Category: Red Team


Fud 100% services packages ready for sales

We offer a monthly Crypter service to make your files undetectable encrypted! this is how it works: You zip the files you want to encrypt and send them to our email then we will encrypt and make your files/file fud 100% (undetectable by any antivirus) and send them back to your email! We offer 3 packages: Standard Prenium Ultimate All those packages offer some unique futures to encrypt your file!  


Black Window 10 v2

  Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system…

Archive.orgDomain HunterExpired DomainsHTML ReportMalware Domain ListNEW TOOLSRed Team

Domain Hunter – Checks Expired Domains For Categorization/Reputation And History To Determine Good Candidates For Phishing And C2 Domain Names

Domain name selection is an important aspect of preparation for penetration tests and especially Red Team engagements. Commonly, domains that were used previously for benign purposes and were properly categorized can be purchased for only a few dollars. Such domains can allow a team to bypass reputation based web filters and network egress restrictions for phishing and C2 related tasks.This Python based tool was written to quickly query the search engine for expired/available domains with a previous history of use. It then optionally…

Blue TeamCommandlineNEW TOOLSPython3Red TeamSheepl

Sheepl – Creating Realistic User Behaviour For Supporting Tradecraft Development Within Lab Environments

Sheepl : Creating realistic user behaviour for supporting tradecraft development within lab environmentsIntroductionThere are lots of resources available online relating to how you can build AD network environments for the development of blue team and red team tradecraft. However the current solutions tend to lack one important aspect in representing real world network configurations. A network is not just a collection of static endpoints, it is a platform for communication between people.Sheepl is a tool that aims to bridge the gap by emulating the…

DistributedFireworkNEW TOOLSNTLMPenetration TestRDPRed TeamSocial EngineeringTLS

Firework – Leveraging Microsoft Workspaces in a Penetration Test

Firework is a proof of concept tool to interact with Microsoft Workplaces creating valid files required for the provisioning process. The tool also wraps some code from Responder to leverage its ability to capture NetNTLM hashes from a system that provisions a Workplace feed via it.This tool may be used as part of a penetration test or red team exercise to create a .wcx payload (and associated feed) that if clicked on could be used to:Phish for credentials - NetNTLM hashes will be sent…

Blue TeamForensic AnalysisForensics InvestigationsInfrastructure MonitoringNEW TOOLSRDPRed TeamRemote Desktop Caching

Remote Desktop Caching – Tool To Recover Old RDP (mstsc) Session Information In The Form Of Broken PNG Files

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.ScreenshotsOn the first run…

DNSDNS Rebind ToolkitDNS RebindingDNS Rebinding AttackIoT SecurityNetwork AttacksNEW TOOLSRed Team

DNS Rebind Toolkit – A Front-End JavaScript Toolkit For Creating DNS Rebinding Attacks

DNS Rebind Toolkit is a frontend JavaScript framework for developing DNS Rebinding exploits against vulnerable hosts and services on a local area network (LAN). It can be used to target devices like Google Home, Roku, Sonos WiFi speakers, WiFi routers, "smart" thermostats, and other IoT devices. With this toolkit, a remote attacker can bypass a router's firewall and directly interact with devices on the victim's home network, exfiltrating private information and in some cases, even controlling the vulnerable devices themselves.The attack requires a victim…

AmassBrute-forceCrawlingDiscoverInformation GatheringMacMaltegoNEW TOOLSRed TeamScrapingSubdomain Enumeration

Amass – In-depth Subdomain Enumeration

The Amass tool performs scraping of data sources, recursive brute forcing, crawling of web archives, permuting and altering of names and reverse DNS sweeping to obtain additional subdomain names. Additionally, Amass uses the IP addresses obtained during resolution to discover associated netblocks and ASNs. All the information is then used to build maps of the target networks.How to InstallPrebuiltA precompiled version is available for each release.If your operating environment supports Snap, you can click here to install, or perform the following from the command-line:$…

Blue TeamJSONMalwLessMITRE ATT&CKMitre AttackNEW TOOLSRed TeamSimulationSysmon

MalwLess – Test Blue Team Detections Without Running Any Attack

MalwLess is an open source tool that allows you to simulate system compromise or attack behaviours without running processes or PoCs. The tool is designed to test Blue Team detections and SIEM correlation rules. It provides a framework based on rules that anyone can write, so when a new technique or attack comes out you can write your own rules and share it a with the community.These rules can simulate Sysmon or PowerShell events. MalwLess can parse the rules and write them directly to…

DARKSURGEONForensic AnalysisHardeningMalware AnalysisNEW TOOLSosqueryRed TeamReportingSysmonVirtual Machine

DARKSURGEON – A Windows Packer Project To Empower Incident Response, Digital Forensics, Malware Analysis, And Network Defense

DARKSURGEON is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense.DARKSURGEON has three stated goals:Accelerate incident response, digital forensics, malware analysis, and network defense with a preconfigured Windows 10 environment complete with tools, scripts, and utilities. Provide a framework for defenders to customize and deploy their own programmatically-built Windows images using Packer and Vagrant.Reduce the amount of latent telemetry collection, minimize error reporting, and provide reasonable privacy and hardening standards for Windows 10.If you haven't worked with packer before,…

AggressorAggressor ScriptsAggressorScriptsCobalt StrikeNEW TOOLSRed TeamRegistryScripts

AggressorScripts – Collection Of Aggressor Scripts For Cobalt Strike 3.0+ Pulled From Multiple Sources

Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources:All_In_One.cna v1 - Removed and outdated All purpose script to enhance the user's experience with cobaltstrike. Custom menu creation, Logging, Persistence, Enumeration, and 3rd party script integration.Version 2 is currently in development!ArtifactPayloadGenerator.cna Generates every type of Stageless/Staged Payload based off a HTTP/HTTPS Listener Creates /opt/cobaltstrike/Staged_Payloads, /opt/cobaltstrike/Stageless_Payloads AVQuery.cna Queries the Registry with powershell for all AV Installed on the target Quick and easy way to get the AV you are dealing with as an…