Red Team

A web-based visualization tool for navigating and annotating MITRE ATT&CK matrices to support threat analysis, defensive planning, and security coverage assessment.

A covert channel technique that uses WebDAV protocol features to deliver malicious payloads and establish C2 communication while bypassing security controls.

RedEye is a visual analytic tool that provides enhanced situational awareness and operational insights for both Red and Blue Team cybersecurity operations.

MSBuildAPICaller is an offensive security tool that enables interaction with the MSBuild API to execute arbitrary scripts for red teaming and penetration testing purposes.

Ivy is a payload creation framework for executing arbitrary VBA source code directly in memory, utilizing programmatical access to load, decrypt, and execute shellcode.

A tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) for offensive security purposes.

A Linux distribution designed for threat emulation and threat hunting, integrating attacker and defender tools for identifying threats in your environment.

Participation in the Red Team for Pacific Rim CCDC 2017 with insights on infrastructure design and competition tips.

An open-source platform that builds instrumented environments, simulates attacks, and integrates with Splunk for detection rule development and testing.

Adversary emulation framework for testing security measures in network environments.

A command-line tool that analyzes SPF and DMARC records to identify domains vulnerable to email spoofing attacks.

A collection of tools that execute programs directly in memory using various delivery methods including URL downloads and netcat connections.

A COM Command & Control framework that uses JScript to provide fileless remote access capabilities on Windows systems through a modular plugin architecture.

A modular, cross-platform framework for creating repeatable, time-delayed security events and scenarios for Blue Team training and Red Team operations.

Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.

Havoc is a malleable post-exploitation command and control framework that provides a client-server architecture with payload generation, customizable C2 profiles, and team collaboration capabilities for red team operations.

Create a vulnerable active directory for testing various Active Directory attacks.

Sysreptor offers a customizable reporting solution for penetration testing and red teaming activities.

Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.

Caldera is a cybersecurity framework by MITRE for automated security assessments and adversary emulation.

Sysreptor offers a customizable reporting solution for offensive security assessments.

A technique for social engineering and untrusted command execution using ClickOnce technology

A fully customizable, offensive security reporting solution for pentesters, red teamers, and other security professionals.

An easy to set up SSH honeypot for logging SSH connections and activity.