Skip to content

Latest commit

 

History

History
312 lines (289 loc) · 13.4 KB

red-team-adversary-emulation.md

File metadata and controls

312 lines (289 loc) · 13.4 KB

Red Teaming, Adversary Simulation and Offensive Security

Collection of resources related to offensive security (red teaming and adversary simulation) with a focus on Linux environments.

Content

Backdoors

  • BDF: The Backdoor Factory.
  • ReCmd: Remote Command executor
  • Tiny Shell: An open-source UNIX backdoor

C2 Frameworks

  • C2 matrix: C2 frameworks comparison.
  • Emp3r0r: Linux/Windows post-exploitation framework made by linux user.
  • empire: PowerShell and Python 3.x post-exploitation framework.
  • Havoc: modern and malleable post-exploitation command and control framework.
  • Heroinn: Rust cross platform C2/post-exploitation framework.
  • Link: command and control framework written in rust.
  • pupy: cross-platform remote administration and post-exploitation tool.
  • sliver: Adversary Emulation Framework.
  • pwncat: reverse and bind shell handler.
  • Stitch: python Remote Administration Tool.
  • TheFatRat: generate backdoor and easy tool to post exploitation attack.
  • veil: generate metasploit payloads that bypass common anti-virus solutions.

Libraries

  • ColdFire: malware development library.
  • Houdini: rust library that allows you to delete your executable while it's running.
  • Impacket: collection of Python classes for working with network protocols.
  • Intruducer: Rust crate to load a shared library into a Linux process without using ptrace.

Malwares

  • Linux Malware: tracking interesting Linux (and UNIX) malware.
  • Dumpers:
    • pamspy: Credentials Dumper for Linux using eBPF.
  • Log Cleaners:
    • Moonwalk: Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.
  • Malware Source Code: collection of malware source code for a variety of platforms.
  • Obfuscation:
    • Bashfuscator: configurable and extendable Bash obfuscation framework.
  • Packers:
    • oxide: PoC packer written in Rust.
    • UPX: free, portable, extendable, high-performance executable packer.
  • Pafish: testing tool that uses different techniques to detect virtual machines and malware analysis environments.

Misc

  • antiscan: scan service similar to virustotal

Networking

  • File Transfer:
    • croc: easily and securely send things from one computer to another.
    • pcp: peer-to-peer data transfer tool based on libp2p.
  • Proxies:
    • frp: fast reverse proxy.
    • leaf: versatile and efficient proxy framework.
    • mitmproxy: interactive HTTPS proxy.
    • ngrok: introspected tunnels to localhost.
    • Proxiechain: a tool that forces any TCP connection made by any given application to follow through proxies.
    • rathole: lightweight and high-performance reverse proxy for NAT traversal, written in Rust.
    • Shadowsocks: fast tunnel proxy that helps you bypass firewalls.
    • socat: relay for bidirectional data transfer.
  • Remote/Reverse Shells:
    • GTRS: Google Translator Reverse Shell.
    • hershell: multiplatform reverse shell generator.
    • icmpsh: reverse ICMP shell.
    • Platypus: modern multiple reverse shell sessions manager written in go.
    • rpty: tricking shells into interactive mode when local PTY's are not available.
    • rsg: tool to generate various ways to do a reverse shell.
    • rtty: access your terminal from anywhere via the web.
    • rustcat: modern Port listener and Reverse shell.
    • tunshell: remote shell into ephemeral environments.
    • wash: a cloud-native shell for bringing remote infrastructure to your terminal.
  • Tunnelling:
    • bore: simple CLI tool for making tunnels to localhost.
    • chisel: fast TCP/UDP tunnel over HTTP.
    • clash: rule-based tunnel in Go.
    • dog-tunnel: p2p tunnel.
      • kcp: a Fast and Reliable ARQ Protocol.
    • gost: a simple tunnel written in golang.
    • gsocket: connect like there is no firewall. Securely.
    • icmptunnel: tunnel your IP traffic through ICMP echo and reply packets.
    • iodine: tunnel IPv4 data through a DNS server.
    • pingtunnel: tool that send TCP/UDP traffic over ICMP.
    • ssf: Secure Socket Funneling.
    • Stowaway: Multi-hop Proxy Tool for pentesters.
    • udp2raw: tunnel which Turns UDP Traffic into Encrypted UDP/FakeTCP/ICMP Traffic.

Resources

  • ATT&CK: knowledge base of adversary tactics and techniques.
  • GTFOBins: curated list of Unix binaries that can be used to bypass local security restrictions.
  • HackTricks: hacking trick/technique/whatever
  • Linode Red Teaming Series
  • LOLBAS: Living Off The Land Binaries, Scripts and Libraries.
  • Offensive Security: Tools & Interesting Things for RedTeam Ops.
  • PayloadAllTheThings: list of useful payloads and bypass for Web Application Security and Pentest/CTF.
  • PayloadBox: list of attack payloads.
  • Red Teaming: List of Awesome Red Teaming Resources.
  • Red team cheatsheet: Red Team Cheatsheet in constant expansion.
  • Red Team Infrastructure: Red Team infrastructure hardening resources.
  • RedTeam-Tools: Tools and Techniques for Red Team
  • Red Teaming Toolkit: cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
  • RedTeaming-TT: Red Teaming Tactics and Techniques
  • SecList: collection of multiple types of lists used during security assessments.
  • Standards:
    • NIST: Framework for Improving Critical Infrastructure Cybersecurity.
    • OSSTMM: Open Source Security Testing Methodology Manual.
    • PTES: Penetration Testing Methodologies and Standards.
    • TIBER: Threat Intelligence-Based Ethical Red Teaming Framework.
    • STG: OWASP testing methodologies.

Rootkits

  • Kernel
    • Awesome Linux Rootkits.
    • Diamorphine: LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x and ARM64.
    • Pinkit: LKM rootkit that executes a reverse TCP netcat shell with root privileges.
    • Reptile: LKM Linux rootkit.
    • Research rootkit: LibZeroEvil & the Research Rootkit project.
    • Rootkit: rootkit for Ubuntu 16.04 and 10.04 (Linux Kernels 4.4.0 and 2.6.32), both i386 and amd64.
    • Rootkit list download: list of rootkits (includes also userspace rootkits).
    • Sutekh: rootkit that gives a userland process root permissions.
    • TripleCross: Linux eBPF rootkit.
  • Resources

Tools

  • airgeddon: multi-use bash script for Linux systems to audit wireless networks.
  • Beshark: Bash post exploitation toolkit.
  • Bettercap: networks reconnaissance and MITM attacks.
  • BloodHound: Six Degrees of Domain Admin.
  • CrackMapExec: evaluates and exploits vulnerabilities in an active directory environment.
  • HashCat: password recovery utility.
  • LaZagne: retrieve passowrds.
  • Linux Exploit Suggester: Linux privilege escalation auditing tool.
  • Metasploit Framework: penetration testing framework.
    • Venom: metasploit Shellcode generator/compiller.
  • NoseyParker: command-line program that finds secrets and sensitive information in textual data and Git history.
  • PEASS-ng: Privilege Escalation Awesome Scripts SUITE.
  • pixload: set of tools for creating/injecting payload into images.
  • Sherlock: hunt down social media accounts by username across social networks.
  • SSH weaponization:
  • traitor: automatic Linux privesc via exploitation of low-hanging fruit.