52 Open Source Blueteam Software Projects

E-mails, subdomains and names Harvester - OSINT

Curated list of Unix binaries that can be exploited to bypass system security restrictions

An Information Security Reference That Doesn't Suck

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Investigate malicious Windows logon by visualizing and analyzing Windows event log

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Real Intelligence Threat Analytics

The goal of this repository is to document the most common techniques to bypass AppLocker.

Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace

Scan your code for security misconfiguration, search for passwords and secrets. :mag:

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

🍓📡🍍Monitor illegal wireless network activities. (Fake Access Points), (WiFi Threats: KARMA Attacks, WiFi Pineapple, Similar SSID, OPN Network Density etc.)

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

This repository contains full code examples from the book Gray Hat C#

Bloodhound for Blue and Purple Teams

红蓝对抗跨平台远控工具

Test Blue Team detections without running any attack.

Blue Team Scripts

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

Monitoring your Slack workspaces for sensitive information

A Solution For Cross-Platform Obfuscated Commands Detection 动静态Bash/CMD/PowerShell命令混淆检测框架

Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.

Find cloud assets that no one wants exposed 🔎 ☁️

A collection of scripts I've written to help red and blue teams with malware persistence techniques.

A PowerShell module to deploy active directory decoy objects.

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

Windows Hardening settings and configurations

Your phishing and domain squatting watchdog 🐶

Search for Unix binaries that can be exploited to bypass system security restrictions.

Bi-weekly hunting queries

A Lambda-powered Security Orchestration framework for AWS GuardDuty

Unofficial third-party scripts, playbooks, and content for IBM QRadar & QRadar Community Edition.

👨‍💻🕵🏻👩‍💻 Analyze user behavior against fake access points📡

Designed to be installed on a fresh install of raspbian on a raspberry pi, by combining Respounder (Responder detection) and Artillery (port and service spoofing) for network deception, this tool allows you to detect an attacker on the network quickly by weeding out general noisy alerts with only those that matter.

Is this IP a C2 server?

This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.

IOS/MAC Denial-Of-Service [POC/EXPLOIT FOR MASSIVE ATTACK TO IOS/MAC IN NETWORK]

A public repository for the #Secsuite project. Created & maintained by @ghostinthecable.

Simple powershell script to find living off land binaries and scripts on a system.

A PowerShell script to prevent Sysmon from writing its events

A GUI/REST interface to find similarities in large sets (think: binaries). Based on ssdeep.

Collect IPFIX / Netflow v9 Records and Ship them to RITA for Analysis

Actionable analytics designed to combat threats based on MITRE's ATT&CK.

Supporting material for my presentation "Adversarial Threat Modelling — A Practical Approach to Purple Teaming in the Enterprise"

SCYTHE Purple Team Exercise Framework

A Control Panel Applet dropper project. It has a high success rate on engagements since nobody cares about .CPL files and you can just double click them.

Snoop — инструмент разведки на основе открытых данных (OSINT world)

Monitoring GitLab for sensitive data shared publicly

Monitoring GitHub for sensitive data shared publicly

Anti keylogger, anti screen logger... Strategy to protect with hookings or improve your sandbox with spyware detection... - Demo

Invoke-HardeningKitty - Checks and hardens your Windows configuration