purpleteam

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

The goal of this repository is to document the most common techniques to bypass AppLocker.

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

Bloodhound for Blue and Purple Teams

A place to share attack chains for testing people, process, and technology with the entire community. The largest, public library of adversary emulation and adversary simulation plans! #ThreatThursday

Bi-weekly hunting queries

Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.

Atomic Purple Team Framework and Lifecycle

FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.

Purple Team Exercise Framework

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

A little tool to play with Azure Identity - Azure Active Directory lab creation tool

Monitoring your Slack workspaces for sensitive information

Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study by Xena Olsen.

Monitoring GitLab for sensitive data shared publicly

ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabilities via .NET's DLR.

Purple Teaming Attack & Hunt Lab - Terraform

See adversary, do adversary: Simple execution of commands for defensive tuning/research (now with more ELF on the shelf)

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.

Monitoring GitHub for sensitive data shared publicly

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

PurpleSpray is an adversary simulation tool that executes password spray behavior under different scenarios and conditions with the purpose of generating attack telemetry in properly monitored Windows enterprise environments

Supporting material for my presentation "Adversarial Threat Modelling — A Practical Approach to Purple Teaming in the Enterprise"

Provides various Windows Server Active Directory (AD) security-focused reports.

AWSATT&CK adds MITRE ATT&CK context and additional logging capabilities to Rhino Security Labs's open-source AWS exploitation framework, Pacu.

Keyhack - Golang API token/webhook validator

A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.