This is your work, valued
Thinker, Red and Blue operator
EDR-Testing-Script. Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads
319BlueTeam.Lab. Blue Team detection lab created with Terraform and Ansible in Azure.
187RT-CyberShield. Protecting Red Team infrastructure with cyber shield blocking AWS/AZURE/IBM/Digital Ocean/TOR/AV IP/ETC. ranges
45unix_collector. unix_collector is a Live Response collection script for Incident Response on UNIX-like systems using native binaries. Supports AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
43shadowbroker-smb-scanner. shadowbroker SMB exploit scanner. Scans for ETERNALSYNERGY ETERNALBLUE ETERNALROMANCE ETHERNALCHAMPION
42LeakGenerator. Generate your own personal data leak
40Cloud-Investigate. A preconfigured Windows-based system designed for rapid forensic investigations in both Azure and AWS.
37GeoIPPlotter. GeoIP plotting script written in Python to help security teams draw visualized reports from IP addresses
20OS.LAB. Operating System testbed created with Terraform to test payloads, programs and compatibility on different OS versions. Supports AWS and Azure.
20amphunt. This repository contains advanced threat hunting scripts for Cisco Secure Endpoint API. The scripts leverage the AMP API to hunt for threats, analyze endpoint behavior, and detect potential compromises across the environment using API version 0 and 1. Now supporting AI SKILLs concept.
14Dataroma-Analyzer. Dataroma Stock Analyzer
12powershell-reverse-shell. Simple Powershell Reverse Shell with handling server in python
10WINFINGER. A collection of Windows hashes generated against windows installation ISOs using sigcheck from Sysinternals
10investigatehunt. Cisco Umbrella Investigate threat hunting scripts
8DNS-Testing-Script. Test the accuracy of DNS monitoring and blocking solution.
7Bad-Firewall. Bad IP blocking firewall with ipset, iptables and a dash of bash.
7ai-bug-hunter. AI bug hunter prompt
5LokiToWinEventLog. A PowerShell-based integration tool that enables Loki to log detection results directly to Windows Event Log for enterprise-scale IOC (Indicators of Compromise) monitoring and incident response.
4Invoke-DomainHasher. A threat hunting tool designed to help in identifying unknown binaries across windows domain.
4amp-policy-kit. Cisco Secure Endpoint policy assessment kit
3SHARPPENCIL. A PowerShell and C# implementation of LDAP attribute extraction for domain users
3Pe-SieveToWinEventLog. A PowerShell-based integration tool that enables pe-sieve to log detection results directly to Windows Event Log for enterprise-scale security monitoring and incident response.
3DCOM-Audit. DCOM-Audit: Enumerate, Audit, and Secure DCOM objects
3massJARM. A high-performance, threaded implementation of JARM fingerprinting with smart port detection, rate limiting, and flexible input/output options.
2meraki-hunting. Threat hunting scripts for Cisco Meraki installations
2SwarmMaker. A framework for building AI agents. Compile unstructured knowledge into validated, installable AI agent skill bundles for Claude, Codex, and Gemini
2Codeword-Generator-Collection. Codeword generators written in common programming and scripting languages
1MCuban_Blog. Mark Cuban blog copy (in PDF)
1evtxpickup. Windows Active Directory event (Evtx) collection script for scaled up forensic investigations.
1EVTX-ATTACK-SAMPLES. Windows Events Samples
1