LOLBAS
purple-team-exercise-framework
LOLBAS | purple-team-exercise-framework | |
---|---|---|
5 | 2 | |
6,609 | 538 | |
1.2% | 2.4% | |
8.3 | 3.1 | |
9 days ago | 4 months ago | |
XSLT | ||
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
LOLBAS
-
How do i replicate GTFOBins layout ?
I have an idea for a simar style website that i would like to create, and i was going to use GTFOBins as a template and ammend to fit my data, much like LOLBAS has.
-
should we write our own custom rule
Fo example the usage of living off the land binaries https://lolbas-project.github.io/ , when I've implemented rules in order to detect this ,I've seen a lot of false positive because of the context ,but the rule was correct.
- Living Off the Land Binaries
-
Lolbas: Living Off the Land Binaries, Scripts and Libraries
https://github.com/LOLBAS-Project/LOLBAS/tree/master
The associated github is much more informative about what the project does. Basically they document "undocumented" capabilities of signed microsoft binaries that can be used for red team work.
-
CISA bulletin – PRC state-sponsored cyber actor techniques [pdf]
Yes, see for example [1].
[1] https://github.com/LOLBAS-Project/LOLBAS
purple-team-exercise-framework
-
TIL Adversary Emulation is a subset Red Team but with focus on CTI. How it is executed in the industry in real world example?
For example, most of our customers include our scenario based component into SOWs because it's malleable, aligns best with the customer's tech stack, security controls, and engagement objectives. The idea is to remove the 'Adversary emulation constraints' introduced by frameworks like PTEF (Purple Team Exercise Framework) while ensuring we're still emulate a TA; known, or unknown.
- Purple Team Exercise Framework
What are some alternatives?
UltimateAppLockerByPassList - The goal of this repository is to document the most common techniques to bypass AppLocker.
EnterprisePurpleTeaming - Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study by Xena Olsen.
GoodHound - Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.
NIST-to-Tech - An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)
gitlab-watchman - Finding exposed secrets and personal data in GitLab
slack-watchman - Slack enumeration and exposed secrets detection tool
LOLDrivers - Living Off The Land Drivers
LOOBins - Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for malicious purposes.