Category: Red Team


Black Window 10 v2 (codename: Polemos)

Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system and…


Cerberus Linux v3

  Cerberus Linux v3  Cerberus is a penetration testing distribution focusing on automation and anonymity , it aims to have the best tools available on the hacking scene tools like Fuzzbunch, Dandespritz, Cobalt strike, Armitage, Metasploit framework and Metasploit community version set up and ready for use!! It includes custom scripts, custom themes, custom icons!Cerberus distribution is based on Debian testing, it has the capability to use 3 repositories to install packages from kali repo,Debian repo, and cyber sec repo! Cerberus is an Angry…

Windows Hacking

Black Window 10 Enterprise

Black Window 10 Enterprise is the first windows based penetration testing distribution with linux integraded ! The system comes activated with a digital license for windows enterprise ! It supports windows apps and linux apps, gui and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of cerberus linux! It has managed to implement cerberus os within windows.Offers the stability of a windows system and it offers the hacking part with a…

DistributedFireworkNEW TOOLSNTLMPenetration TestRDPRed TeamSocial EngineeringTLS

Firework – Leveraging Microsoft Workspaces in a Penetration Test

Firework is a proof of concept tool to interact with Microsoft Workplaces creating valid files required for the provisioning process. The tool also wraps some code from Responder to leverage its ability to capture NetNTLM hashes from a system that provisions a Workplace feed via it.This tool may be used as part of a penetration test or red team exercise to create a .wcx payload (and associated feed) that if clicked on could be used to:Phish for credentials - NetNTLM hashes will be sent…

Blue TeamForensic AnalysisForensics InvestigationsInfrastructure MonitoringNEW TOOLSRDPRed TeamRemote Desktop Caching

Remote Desktop Caching – Tool To Recover Old RDP (mstsc) Session Information In The Form Of Broken PNG Files

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.ScreenshotsOn the first run…

DNSDNS Rebind ToolkitDNS RebindingDNS Rebinding AttackIoT SecurityNetwork AttacksNEW TOOLSRed Team

DNS Rebind Toolkit – A Front-End JavaScript Toolkit For Creating DNS Rebinding Attacks

DNS Rebind Toolkit is a frontend JavaScript framework for developing DNS Rebinding exploits against vulnerable hosts and services on a local area network (LAN). It can be used to target devices like Google Home, Roku, Sonos WiFi speakers, WiFi routers, "smart" thermostats, and other IoT devices. With this toolkit, a remote attacker can bypass a router's firewall and directly interact with devices on the victim's home network, exfiltrating private information and in some cases, even controlling the vulnerable devices themselves.The attack requires a victim…

AmassBrute-forceCrawlingDiscoverInformation GatheringMacMaltegoNEW TOOLSRed TeamScrapingSubdomain Enumeration

Amass – In-depth Subdomain Enumeration

The Amass tool performs scraping of data sources, recursive brute forcing, crawling of web archives, permuting and altering of names and reverse DNS sweeping to obtain additional subdomain names. Additionally, Amass uses the IP addresses obtained during resolution to discover associated netblocks and ASNs. All the information is then used to build maps of the target networks.How to InstallPrebuiltA precompiled version is available for each release.If your operating environment supports Snap, you can click here to install, or perform the following from the command-line:$…

Blue TeamJSONMalwLessMITRE ATT&CKMitre AttackNEW TOOLSRed TeamSimulationSysmon

MalwLess – Test Blue Team Detections Without Running Any Attack

MalwLess is an open source tool that allows you to simulate system compromise or attack behaviours without running processes or PoCs. The tool is designed to test Blue Team detections and SIEM correlation rules. It provides a framework based on rules that anyone can write, so when a new technique or attack comes out you can write your own rules and share it a with the community.These rules can simulate Sysmon or PowerShell events. MalwLess can parse the rules and write them directly to…

DARKSURGEONForensic AnalysisHardeningMalware AnalysisNEW TOOLSosqueryRed TeamReportingSysmonVirtual Machine

DARKSURGEON – A Windows Packer Project To Empower Incident Response, Digital Forensics, Malware Analysis, And Network Defense

DARKSURGEON is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense.DARKSURGEON has three stated goals:Accelerate incident response, digital forensics, malware analysis, and network defense with a preconfigured Windows 10 environment complete with tools, scripts, and utilities. Provide a framework for defenders to customize and deploy their own programmatically-built Windows images using Packer and Vagrant.Reduce the amount of latent telemetry collection, minimize error reporting, and provide reasonable privacy and hardening standards for Windows 10.If you haven't worked with packer before,…

AggressorAggressor ScriptsAggressorScriptsCobalt StrikeNEW TOOLSRed TeamRegistryScripts

AggressorScripts – Collection Of Aggressor Scripts For Cobalt Strike 3.0+ Pulled From Multiple Sources

Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources:All_In_One.cna v1 - Removed and outdated All purpose script to enhance the user's experience with cobaltstrike. Custom menu creation, Logging, Persistence, Enumeration, and 3rd party script integration.Version 2 is currently in development!ArtifactPayloadGenerator.cna Generates every type of Stageless/Staged Payload based off a HTTP/HTTPS Listener Creates /opt/cobaltstrike/Staged_Payloads, /opt/cobaltstrike/Stageless_Payloads AVQuery.cna Queries the Registry with powershell for all AV Installed on the target Quick and easy way to get the AV you are dealing with as an…

DNSDNS RebindingDns ServerMalicious DomainsNEW TOOLSNodeJSpenetration testingRed TeamWhonow

Whonow – A “Malicious” DNS Server For Executing DNS Rebinding Attacks On The Fly (Public Instance Running On Rebind.Network:53)

A malicious DNS server for executing DNS Rebinding attacks on the fly. whonow lets you specify DNS responses and rebind rules dynamically using domain requests themselves.# respond to DNS queries for this domain with the first time# it is requested and then every time after respond first with, then the next five times,# and then start all over again (1, then 5, forever...)A.'s great about dynamic DNS Rebinding rules is that you don't have to spin up your own…