Search the Community

Collection of 100+ tools and resources that can be useful for red teaming activities. Some of the tools may be specifically designed for red teaming, while others are more general-purpose and can be adapted for use in a red teaming context. Warning The materials in this repository are for informational and educational purposes only. They are not intended for use in any illegal activities. Tool List Red Team Tips Hiding the local admin account @Alh4zr3d Cripple windows defender by deleting signatures @Alh4zr3d Enable multiple RDP sessions per user @Alh4zr3d Sysinternals PsExec.exe local alternative @GuhnooPlusLinux Live off the land port scanner @Alh4zr3d Proxy aware PowerShell DownloadString @Alh4zr3d Looking for internal endpoints in browser bookmarks @Alh4zr3d Query DNS records for enumeration @Alh4zr3d Unquoted service paths without PowerUp @Alh4zr3d Bypass a disabled command prompt with /k Martin Sohn Christensen Stop windows defender deleting mimikatz.exe @GuhnooPlusLinux Check if you are in a virtual machine @dmcxblue Reconnaissance crt.sh -> httprobe -> EyeWitness Automated domain screenshotting jsendpoints Extract page DOM links nuclei Vulnerability scanner certSniff Certificate transparency log keyword sniffer gobuster Website path brute force dnsrecon Enumerate DNS records Shodan.io Public facing system knowledge base AORT (All in One Recon Tool) Subdomain enumeration spoofcheck SPF/DMARC record checker AWSBucketDump S3 bucket enumeration GitHarvester GitHub credential searcher truffleHog GitHub credential scanner Dismap Asset discovery/identification enum4linux Windows/samba enumeration skanuvaty Dangerously fast dns/network/port scanner Metabigor OSINT tool without API Gitrob GitHub sensitive information scanner gowitness Web screenshot utility using Chrome Headless Resource Development Chimera PowerShell obfuscation msfvenom Payload creation WSH Wsh payload HTA Hta payload VBA Vba payload Initial Access Bash Bunny USB attack tool EvilGoPhish Phishing campaign framework The Social-Engineer Toolkit Phishing campaign framework Hydra Brute force tool SquarePhish OAuth/QR code phishing framework King Phisher Phishing campaign framework Execution Responder LLMNR, NBT-NS and MDNS poisoner secretsdump Remote hash dumper evil-winrm WinRM shell Donut In-memory .NET execution Macro_pack Macro obfuscation PowerSploit PowerShell script suite Rubeus Active directory hack tool SharpUp Windows vulnerability identifier SQLRecon Offensive MS-SQL toolkit Persistence Impacket Python script suite Empire Post-exploitation framework SharPersist Windows persistence toolkit Privilege Escalation LinPEAS Linux privilege escalation WinPEAS Windows privilege escalation linux-smart-enumeration Linux privilege escalation Certify Active directory privilege escalation Get-GPPPassword Windows password extraction Sherlock PowerShell privilege escalation tool Watson Windows privilege escalation tool ImpulsiveDLLHijack DLL Hijack tool ADFSDump AD FS dump tool Defense Evasion Invoke-Obfuscation Script obfuscator Veil Metasploit payload obfuscator SharpBlock EDR bypass via entry point execution prevention Alcatraz GUI x64 binary obfuscator Credential Access Mimikatz Windows credential extractor LaZagne Local password extractor hashcat Password hash cracking John the Ripper Password hash cracking SCOMDecrypt SCOM Credential Decryption Tool nanodump LSASS process minidump creation eviltree Tree remake for credential discovery SeeYouCM-Thief Cisco phone systems configuration file parsing Discovery PCredz Credential discovery PCAP/live interface PingCastle Active directory assessor Seatbelt Local vulnerability scanner ADRecon Active directory recon adidnsdump Active Directory Integrated DNS dumping Lateral Movement crackmapexec Windows/Active directory lateral movement toolkit WMIOps WMI remote commands PowerLessShell Remote PowerShell without PowerShell PsExec Light-weight telnet-replacement LiquidSnake Fileless lateral movement Enabling RDP Windows RDP enable command Upgrading shell to meterpreter Reverse shell improvement Forwarding Ports Local port forward command Jenkins reverse shell Jenkins shell command ADFSpoof Forge AD FS security tokens kerbrute A tool to perform Kerberos pre-auth bruteforcing Collection BloodHound Active directory visualisation Snaffler Active directory credential collector Command and Control Havoc Command and control framework Covenant Command and control framework (.NET) Merlin Command and control framework (Golang) Metasploit Framework Command and control framework (Ruby) Pupy Command and control framework (Python) Brute Ratel Command and control framework ($$$) Exfiltration Dnscat2 C2 via DNS tunneling Cloakify Data transformation for exfiltration PyExfil Data exfiltration PoC Powershell RAT Python based backdoor GD-Thief Google drive exfiltration Impact Conti Pentester Guide Leak Conti ransomware group affilate toolkit SlowLoris Simple denial of service [hide][Hidden Content]]

This book gives you the skills you need to use Python for penetration testing, with the help of detailed code examples. This book has been updated for Python 3.6.3 and Kali Linux 2018.1. Key Features Detect and avoid various attack types that put the privacy of a system at risk Leverage Python to build efficient code and eventually build a robust environment Learn about securing wireless applications and information gathering on a web server Book Description This book gives you the skills you need to use Python for penetration testing (pentesting), with the help of detailed code examples. We start by exploring the basics of networking with Python and then proceed to network hacking. Then, you will delve into exploring Python libraries to perform various types of pentesting and ethical hacking techniques. Next, we delve into hacking the application layer, where we start by gathering information from a website. We then move on to concepts related to website hacking―such as parameter tampering, DDoS, XSS, and SQL injection. By reading this book, you will learn different techniques and methodologies that will familiarize you with Python pentesting techniques, how to protect yourself, and how to create automated programs to find the admin console, SQL injection, and XSS attacks. What you will learn The basics of network pentesting including network scanning and sniffing Wireless, wired attacks, and building traps for attack and torrent detection Web server footprinting and web application attacks, including the XSS and SQL injection attack Wireless frames and how to obtain information such as SSID, BSSID, and the channel number from a wireless frame using a Python script The importance of web server signatures, email gathering, and why knowing the server signature is the first step in hacking Who This Book Is For If you are a Python programmer, a security researcher, or an ethical hacker and are interested in penetration testing with the help of Python, then this book is for you. Even if you are new to the field of ethical hacking, this book can help you find the vulnerabilities in your system so that you are ready to tackle any kind of attack or intrusion. Table of Contents PYTHON WITH PENETRATION TESTING AND NETWORKING SCANNING PENTESTING SNIFFING AND PENETRATION TESTING Network Attacks and Prevention WIRELESS PENTESTING Honeypot, Building A Trap for attackers FOOTPRINTING OF A WEB SERVER AND A WEB APPLICATION CLIENT-SIDE AND DDOS ATTACKS PENTESTING OF SQLI AND XSS [Hidden Content] [hide][Hidden Content]]

Ethical Hacking: Techniques, Tools, and Countermeasures, Fourth Edition, covers the basic strategies and tools that prepare students to engage in proactive and aggressive cyber security activities, with an increased focus on Pen testing and Red Teams. Written by subject matter experts, with numerous real-world examples, the Fourth Edition provides readers with a clear, comprehensive introduction to the many threats on the security of our cyber environments and what can be done to combat them. The text begins with an examination of the landscape, key terms, and concepts that a security professional needs to know about hackers and computer criminals who break into networks, steal information, and corrupt data. Part II provides a technical overview of hacking: how attackers target cyber resources and the methodologies they follow. Part III studies those methods that are most effective when dealing with hacking attacks, especially in an age of increased reliance on distributed devices. Part of the Jones & Bartlett Learning Information Systems Security & Assurance Series! Click here to learn more. [Hidden Content] [hide][Hidden Content]]

For Developers - Build Linux Programmable Libraries, Makefiles, Memory Management, Compilation & Linking, C Programming Description There are already innumerable courses/tutorials on the internet/Udemy which teach almost every aspect of C programming language. All those courses sound the same, talk the same and deliver more or less the same knowledge. How is this course different from others? The intention of this course is to make you ready for System programming Technical interviews, interview level - from Beginner to Intermediate. This course is for (future) Developers, not for testers or System Administrators. I choose to create this course to fill the gap between novice/beginner and intermediate/Advanced Programmers. This course assumes that you are at least above average in programming (in any programming language, but preferable in C/C++) - know memory allocations, all kinds of loops, function calls, pointers etc. In this course, I won't teach C/C++ (there are already many courses on it online) but would teach programming techniques and low-level details regarding how C program works behind the scenes - All topics are very important from an interview point of view. My Target is to grow this course into Linux/C Bible. Yet, I always feel, you need to outsmart your fellow colleagues in this era of stiff competition, and therefore, I tried this attempt to present you the wisdom and knowledge which is of utmost importance for a programmer. I have seen though students could write good C/C++ programs, yet they lack the clarity on how one should write better organized, Manageable, extensible, and programmable codes in the form of libraries. For example, Students are too good at competitive programming, yet do not know how to write a simple Makefile, the reason being, Academics do not teach and students do not care to learn. In this course, I will cover the topics related to creating Linux System Libraries (release 1) with Advanced language-agnostic Programming Concepts (release 2) which can be well applied if you happen to become a programmer in other languages tomorrow. The Concepts like MultiThreading, Thread-Synchronization, Socket Programming, IPCs, etc demand a separate course on each topic altogether. Currently, I have a course on IPC, pls check it out. These topics are out of scope for this course. The Course shall be delivered into two Releases : Release 1 Building and Managing a Library: This covers the basics regarding how one should create and organize his code as a Library. Release 2 Memory Management Concepts: This covers Advance concepts on Linux Memory Management specifically. Please check the Table of Contents for more info. Why you should *NOT* do this course? 1. Please Excuse this course if you are the ultimate beginner in C programming !! 2. There is no point of doing this course if you don't like hitting the keyboard, and are lazy enough to watch lecture VDOs only 3. If you want everything cooked and served on your plate. Course Pre-requisite : Above Beginners Level in C/C++ programming Good to have basic OS knowledge Zeal to excel and Code No Third-Party libraries Whatever logic you implement, you need to implement it from scratch. Like all my other courses, this course does not suggest taking the help of any third-party library to get the jobs done. The use of external libraries completely defeats the purpose of the course. Warning: This course has auto system-generated subtitles which may not be perfect. Please disable subtitles at your convenience. [Hidden Content] [hide][Hidden Content]]

PELoader implement various shellcode injection techniques, and use libpeconv library to load encrypted PE files instead of injecting shellcode into remote thread. Following techniques were implemented: Module Stomping (LoadLibrary) Module Stomping (NtMapViewOfSection) Transacted Hollowing Ghostly Hollowing NtMapViewOfSection (RWX-RW-RX) NtAllocateVirtualMemory (RW-RX) Credits: most of my work was based on @hasherezade's PoC scripts. [hide][Hidden Content]]

What are password cracking techniques ? Password crackers use two primary methods to identify correct passwords: brute-force and dictionary attacks. However, there are plenty of other password cracking methods, including the following: Brute force : This attack runs through combinations of characters of a predetermined length until it finds the combination that matches the password. Dictionary search : Here, a password cracker searches each word in the dictionary for the correct password. Password dictionaries exist for a variety of topics and combinations of topics, including politics, movies and music groups. Phishing : These attacks are used to gain access to user passwords without the use of a password cracking tool. Instead, a user is fooled into clicking on an email attachment. From here, the attachment could install malware or prompt the user to use their email to sign into a false version of a website, revealing their password. Malware : Similar to phishing, using malware is another method of gaining unauthored access to passwords without the use of a password cracking tool. Malware such as keyloggers, which track keystrokes, or screen scrapers, which take screenshots, are used instead. Rainbow attack : This approach involves using different words from the original password in order to generate other possible passwords. Malicious actors can keep a list called a rainbow table with them. This list contains leaked and previously cracked passwords, which will make the overall password cracking method more effective. Guessing : An attacker may be able to guess a password without the use of tools. If the threat actor has enough information about the victim or the victim is using a common enough password, they may be able to come up with the correct characters. - Some password cracking programs may use hybrid attack methodologies where they search for combinations of dictionary entries and numbers or special characters. For example, a password cracker may search for ants01, ants02, ants03, etc. This can be helpful when users have been advised to include a number in their password.

HostHunter A tool to efficiently discover and extract hostnames over a large set of target IP addresses. HostHunter utilizes simple OSINT techniques. It generates a CSV file containing the results of the reconnaissance. Features Works with Python3 Extracts information from SSL/TLS certificates. Supports Free HackerTarget API requests. Takes Screenshots of the target applications. Validates the targets IPv4 address. Supports .txt and .csv output file formats Gathers information from HTTP headers. Verifies Internet access. Retrieves hostname values from services at 21/tcp, 25/tcp, 80/tcp and 443/tcp ports. Supports Nessus target format output. Changelog v1.6 I’ve updated the code to avoid duplicates in the results along with some minor performance improvements. The screenshot-taking function was also adapted to work more reliably. The lastest chromedriver binaries are also included in the git. [hide][Hidden Content]]

What you'll learn *** NEW ***: Digital Insights From Top Women In Technology For 2021 And Beyond It is 2021 - Find Out What You Need to Know TODAY! Effective SEO Strategies, You Can Not Afford to Ignore! The Latest and BEST Actionable, Straightforward SEO Techniques for ON PAGE and OFF PAGE Optimization. The Number #1 Secret to Succeed in SEO: It is NOT What you Think! How to Make SEO Decisions Like a BOSS and Drive Traffic to Your Website! Proven Techniques To Succeed on Local SEO. Content Marketing in 2021. What You Need to Know! Video Optimization is a MUST! Find Out Why & What to do. Industry SEO Tips You Can't Miss, and much more! Requirements You need to have a basic understanding and some experience with Search Engine Optimization (SEO), so you can quickly grasp ideas and concepts without much direction. This course is mainly for students with intermediate to advanced SEO knowledge. Description Looking to Boost your SEO and Grow Your Traffic? If you're looking for effective ways to improve your organic traffic in 2021, this course is a MUST! The intention of this course is to present the LATEST and BEST SEO techniques you should test in 2021 while using your own judgment and common sense. As we all know Google changes algorithms constantly, YET some strategies are here to stay. This course was designed with a long term strategy in mind rather than quick gains that may not last. This course presents techniques that Google loves because they are based on its guidelines and standards, and takes into serious consideration new trends and the way people behave online and what they actually want. Search engines are no longer the main focus. Your customers are! Who are they? What do they really want? How well do you understand them? Are you able to predict what they need before they even ask for it? SEO in 2021 is not any longer about how well you know how to use software, repeat tasks that do not always matter or preparing fancy reports that provide no value. It is about your ability to strategize, focus on what matters, use your time wisely, and above all spend time away from your computer and understand YOUR clients. Once you know who your target client is, then it will be easier to apply techniques that produce the best possible results. Register to my course and find out what else you need to know about SEO in 2021, and how you can drive traffic to your website while making Google happy. What are you waiting for? Enroll today! All Udemy courses offer a 30-Day Money-Back Guarantee so you can only win! Who this course is for: SEO Professionals: This course is mainly for students with intermediate to advanced SEO knowledge who want to find out the SEO techniques they need to apply this year. Business Owners, Chief Marketing Officers, and Entrepreneurs: Search Engine Optimization is alive and kicking in 2021. Spend thousands, or even millions of dollars on Pay Per Click (PPC), or learn how to reap the long term benefits of effective SEO techniques. Use this course as a reference and check the work of your SEO teams. HR Professionals: Are you hiring? It is a fact that most HR professionals do not understand the dynamics of SEO and when they hire people they do not always focus on what really matters. Learn what you need to know, and ask potential candidates the right questions! This course is easy to follow through, explains concepts, and has a wealth of valuable information. [Hidden Content] Content: [hide][Hidden Content]]

What you'll learn Ethical Hacking Techniques Penetration Testing Techniques Bug Bounty Techniques Nmap Burp Suite Dirsearch Google Hacking Database Google Dorks Github Recon Shodan Censys HTTP Requests XML to CSV for Recon Decoy Scans Bypass Firewalls Exploit PUT to RCE Sensitive Data Exposure Description Welcome to Top 5 Tools & Techniques for Pentesting in Cyber Security Course. This course covers Top 5 Tools and approach for web application attacks and how to earn bug bounties. There is no prerequisite of prior hacking knowledge and you will be able to perform web attacks and hunt bugs on live websites and secure them. This course is not like other hacking or penetration testing course with outdated vulnerabilities and only lab attacks. This course will start with an understanding of each tool that is used in the industry by the experts for Penetration Testing. This course is highly practical and is made on Tools used by professionals in the industry to give you the exact environment when you start your penetrating testing or bug hunting journey. We will start from the basics and go till the advance of the particular tool. This course is divided into a number of sections, each section covers how to hunt vulnerability in an ethical manner. In Nmap, We will cover what is Nmap, Installation, Firewall Bypass Techniques, and Nmap cheatsheet. In Burpsuite, We will cover what is Burpsuite, Installation, and We will see practical examples of How Interception Works. We will also solve a CTF based on a realtime example using burpsuite. In Content Discovery, We will cover what is Project Discovery's Data set for subdomains and increase the scope for Bug Bounty Hunting. We will also see tools to scope expansion wherein we can identify mass subdomains are alive, dead based on status codes, Title, etc. In Google Hacking Database, We will cover what is GHDB, How you can hunt for sensitive files for a target, Also you will learn How to become the author of your own Google Dork In Shodan/Censys/Grey Noise, We will cover what is IOT Search Engines, How you can perform banner grabbing, and find out vulnerable and outdated servers running on the targets. We will also see how to use shodan search filters for better active enumeration. In Github Recon, We will cover what is Github Recon both Automated and Manual Way. We will uncover sensitive information from Github repositories that fall under Sensitive Data Exposure as a P1 severity bug. In the Anatomy of an HTTP Request, We will cover what is an HTTP Request, What are different Headers How do they work and its significance. With this course, you get 24/7 support, so if you have any questions you can post them in the Q&A section and we'll respond to you as soon as possible. Notes: This course is created for educational purposes only and all the websites I have performed attacks are ethically reported and fixed. Testing any website which doesn’t have a Responsible Disclosure Policy is unethical and against the law, the author doesn’t hold any responsibility. Who this course is for: Anybody interested in learning website & web application hacking / penetration testing. Any Beginner who wants to start with Penetration Testing Any Beginner who wants to start with Bug Bounty Trainer who are willing to start teaching Pentesting Any Professional who working in Cyber Security and Pentesting Developers who wants to fix vulnerabilities and build secure applications [Hidden Content] [Hidden Content]

[Hidden Content] Descripción In this Course you will get hands on techniques in Bug Bounties which lot of hackers do on day to day life as full time or part time bug bounty hunter and will be covered from Basic to Advanced level more on hands on and less on theory and we will be explaining all my techniques along with the tools which i have written and awesome tools written by great hackers and you will be all set to start Bug Hunting on your own after this course is completed. Hey, Hacker enthusiasts. Have you ever wanted to learn how hackers: Get access to internal services compromise databases steal peoples user accounts. Well, I’m happy to provide a course that will teach you Web Application Penetration Testing and how to apply your evil hacker skills you learn through this course on real life bug bounty programs to get paid $$$. I will be showing you website vulnerabilities like: Cross-Site-Scripting Cross Site Request Forgery Server Side Request Forgery Sub domain Take Overs Insecure Direct Object Reference External Entity Injection Open Redirect LFI and RFI CORS SQL Injection File Upload Command Injection And many more, throughout this course you will feel comfortable to apply these skills through crowd source security platforms like: Hacker one Bug crowd Intigrity Yes we hack(YWH) And hack website for legal purposes (White hat) and get paid as a consultant. I will teach you how to join these programs and start your career as bug bounty professional. [hide][Hidden Content]]

This project is a simple collection of various shellcode injection techniques, aiming to streamline the process of endpoint detection evaluation, besides challenging myself to get into the Golang world. [hide][Hidden Content]]

Malware indetectable, with AV bypass techniques, anti-disassembly, etc. GhostShell In this malware, are used some techniques to try bypass the AVs, VMs, and Sandboxes, with only porpuse to learning more. I'm not responsible for your actions. Bypass Techniques Anti-Debugger To try bypass the Debuggers, I'm using the "IsDebuggerPresent()" of "Windows.h" librarie to checks if a debugger is running. Anti-VM / Anti-Sandbox / Anti-AV Enumerate Process Function Enumerates all process running on the system, and compares to the process in the black-list, if found a process and this is equal to any process in the black-list returns -1 (identified). Sleep Acceleration Check Function First, gets the current time, and sleeps 2 minutes, then, gets the time again, and compare, if the difference is less than 2, returns -1 (identified). Mac Address Check Function Gets the system mac address and compare to the macs, in the black-list, if the system mac address is equal to any mac in the black-list returns -1 (identified). [HIDE][Hidden Content]]

Do you want to feel more confident with your decision making? When you look back over recent decisions in your life, studies or career, do you get a strong sense you could have done better? This course teaches a step-by-step, evidence-backed system for better decision making. There is no ambiguity or confusion; follow the steps in the course and you will be making decisions, with far more confidence, within one hour. This training is perfect for advanced and ambitious students looking to make the best of their study and forthcoming career choices. It is also for the early-stage professional or manager who seeks to make crisp and well-considered decisions on behalf of clients or their own careers. The course offers plenty of exercises and opportunities to reflect and practice techniques. Although do note that this course is highly untypical in that the core method can be mastered in around 30-60 minutes and then applied immediately to your own needs. And if you've any questions then contact your tutor for support at any time. Your success is our chief interest, so enrol now and get started on a proven, pressure-tested, research-based system that works and works quickly. [Hidden Content]

[Hidden Content]