DFIR Resources: A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more
https://github.com/cyb3rmik3/MDE-DFIR-Resources
Bypassing an Admin Panel with SQL Injection
medz20876/blog-post-bypassing-an-admin-panel-with-sql-injection-20b844442711" rel="nofollow">https://medium.com/@medz20876/blog-post-bypassing-an-admin-panel-with-sql-injection-20b844442711
Social Media OSINT Tools Collection
https://github.com/osintambition/Social-Media-OSINT-Tools-Collection
autoNTDS is an automation script designed to simplify the process of dumping and cracking NTDS hashes using secretsdump .py and hashcat
https://github.com/hmaverickadams/autoNTDS
Extension functionality for the NightHawk operator client
https://github.com/xforcered/DayBird
Enumerate/Bruteforce/Attack All the Things!
Presenting Legba
https://www.evilsocket.net/2023/11/02/Enumerate-Bruteforce-Attack-All-The-Things-Presenting-Legba
OLE object are still dangerous today — Exploiting Microsoft Office
https://github.com/edwardzpeng/presentations/tree/main/POC%202023
LdrLockLiberator: is a collection of techniques for escaping or otherwise forgoing Loader Lock while executing your code from DllMain or anywhere else the lock may be present
https://github.com/ElliotKillick/LdrLockLiberator
LDAP authentication in Active Directory environments
https://offsec.almond.consulting/ldap-authentication-in-active-directory-environments
TrampHooker: A mechanism that trampoline hooks functions in x86/x64 systems
https://github.com/splexas/TrampHooker
Netsupport Intrusion Results in Domain Compromise
https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise
Exploring Antivirus and EDR evasion techniques step-by-step. Part 1
https://infosecwriteups.com/exploring-antivirus-and-edr-evasion-techniques-step-by-step-part-1-6459563b12ea
Uncovering Adversarial LDAP Tradecraft
https://www.binarydefense.com/resources/blog/uncovering-adversarial-ldap-tradecraft
NinjaInjector: Classic Process Injection with Memory Evasion Techniques implemantation
https://github.com/S12cybersecurity/NinjaInjector
java_gate: Java JNI HellsGate/HalosGate/TartarusGate/RecycledGate/SSN Syscall/Many Shellcode Loaders
https://github.com/4ra1n/java-gate
Abusing Entra ID Misconfigurations to Bypass MFA
https://www.netspi.com/blog/technical/cloud-penetration-testing/abusing-entra-id-misconfigurations-to-bypass-mfa
Data-bouncing - New Exfil and C2 Technique
https://thecontractor.io/data-bouncing
C2_RedTeam_CheatSheets: Useful Cobalt Strike techniques learned from engagements
https://github.com/wsummerhill/C2_RedTeam_CheatSheets
HARpwn is a PowerShell module designed to streamline the extraction and sanitization of HARTokens from HTTP Archive (HAR) files
https://github.com/HCRitter/HARpwn
JS-Tap: Weaponizing JavaScript for Red Teams
https://trustedsec.com/blog/js-tap-weaponizing-javascript-for-red-teams
Exploit for CVE-2023-46747
https://github.com/W01fh4cker/CVE-2023-46747-RCE
abuseACL: A python script to automatically list vulnerable Windows ACEs/ACLs
https://github.com/AetherBlack/abuseACL
A Retrospective on AvosLocker
https://www.zscaler.com/blogs/security-research/retrospective-avoslocker
Magikarp: is a cryptographic command-line utility designed for secure file operations using Elliptic Curve Cryptography (ECC)
https://github.com/FuzzySecurity/Magikarp
Simple presentation of Early Bird APC Injection technique
https://github.com/Faran-17/EarlyBird-APC-Injection
CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys
https://unit42.paloaltonetworks.com/malicious-operations-of-exposed-iam-keys-cryptojacking
Lateral Movement: Abuse the Power of DCOM Excel Application
https://posts.specterops.io/lateral-movement-abuse-the-power-of-dcom-excel-application-3c016d0d9922
LDAPMon: is a POC telemetry collector for the Microsoft-Windows-LDAP-Client ETW Provider
https://github.com/jsecurity101/LDAPMon
ADCSsync: This is a tool I whipped up together quickly to DCSync utilizing ESC1
https://github.com/JPG0mez/ADCSync
Refresh: Compromising F5 BIG-IP With Request Smuggling | CVE-2023-46747
https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747
