purpleteam

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

The goal of this repository is to document the most common techniques to bypass AppLocker.

Bloodhound for Blue and Purple Teams

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

The largest, public library of adversary emulation plans in JSON. A place to share custom SCYTHE threats with the community. #ThreatThursday

Bi-weekly hunting queries

FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

Atomic Purple Team Framework and Lifecycle

Monitoring your Slack workspaces for sensitive information

Hybrid + Identity Cyber Range

Monitoring GitLab for sensitive data shared publicly

Purple Teaming Attack & Hunt Lab - Terraform

ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabilities via .NET's DLR.

Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study. Doctor of Science Cybersecurity at Marymount University Dissertation by Xena Olsen.

Purple Team Exercise Framework

See adversary, do adversary: Simple execution of commands for defensive tuning/research (now with more ELF on the shelf)

Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.

PurpleSpray is an adversary simulation tool that executes password spray behavior under different scenarios and conditions with the purpose of generating attack telemetry in properly monitored Windows enterprise environments

Monitoring GitHub for sensitive data shared publicly

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Supporting material for my presentation "Adversarial Threat Modelling — A Practical Approach to Purple Teaming in the Enterprise"

A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.

Keyhack - Golang API token/webhook validator

AWSATT&CK adds MITRE ATT&CK context and additional logging capabilities to Rhino Security Labs's open-source AWS exploitation framework, Pacu.

Deceptive tradecraft should be fun and light, not stern and stressful. It is cool to be cute.

PowerShell script to get domain mail info and control status such as MX, SPF, DKIM, DMARC and StartTLS.