • owasp-amass/amass - In-depth Attack Surface Mapping and Asset Discovery
  • optiv/Freeze - Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods
  • HavocFramework/Havoc - The Havoc Framework.
  • lkarlslund/ldapnomnom - Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)
  • trufflesecurity/trufflehog - Find and verify credentials
  • deepfence/YaraHunter - 🔍🔍 Malware scanner for cloud-native, as part of CI/CD and at Runtime 🔍🔍
  • pathtofile/commandline_cloaking - A collection of projects demonstrating various commandline cloaking techniques on Linux
  • DataDog/stratus-red-team - ☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud
  • yarox24/EvtxHussar - Initial triage of Windows Event logs
  • lkarlslund/Adalanche - Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)
  • optiv/Ivy - Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environment t
  • liamg/traitor - ⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
  • moonD4rk/HackBrowserData - Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。
  • C-Sto/gosecretsdump - Dump ntds.dit really fast
  • FourCoreLabs/EDRHunt - Scan installed EDRs and AVs on Windows
  • optiv/ScareCrow - ScareCrow - Payload creation framework designed around EDR bypass.
  • kgretzky/evilginx2 - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
  • Velocidex/velociraptor - Digging Deeper....
  • ropnop/kerbrute - A tool to perform Kerberos pre-auth bruteforcing
  • drk1wi/Modlishka - Modlishka. Reverse Proxy.
  • rclone/rclone - "rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Wasabi, Google Cloud Storage, Yandex Files

HCL

HTML

Haskell

Inno Setup

Java

JavaScript

Jinja

  • splunk/attack_range - A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk

Jupyter Notebook

Lua

  • ntop/ntopng - Web-based Traffic and Security Network Traffic Monitoring

Makefile

Nim

Objective-C

Others

PHP

  • fuzzdb-project/fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
  • MISP/MISP - MISP (core software) - Open Source Threat Intelligence and Sharing Platform
  • danielmiessler/SecLists - SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensi

Pascal

Perl

  • samyk/slipstream - NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim’s NAT/firewall, just by anyone on the victim's network visiting a website
  • major/MySQLTuner-perl - MySQLTuner is a script written in Perl that will assist you with your MySQL configuration and make recommendations for increased performance and stability.

PowerShell

Python

Rich Text Format

  • decalage2/oletools - oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

Roff

Ruby

Rust

  • Kudaes/Bin-Finder - Detect EDR's exceptions by inspecting processes' loaded modules
  • Yamato-Security/hayabusa - Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
  • 0x192/universal-android-debloater - Cross-platform GUI written in Rust using ADB to debloat non-rooted android devices. Improve your privacy, the security and battery life of your device.
  • mufeedvh/pdfrip - A multi-threaded PDF password cracking utility equipped with commonly encountered password format builders and dictionary attacks.
  • WithSecureLabs/chainsaw - Rapidly Search and Hunt through Windows Forensic Artefacts

SCSS

Scala

Shell

  • edoardottt/awesome-hacker-search-engines - A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
  • jgasmussen/Linux-Baseline-and-Forensic-Triage-Tool - Linux Baseline and Forensic Triage Tool - BETA
  • arget13/DDexec - A technique to run binaries filelessly and stealthily on Linux by "overwriting" the shell's process with another.
  • MichaelCade/90DaysOfDevOps - I am using this repository to document my journey learning about DevOps. I began this process on January 1, 2022, and plan to continue until March 31. I will be dedicating one hour each day, including
  • IvanGlinkin/AutoSUID - AutoSUID application is the Open-Source project, the main idea of which is to automate harvesting the SUID executable files and to find a way for further escalating the privileges.
  • IvanGlinkin/shellDAVpass - shellDAVpass application is the Open-Source project, the main idea of which is to bypass the defender and AntiVirus detections to conduct a non interactive reverse shell to execute the Windows command
  • zephrax/linux-pam-backdoor - Linux PAM Backdoor
  • tclahr/uac - UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, O
  • extremeshok/clamav-unofficial-sigs - ClamAV Unofficial Signatures Updater maintained by eXtremeSHOK.com
  • scopatz/nanorc - Improved Nano Syntax Highlighting Files
  • diego-treitos/linux-smart-enumeration - Linux enumeration tool for pentesting and CTFs with verbosity levels
  • ukncsc/lme - Logging Made Easy
  • CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
  • toniblyx/my-arsenal-of-aws-security-tools - List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
  • v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
  • rebootuser/LinEnum - Scripted Local Linux Enumeration & Privilege Escalation Checks
  • The-Z-Labs/linux-exploit-suggester - Linux privilege escalation auditing tool
  • zardus/ctf-tools - Some setup scripts for security research tools.
  • h5bp/server-configs-apache - Apache HTTP server boilerplate configs

Swift

  • sametsazak/mergen - Mergen is an open-source, native macOS application for auditing and checking the security of your MacOS.
  • redcanaryco/mac-monitor - Red Canary Mac Monitor is an advanced, stand-alone system monitoring tool tailor-made for macOS security research. Beginning with Endpoint Security (ES), it collects and enriches system events, displa

TypeScript

  • mttaggart/wtfbins - WTF are these binaries doing?! A list of benign applications that mimic malicious behavior.
  • cisagov/RedEye - RedEye is a visual analytic tool supporting Red & Blue Team operations
  • fingerprintjs/fingerprintjs - Browser fingerprinting library. Compared to Fingerprint Pro has limited accuracy (40 - 60%), but is fully open source.

VBA

XSLT

YARA

About

Random Stuff for Cyber Security Incident Response

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published