Professional Documents
Culture Documents
RED Teaming Toolkit
RED Teaming Toolkit
RED Teaming Toolkit
Table of Contents
Reconnaissance
Initial Access
Delivery
Situational Awareness
Credential Dumping
Privilege Escalation
Defense Evasion
Persistence
Lateral Movement
Exfiltration
Miscellaneous
Reconnaissance
S3Scanner Scan for open S3 buckets and dump the contents https://github.com/sa7mon/S3Scanner
Initial Access
Brute Force
Payload Development
Phishing
o365-
https://github.com/mdsecactivebreach/o365-
attack- A toolkit to attack Office365
attack-toolkit
toolkit
Modlishka is a flexible and powerful reverse proxy, that will take yourethical
Modlishka https://github.com/drk1wi/Modlishka
phishing campaigns to the next level.
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that
BeEF https://github.com/beefproject/beef
focuses on the web browser
Staging
Log Aggregation
Red Team's SIEM - tool for Red Teams used for tracking and
RedELK alarming about Blue Team activities as well as better usability https://github.com/outflanknl/RedELK
in long term operations.
Elastic for
Repository of resources for configuring a Red Team SIEM using
Red https://github.com/SecurityRiskAdvisors/RedTeamSIEM
Elastic.
Teaming
Situational Awareness
ImproHound Identify the attack paths in BloodHound breaking your AD tiering https://github.com/improsec/ImproHound
Defense Evasion
BOF.NET - A .NET BOF.NET is a small native BOF object combined with the
Runtime for BOF.NET managed runtime that enables the development of
Cobalt Strike's Cobalt Strike BOFs directly in .NET. BOF.NET removes the https://github.com/CCob/BOF.NET
Beacon Object complexity of native compilation along with the headaches of
Files manually importing native API.
Example code for EDR bypassing, please use this for testing
NtdllUnpatcher blue team detection capabilities against this type of malware https://github.com/Kharos102/NtdllUnpatcher
that will bypass EDR's userland hooks.
BlockETW .Net 3.5 / 4.5 Assembly to block ETW telemetry in a process https://github.com/Soledge/BlockEtw
Persistence
A Black Path
(TCP tunneling over HTTP for web application servers) https://github.com/nccgroup/ABPTTS
Toward The Sun
SharPyShell tiny and obfuscated ASP.NET webshell for C# web applications https://github.com/antonioCoco/SharPyShell
https://github.com/Kevin-Robertson/Invoke-TheHash
Invoke-TheHash PowerShell Pass The Hash Utils
Exfiltration
Miscellaneous
Threat-informed Defense
Tidal Tidal Cyber helps enterprise organizations to define, measure, and improve their defenses
https://app.tidalcyber.com
Cyber to address the adversary behaviors that are most important to them.
Control Threat modeling aide & purple team content repository, pointing security & intelligence
Validation teams to 10,000+ publicly-accessible technical and policy controls and 2,100+ offensive https://controlcompass.github.io
Compass security tests, aligned with nearly 600 common attacker techniques
Cloud
Azure Red Team tool for graphing Azure and Azure Active
Storm Spotter https://github.com/Azure/Stormspotter
Directory objects
MicroBurst: A PowerShell
Toolkit for Attacking A collection of scripts for assessing Microsoft Azure security https://github.com/NetSPI/MicroBurst
Azure
Adversary Emulation
Stratus Red Team is "Atomic Red Team™" for the cloud, allowing
Stratus Red
to emulate offensive attack techniques in a granular and self- https://github.com/DataDog/stratus-red-team
Team
contained manner.
A Windows Batch script that uses a set of tools and output filesto
APTSimulator https://github.com/NextronSystems/APTSimulator
make a system look as if it was compromised.
Atomic Red Small and highly portable detection tests mapped to the Mitre
https://github.com/redcanaryco/atomic-red-team
Team ATT&CK Framework.
https://github.com/Mr-
RedTeamCCode Red Team C code repo
Un1k0d3r/RedTeamCCode
This repo contains information about EDRs that can be useful during red team https://github.com/Mr-
EDRs
exercise. Un1k0d3r/EDRs
Cobalt Strike Community Kit is a central repository of extensions written by the user community https://cobalt-
Community Kit to extend the capabilities of Cobalt Strike. strike.github.io/community_kit/