Awesome-Red-Teaming
APTnotes
| Awesome-Red-Teaming | APTnotes | |
|---|---|---|
| 8 | 5 | |
| 6,524 | 3,410 | |
| - | - | |
| 0.0 | 3.1 | |
| 4 months ago | 4 months ago | |
| MIT License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Awesome-Red-Teaming
- Career growth in cybersecurity
- i'm literally so far behind compared to everyone else!
- Any useful cybersecurity software under $5k?
-
Cybersecurity Repositories
Red Teaming
- Is there a cheat sheet of security tools and a small description of what they're used for?
-
Struggling to decide if I should take a low paying job offer or focus on studying for cybersecurity certificates. Any advice would be much appreciated.
Red Teaming / pen testing -- set up a home lab. Find a resource on the internet about how to learn red teaming and dig in. Example: https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
-
Red Team Equipment for Budget Proposal
For software, pretty much everything you might need to start out is available as open source. Besides the actual testing stuff, don't forget to look at tools to facilitate collaboration + reporting (highly recommend looking at https://github.com/GhostManager/Ghostwriter). Also checkout: https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
-
Looking for a mentor to show me what the industry in like
Pentesting is a tiny fraction of roles out of 10s of thousands and you're not likely to get an entry level gig on a red team but if you are interested in pen-testing check out https://jhalon.github.io/becoming-a-pentester/ and https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
APTnotes
-
Ask HN: What Happened with the Grugq Article?
>with case studies and getting as niche on specific things as possible.
Then definitely you can touch on APT marketplace, unlike the usual zeroday ones, those are -as the name implies, advanced, and mostly are state sponsored, you can find some of these in this sheet [1], or other sources [2] or older ones [3]. Now, for other zero day exploits, you can dig into your typical threat intelligence feeds to have an idea, some of these are daily updated [4] [5] [6] among a lot more of other resources, there are also underground databases for zero day and even APT updated as of yesterday, and also online marketplaces for those where you can buy/sell compromised RDP servers / webmail / cPanels / etc., or even services like smtp-sms for phishing among others, unfortunately, I can’t and won’t list any of these in here for obvious reasons, however, if you dig a little deeper definitely you will find something, just don’t use the usual search engines and normal channels, and get the usual security precautions like sandbox/vpns/etc. when access any of these sites, preferably in an isolated OS too.
And thanks, not expert enough for sure!
[1] https://docs.google.com/spreadsheets/u/1/d/1H9_xaxQHpWaa4O_S...
[2] https://gist.github.com/Neo23x0/c4f40629342769ad0a8f3980942e...
[3] https://github.com/kbandla/APTnotes
[4] https://bazaar.abuse.ch/browse/
[5] https://www.exploitalert.com/browse-exploit.html
[6] https://threatfox.abuse.ch/browse/
-
Seeking Datasets on Malware
I trained up this repo in my privateGPT - https://github.com/kbandla/APTnotes
- Le Burkina Faso
-
Cybersecurity Repositories
APT Notes
- Les ressortissants russes en France reçoivent en ce moment sur leurs numéros de téléphone russe des demandes pour l'enrôlement dans l'armée en vue de la guerre avec l'Ukraine
What are some alternatives?
nanodump - The swiss army knife of LSASS dumping
data - APTnotes data
Starkiller - Starkiller is a Frontend for PowerShell Empire.
ThreatHunter-Playbook - A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
SharpLAPS - Retrieve LAPS password from LDAP
awesome-ctf - A curated list of CTF frameworks, libraries, resources and softwares
Viper - Attack Surface Management & Red Team Simulation Platform 互联网攻击面管理&红队模拟平台
osx-and-ios-security-awesome - OSX and iOS related security tools
Red-Team-Advent-of-Code - Red Teaming / Pentesting challenges for my Advent-Of-Code 2021.
awesome-adversarial-machine-learning - A curated list of awesome adversarial machine learning resources
public-pentesting-reports - A list of public penetration test reports published by several consulting firms and academic security groups.
awesome-iocs - A collection of sources of indicators of compromise.