OSINT

Passive Discovery

• Amass - https://github.com/OWASP/Amass (Attack Surface Mapping)
• Metabigor - https://github.com/j3ssie/metabigor (Non-API OSINT)
• AsINT_Collection - https://start.me/p/b5Aow7/asint_collection (Massive OSINT Collection)
• Email --> Phone# - https://github.com/iansangaji/email2phonenumber
• MFASweep - https://github.com/dafthack/MFASweep (MFA Check for Microsoft endpoints)

Active Discovery

• ZGrab - https://github.com/zmap/zgrab (Banner grabber)
• Hardenize - https://www.hardenize.com/ (Domain Lookup)

Target User Population Collection

• Linkedin UserEnum - https://github.com/bigb0sss/LinkedinMama

Public Site Lookup (Github, Gitlab, etc.)

• Gitrob - https://github.com/michenriksen/gitrob/ (Github Search)
• truffleHog - https://github.com/dxa4481/truffleHog (Github Regex Search)

Cloud Recon

• cloud_enum - https://github.com/initstring/cloud_enum
• MicroBurst - https://github.com/NetSPI/MicroBurst (AZURE)
• pacu - https://github.com/RhinoSecurityLabs/pacu (AWS)
• FestIn - https://github.com/cr0hn/festin (AWS)
• s3viewer - https://github.com/SharonBrizinov/s3viewer (AWS)
• Cloud_Pentest_Cheatsheet - https://github.com/dafthack/CloudPentestCheatsheets
• endgame - https://github.com/salesforce/endgame (AWS)

Microsoft (ADFS)

• ADFSpoof - https://github.com/fireeye/ADFSpoof (Forge ADFS security tokens)

Web App

• Wordpress-Exploit-Framework - https://github.com/rastating/wordpress-exploit-framework
• Awesome-Web-Security - https://github.com/qazbnm456/awesome-web-security
• Java Deserialization - https://github.com/frohoff/ysoserial
• PHP Deserialization - https://github.com/ambionics/phpggc
• Kubernetes - https://github.com/loodse/kubectl-hacking
• SSRF - https://github.com/jdonsec/AllThingsSSRF
• Skf-labs - https://owasp-skf.gitbook.io/asvs-write-ups/ (Great Write-ups)

Phishing

Phishing Techniques - https://blog.sublimesecurity.com/

Password-Spray

Tools

• MSOLSpray - https://github.com/dafthack/MSOLSpray
• o365enum.py - https://github.com/gremwell/o365enum (Microsoft ActiveSync)
• goPassGen - https://github.com/bigb0sss/goPassGen (*PasswordSpray List Generator)
• go365 - https://github.com/optiv/Go365 (Microsoft SOAP API endpoint on login.microsoftonline.com)
• Okta - https://github.com/Rhynorater/Okta-Password-Sprayer
• o365Spray - https://github.com/0xZDH/o365spray

IP Rotators

• Burp IPRotate - https://github.com/PortSwigger/ip-rotate (Utilizes AWS IP Gateway)
• ProxyCannon-NG - https://github.com/proxycannon/proxycannon-ng
• Cloud-proxy - https://github.com/tomsteele/cloud-proxy
• Proxy-NG - https://github.com/jamesbcook/proxy-ng
• Mubeng - https://github.com/kitabisa/mubeng#proxy-ip-rotator

Default Password Check

• CIRT - https://cirt.net/passwords
• DefaultCreds-cheat-sheet - https://github.com/ihebski/DefaultCreds-cheat-sheet

C2 Infrastructure

Cobal Strike

• Malleable C2 (Guideline) - CS4.0_guideline.profile

• Beacon Command Cheatsheet - CS Commands

• Cobalt Strike Training Review

  • Part 1

• SharpeningCobaltStrike - https://github.com/cube0x0/SharpeningCobaltStrike

• Malleable C2 Randomizer - https://fortynorthsecurity.com/blog/introducing-c2concealer/

Redirectors

• Domain Fronting - https://www.bamsoftware.com/papers/fronting/

Proxy Infrastructure Setup

• Cloud-proxy - https://github.com/tomsteele/cloud-proxy
• Proxy-ng - https://github.com/jamesbcook/proxy-ng
• ProxyCannon - https://github.com/proxycannon/proxycannon-ng

Post-Exploitation

AD Recon/Survey

• Seatbelt - https://github.com/GhostPack/Seatbelt (*Ghostpack)
• DNS Enum - https://github.com/dirkjanm/adidnsdump

User Phishing

• pickl3 - https://github.com/hlldz/pickl3
• CredPhisher - https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher

Browser Scripping

• SharpChromium - https://github.com/djhohnstein/SharpChromium

Lateral Movement

• SpectorOps - https://posts.specterops.io/offensive-lateral-movement-1744ae62b14f
• Pypykatz - https://github.com/skelsec/pypykatz (Pyhton implementation of Mimikatz)
• Internal-Monologue - https://github.com/eladshamir/Internal-Monologue
• MSSQL - https://research.nccgroup.com/2021/01/21/mssql-lateral-movement/

Offensive C#

• OffensiveCSharp - https://github.com/matterpreter/OffensiveCSharp
• C# Collection - https://github.com/midnightslacker/Sharp/blob/master/README.md

LiveOffTheLand

• LOLBAS - https://lolbas-project.github.io/#

AV/AMSI Evasion

• xencrypt - https://github.com/the-xentropy/xencrypt (*PowerShell)
• FalconStrike - https://github.com/slaeryan/FALCONSTRIKE
• AV_Bypass - https://github.com/Techryptic/AV_Bypass
• DotNetToJScript - https://github.com/tyranid/DotNetToJScript
• GadgetToJScript - https://github.com/med0x2e/GadgetToJScript | https://github.com/rasta-mouse/GadgetToJScript
• Shellcodeloader - https://github.com/knownsec/shellcodeloader (ShellcodeLoader of windows can bypass AV)

EDR Evasion

• SharpBlock - https://github.com/CCob/SharpBlock
• scareCrow - https://github.com/optiv/ScareCrow (EDR Bypass Payload Creation Framework)
• Cobalt Strike Tradecraft
  • https://hausec.com/2021/07/26/cobalt-strike-and-tradecraft/amp/?__twitter_impression=true
  • https://www.cobaltstrike.com/help-opsec

PowerShell

• p3nt4 - https://github.com/p3nt4

Exploit Dev

Windows

• https://github.com/Ondrik8/exploit
• Undocumented Func (Win NT/2000/XP/Win7) - http://undocumented.ntinternals.net/
• Windows Syscall - https://j00ru.vexillium.org/syscalls/nt/64/
• Windows Undocumented Func - http://undocumented.ntinternals.net/
• Windows Kernel Exploit Training - https://codemachine.com/
• Anti-Debug - https://anti-debug.checkpoint.com/

Nix

RedTeam Researchers/Githubs/Gitbooks

• Vincent Yiu - https://vincentyiu.com
• Outflank - https://github.com/outflanknl
• Bank Security - https://github.com/BankSecurity/Red_Team
• Infosecn1nja - https://github.com/infosecn1nja (Redteam-Toolkit = AWESOME)
• Yeyintminthuhtut - https://github.com/yeyintminthuhtut
• RedCanary (Atomic RedTeam) - https://github.com/redcanaryco/atomic-red-team
• kmkz - https://github.com/kmkz/Pentesting (Good cheat-sheets)
• Rastamouse - https://offensivedefence.co.uk/authors/rastamouse/
• (Gitbook) dmcxblue - https://dmcxblue.gitbook.io/red-team-notes-2-0/

Lab Resources

• Windows Server VMs - https://www.microsoft.com/en-us/evalcenter
• Windows 10 - https://www.microsoft.com/en-us/software-download/windows10ISO
• Archive of WinVMs - https://archive.org/search.php?query=subject%3A%22IEVM%22
• Public MSDN - Link
• Adversary Tactics: PowerShell - https://github.com/specterops/at-ps (Specterops)

Sexy Resources

• MITRE ATT&CK - https://attack.mitre.org/
• MalwareNews - https://malware.news/
• CWE - http://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html
• CTID - https://github.com/center-for-threat-informed-defense
• SpritesMods - http://spritesmods.com/?art=main (Product Security)
• Joeware - http://www.joeware.net/ (Windows AD Guru - Many AD Recon bins and amazing blogs)
• Tenable - https://github.com/tenable/poc (Exploit POCs)
• MalwareUnicorn - https://malwareunicorn.org/ (Malware/Reversing)

Security Testing Practice Lab

• Hackthebox - https://www.hackthebox.eu/
• Cyberseclab - https://www.cyberseclabs.co.uk/ (AD Focus)

BlueTeam

Lab Resources

• Detection Lab - https://github.com/clong/DetectionLab

Threat Detection

• KQL - https://github.com/DebugPrivilege/KQL
• Sigma - https://github.com/Neo23x0/sigma (Generic Signature Format for SIEM)
• Splunk Security Essential Docs - https://docs.splunksecurityessentials.com/content-detail/ (Various IOCs)
• Cobalt Strike Defense - https://github.com/MichaelKoczwara/Awesome-CobaltStrike-Defence

Windows Security (What will BlueTeam look for?)

LDAP (Lightweight Directory Access Protocol)

• Hunting for reconnaissance activities using LDAP search filter (Microsoft)

Disclaimer

All the credits belong to the original authors and publishers.