A repo to hold KQL queries as part of my 100 days of KQL effort.

Hunt Smarter, Hunt Harder

Beacon Object File (BOF) port of DumpGuard for extracting NTLMv1 hashes from sessions on modern Windows systems.

Technical notes, AD pentest methodology, list of tools, scripts and Windows commands that are useful for internal penetration tests and assumed breach exercises (red teaming).

Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chromium-based and Gecko-based browsers …

TrustedSec Sysinternals Sysmon Community Guide

Evasion kit for Cobalt Strike

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…

Free, open source and cross-platform app to decrypt, read and view the Whatsapp msgstore.db database

A curated collection of DFIR skills and workflows for InfoSec practitioners.

KustoHawk is a lightweight incident triage and response tool designed for effective incident response in Microsoft Defender XDR and Microsoft Sentinel environments.

Remote service-staging tool built on Impacket, designed for BOF-style lateral movement workflows that lets you upload custom service loaders, set descriptions, and run them on demand.

Elastic Security detection content for Endpoint

CatSniffer is an original multiprotocol and multiband board for sniffing, communicating, and attacking IoT (Internet of Things) devices using the latest radio IoT protocols. It is a highly portable…

🎮 AI-powered solo mode for Backdoors & Breaches. Train incident response skills anytime with an LLM Incident Master. Arcade-themed fork of BHIS's tabletop IR game. No facilitator needed—just you vs…

Shellcode and In-PowerShell solution for patching AMSI via Page Guard Exceptions

A repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques.

This Script is made to enhance your Proxmox Enviorment to Harden your Proxmox Enviorement

Open KLara Project

AppLocker-Based EDR Neutralization

UAC Bypass using UIAccess program QuickAssist

A Reflective Loader for macOS

macos-collector - Automated Collection of macOS Forensic Artifacts for DFIR

Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App Store

Extract SAM and SYSTEM using Volume Shadow Copy (VSS) API. With multiple exfiltration options and XOR obfuscation

Your Browser-based EVTX Companion

A simple script to decrypt obscured/encrypted passwords from rclone

Lab used for workshop and CTF