Red team tool for abusing Commvault to achieve lateral movement, persistence, and file collection.

This project aims to be a drop-in replacement for the certstream server by Calidog. This tool aggregates, parses, and streams certificate data from multiple certificate transparency logs via websoc…

A deliberately vulnerable Microsoft Entra ID environment. Learn identity security through hands-on, realistic attack challenges.

VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios

Public repository of Sigma and YARA rules created by Synacktiv

Sublime rules for email attack detection, prevention, and threat hunting.

Public static website for the D3FEND project. For the D3FEND ontology repo see: https://github.com/d3fend/d3fend-ontology

Stakeholder-Specific Vulnerability Categorization

A knowledge base of actionable Incident Response techniques

TheHive: a Scalable, Open Source and Free Security Incident Response Platform

MCP Server for Ghidra

Matkap - hunt down malicious Telegram bots

Resolving sinkholed domains

Threat-hunting tool for Linux

Small and highly portable detection tests based on MITRE's ATT&CK.

Splunk Content Control Tool

Block file creation with use of eBPF

FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (ext4, XFS) journals (not systemd-journald logs), generates timelines, and detects suspicious activities.

Windows kernel and user mode emulation.

A tool for checking if MFA is enabled on multiple Microsoft Services

This repository is for Indicators of Compromise (IOCs) from Zscaler ThreatLabz public reports

A Python reference implementation for CZDS download zone file API

BadZure orchestrates the setup of Azure AD tenants, populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack …

🕵️‍♂️ All-in-one OSINT tool for analysing any website

Set of SIGMA rules (>350) mapped to MITRE ATT&CK tactic and techniques

Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.

A comprehensive list of usable Entra ID first-party clients with pre-consented Microsoft Graph scopes, in a simple YAML-file explorable with a simple HTML GUI.

攻击流量包，辅助安全运营/分析人员，HVV蓝队工程师开展流量攻击研判工作