S3N4T0R

Elite
@S3N4T0R-0X0

Be The Threat To Defeat It

APTs-Adversary-Simulation. This repository contains detailed adversary simulation APT campaigns targeting various critical sectors. Each simulation includes custom tools, C2 servers, backdoors, exploitation techniques, stagers, bootloaders, and other malicious artifacts that mirror those used in real world attacks .

1.1k

BEAR. Bear C2 is a compilation of C2 scripts, payloads, and stagers used in simulated attacks by Russian APT groups, Bear features a variety of encryption methods, including AES, XOR, DES, TLS, RC4, RSA and ChaCha to secure communication between the payload and the operator machine.

523

PixelCode-Attack. Malicious PixelCode is a security research project that demonstrates a covert technique for encoding executable files into pixel data and storing them inside images or videos. A lightweight loader retrieves the media file, reconstructs the original binary and executes it in memory. This project highlights unconventional data delivery.

170

Checkmate. payload Execution by Fake Windows SmartScreen with requires Administrator privileges & Turn off real SmartScreen Filter

114

Hunter. Охотник (Hunter) is a simple Adversary Simulation tool developed for achieves stealth through API unhooking, direct and indirect syscalls, Event Tracing for Windows (ETW) suppression, process hollowing, stack spoofing, polymorphic encryption, and comprehensive anti-analysis mechanisms.

94

APT29-Adversary-Simulation. This is a simulation of attack by the Cozy Bear group (APT-29) targeting diplomatic missions

48

APT28-Adversary-Simulation. This is a simulation of attack by Fancy Bear group (APT28) targeting high-ranking government officials Western Asia and Eastern Europe

38

Voodoo-Bear-APT. This is a simulation of attack by (Voodoo Bear) APT group targeting entities in Eastern Europe the attack campaign was active as early as mid-2022, The attack chain starts with backdoor which is a DLL targets both 32-bit and 64-bit Windows

11

Ember-Bear-APT. This is a simulation of attack by (Ember Bear) APT group targeting energy Organizations in Ukraine the attack campaign was active from least March 2021, The attack chain starts wit spear phishing email sent to an employee of the organization, which used a social engineering theme that suggested the individual had committed a crime

10

Gossamer-Bear-APT. This is a simulation of attack by (Gossamer Bear) APT group targeting Institutions logistics support and defense to Ukraine the attack campaign was active from April 2023

7

Energetic-Bear-APT. This is a simulation of attack by Energetic Bear APT group targeting “eWon” is a Belgian producer of SCADA and industrial network equipmen

6

Primitive-Bear-APT. This is a simulation of attack by (Primitive Bear) APT group targeting the State Migration Service of Ukraine

5

Venomous-Bear-APT. This is a simulation of attack by (Venomous Bear) APT group targeting U.S.A, Germany and Afghanista attack campaign was active since at least 2020, The attack chain starts with installed the backdoor as a service on the infected machine

5

Berserk-Bear-APT. This is a simulation of attack by (Berserk Bear) APT group targeting critical infrastructure and energy companies around the world, primarily in Europe and the United States

4
14
Apply