Skip to content

@DefensiveOrigins Defensive Origins

Change the repository type filter

All

    Repositories list

    44 repositories

    • DO-LAB

      Public
      HTML
      GNU General Public License v3.0
      164310Updated Oct 17, 2024Oct 17, 2024

    • DTE_Extras

      Public
      PowerShell
      0000Updated Oct 7, 2024Oct 7, 2024

    • NECSC24

      Public
      Nebraska Cyber Security Conference - Talk Slides & Content
      0000Updated Sep 17, 2024Sep 17, 2024

    • ADD-PreReqs

      Public
      Attack Detect Defend Course Pre-Requisites
      0100Updated Jun 20, 2024Jun 20, 2024

    • Detect-msDS-KeyCredentialLink

      Public
      Detect msDS-KeyCredentialLink Changes
      0600Updated Jun 19, 2024Jun 19, 2024

    • impacket

      Public
      Impacket is a collection of Python classes for working with network protocols.
      Python
      Other
      3.6k000Updated Jun 1, 2024Jun 1, 2024

    • SysmonCommunityGuide

      Public
      TrustedSec Sysinternals Sysmon Community Guide
      CSS
      167000Updated May 26, 2024May 26, 2024

    • PetitPotam

      Public
      PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
      C
      287000Updated May 26, 2024May 26, 2024

    • BloodHound.py

      Public
      A Python based ingestor for BloodHound
      Python
      MIT License
      331000Updated May 21, 2024May 21, 2024

    • PKINITtools

      Public
      Tools for Kerberos PKINIT and relaying to AD CS
      Python
      MIT License
      80000Updated Apr 12, 2024Apr 12, 2024

    • ADD_Extras

      Public
      ADD Extras
      0000Updated Apr 2, 2024Apr 2, 2024

    • APT22Things

      Public
      Location for a few things necessary for APT22
      BSD 2-Clause "Simplified" License
      0102Updated Dec 19, 2023Dec 19, 2023

    • Training

      Public
      Defensive Origins Training Schedule
      trainingaptwebcasts
      53700Updated Dec 11, 2023Dec 11, 2023

    • HostRecon

      Public
      This function runs a number of checks on a system to help provide situational awareness to a penetration tester during the reconnaissance phase. It gathers information about the local system, users, and domain information. It does not use any 'net', 'ipconfig', 'whoami', 'netstat', or other system commands to help avoid detection.
      PowerShell
      MIT License
      119000Updated Dec 10, 2023Dec 10, 2023

    • MSSentinelSysmonParser

      Public
      A simple parser for Sysmon logs through EID28 for Microsoft Sentinel
      MIT License
      0300Updated Dec 23, 2022Dec 23, 2022

    • APT-PreReqs

      Public
      Applied Purple Teaming Course Pre-Requisites
      41100Updated Sep 28, 2022Sep 28, 2022

    • SentinelKQL

      Public
      Some supporting KQL queries for a blog
      0700Updated Jun 22, 2022Jun 22, 2022

    • DTEsrc2022

      Public
      Additional resources for DTE 2022
      PowerShell
      0000Updated Mar 14, 2022Mar 14, 2022

    • bl-bfg

      Public
      Python
      MIT License
      10000Updated Mar 3, 2022Mar 3, 2022

    • SILENTTRINITY

      Public
      An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR
      Boo
      GNU General Public License v3.0
      407200Updated Feb 16, 2022Feb 16, 2022

    • BruteLoops

      Public
      Python
      MIT License
      3100Updated Feb 15, 2022Feb 15, 2022

    • BloodHound

      Public
      Six Degrees of Domain Admin
      JavaScript
      GNU General Public License v3.0
      1.7k300Updated Feb 11, 2022Feb 11, 2022

    • DomainPasswordSpray

      Public
      DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!
      PowerShell
      MIT License
      379000Updated Jan 8, 2022Jan 8, 2022

    • PowerTools

      Public
      PowerTools is a collection of PowerShell projects with a focus on offensive operations.
      PowerShell
      Other
      814000Updated Dec 28, 2021Dec 28, 2021

    • APT-Lab-Terraform

      Public
      Purple Teaming Attack & Hunt Lab - Terraform
      azureterraformlabspurpleteam
      HCL
      GNU General Public License v3.0
      3415831Updated Nov 29, 2021Nov 29, 2021

    • DET062021

      Public
      PowerShell
      0100Updated Jun 11, 2021Jun 11, 2021

    • Responder

      Public
      Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
      Python
      GNU General Public License v3.0
      1.7k000Updated Apr 20, 2021Apr 20, 2021

    • AtomicPurpleTeam

      Public
      Atomic Purple Team Framework and Lifecycle
      attacklifecyclehuntingattack-detectionlifecycle-managementattack-defensefameworkpurpleteam
      GNU General Public License v3.0
      3728401Updated Feb 11, 2021Feb 11, 2021

    • OpticsBuilder

      Public
      Install Threat Optics
      PowerShell
      4400Updated Jan 23, 2021Jan 23, 2021

    • APT06202001

      Public
      Applied Purple Teaming - (ITOCI4hr) - Infrastructure, Threat Optics, and Continuous Improvement - June 6, 2020
      HTML
      7732221Updated Jan 22, 2021Jan 22, 2021