Skip to content

Commit

Permalink
add tools + github stats update
Browse files Browse the repository at this point in the history
  • Loading branch information
@mthcht
mthcht committed Jun 29, 2024
1 parent fc8db3a commit 16c27be
Show file tree
Hide file tree
Showing 1,230 changed files with 110,432 additions and 102,358 deletions.
7,997 changes: 4,073 additions & 3,924 deletions greyware_tool_keyword.csv
View file

Large diffs are not rendered by default.

53,058 changes: 26,895 additions & 26,163 deletions offensive_tool_keyword.csv
View file

Large diffs are not rendered by default.

1,096 changes: 983 additions & 113 deletions only_keywords.txt
View file

Large diffs are not rendered by default.

1,096 changes: 983 additions & 113 deletions only_keywords_regex.txt
View file

Large diffs are not rendered by default.

1,035 changes: 953 additions & 82 deletions only_keywords_regex_better_perf.txt
View file

Large diffs are not rendered by default.

2,763 changes: 2,763 additions & 0 deletions release_notes/Release_20240629.csv
View file

Large diffs are not rendered by default.

58 changes: 33 additions & 25 deletions signature_keyword.csv
View file

Large diffs are not rendered by default.

84,573 changes: 42,731 additions & 41,842 deletions threathunting-keywords.csv
View file

Large diffs are not rendered by default.

656 changes: 328 additions & 328 deletions tools/A-C/AADInternals.csv
View file

Large diffs are not rendered by default.

20 changes: 10 additions & 10 deletions tools/A-C/ABPTTS.csv
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
"keyword","metadata_keyword_regex","metadata_keyword_type","metadata_tool","metadata_description","metadata_tool_techniques","metadata_tool_tactics","metadata_malwares_name","metadata_groups_name","metadata_category","metadata_link","metadata_enable_endpoint_detection","metadata_enable_proxy_detection","metadata_comment","metadata_severity_score","metadata_popularity_score","metadata_github_stars","metadata_github_forks","metadata_github_updated_at","metadata_github_created_at"
"*/ABPTTS.git*",".{0,1000}\/ABPTTS\.git.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","1","N/A","9","8","716","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z"
"*\ABPTTS-master*",".{0,1000}\\ABPTTS\-master.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","0","N/A","9","8","716","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z"
"*===[[[ A Black Path Toward The Sun ]]]===*",".{0,1000}\=\=\=\[\[\[\sA\sBlack\sPath\sToward\sThe\sSun\s\]\]\]\=\=\=.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","0","N/A","9","8","716","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z"
"*63688c4f211155c76f2948ba21ebaf83*",".{0,1000}63688c4f211155c76f2948ba21ebaf83.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","0","N/A","9","8","716","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z"
"*abpttsclient.py*",".{0,1000}abpttsclient\.py.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","1","N/A","9","8","716","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z"
"*ABPTTSClient-log.txt*",".{0,1000}ABPTTSClient\-log\.txt.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","1","N/A","9","8","716","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z"
"*abpttsfactory.py*",".{0,1000}abpttsfactory\.py.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","1","N/A","9","8","716","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z"
"*Building ABPTTS configuration *",".{0,1000}Building\sABPTTS\sconfiguration\s.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","0","N/A","9","8","716","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z"
"*nccgroup/ABPTTS*",".{0,1000}nccgroup\/ABPTTS.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","1","N/A","9","8","716","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z"
"*tQgGur6TFdW9YMbiyuaj9g6yBJb2tCbcgrEq*",".{0,1000}tQgGur6TFdW9YMbiyuaj9g6yBJb2tCbcgrEq.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","0","N/A","9","8","716","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z"
"*/ABPTTS.git*",".{0,1000}\/ABPTTS\.git.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","1","N/A","9","8","718","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z"
"*\ABPTTS-master*",".{0,1000}\\ABPTTS\-master.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","0","N/A","9","8","718","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z"
"*===[[[ A Black Path Toward The Sun ]]]===*",".{0,1000}\=\=\=\[\[\[\sA\sBlack\sPath\sToward\sThe\sSun\s\]\]\]\=\=\=.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","0","N/A","9","8","718","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z"
"*63688c4f211155c76f2948ba21ebaf83*",".{0,1000}63688c4f211155c76f2948ba21ebaf83.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","0","N/A","9","8","718","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z"
"*abpttsclient.py*",".{0,1000}abpttsclient\.py.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","1","N/A","9","8","718","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z"
"*ABPTTSClient-log.txt*",".{0,1000}ABPTTSClient\-log\.txt.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","1","N/A","9","8","718","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z"
"*abpttsfactory.py*",".{0,1000}abpttsfactory\.py.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","1","N/A","9","8","718","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z"
"*Building ABPTTS configuration *",".{0,1000}Building\sABPTTS\sconfiguration\s.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","0","N/A","9","8","718","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z"
"*nccgroup/ABPTTS*",".{0,1000}nccgroup\/ABPTTS.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","1","N/A","9","8","718","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z"
"*tQgGur6TFdW9YMbiyuaj9g6yBJb2tCbcgrEq*",".{0,1000}tQgGur6TFdW9YMbiyuaj9g6yBJb2tCbcgrEq.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","0","N/A","9","8","718","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z"
2 changes: 1 addition & 1 deletion tools/A-C/AD exploitation cheat sheet.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@
"*Invoke-SQLAudit*",".{0,1000}Invoke\-SQLAudit.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Scan for MSSQL misconfigurations to escalate to System Admin","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://stealthbits.com/blog/compromise-powerupsql-sql-attacks/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*Invoke-SQLOSCmd -Instance * -Command *",".{0,1000}Invoke\-SQLOSCmd\s\-Instance\s.{0,1000}\s\-Command\s.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Run command (enables XP_CMDSHELL automatically if required)","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*Invoke-TokenManipulation*",".{0,1000}Invoke\-TokenManipulation.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Invoke-TokenManipulation script Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*lsass.dmp*",".{0,1000}lsass\.dmp.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Dump LSASS memory through a process snapshot (-r) avoiding interacting with it directly","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*lsass.dmp*",".{0,1000}lsass\.dmp.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Dump LSASS memory through a process snapshot (-r) avoiding interacting with it directly","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","10","10","N/A","N/A","N/A","N/A"
"*MS-RPRN.exe *",".{0,1000}MS\-RPRN\.exe\s.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Unconstrained delegation From attacking machine entice the Domain Controller to connect using the printer bug. Binary from here https://github.com/leechristensen/SpoolSample","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*mssqlsvc.kirbi*",".{0,1000}mssqlsvc\.kirbi.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Crack with TGSRepCrack","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*ntlmrelayx --*",".{0,1000}ntlmrelayx\s\-\-.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Example command to relay the hash to authenticate as local admin (if the service account has these privileges) and run calc.exe. Omit the -c parameter to attempt a secretsdump instead.","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
Expand Down
10 changes: 5 additions & 5 deletions tools/A-C/AD-common-queries.csv
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
"keyword","metadata_keyword_regex","metadata_keyword_type","metadata_tool","metadata_description","metadata_tool_techniques","metadata_tool_tactics","metadata_malwares_name","metadata_groups_name","metadata_category","metadata_link","metadata_enable_endpoint_detection","metadata_enable_proxy_detection","metadata_comment","metadata_severity_score","metadata_popularity_score","metadata_github_stars","metadata_github_forks","metadata_github_updated_at","metadata_github_created_at"
"*/AD-common-queries.git*",".{0,1000}\/AD\-common\-queries\.git.{0,1000}","greyware_tool_keyword","AD-common-queries","Collection of common ADSI queries for Domain Account enumeration","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","1","N/A","8","1","3","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*ADUsers-Disabled.txt*",".{0,1000}ADUsers\-Disabled\.txt.{0,1000}","greyware_tool_keyword","AD-common-queries","Collection of common ADSI queries for Domain Account enumeration","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","0","N/A","8","1","3","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*ADUsers-PasswordNeverExpires.txt*",".{0,1000}ADUsers\-PasswordNeverExpires\.txt.{0,1000}","greyware_tool_keyword","AD-common-queries","Collection of common ADSI queries for Domain Account enumeration","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","0","N/A","8","1","3","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*ADUsers-PasswordNotRequired.txt*",".{0,1000}ADUsers\-PasswordNotRequired\.txt.{0,1000}","greyware_tool_keyword","AD-common-queries","Collection of common ADSI queries for Domain Account enumeration","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","0","N/A","8","1","3","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*swarleysez/AD-common-queries*",".{0,1000}swarleysez\/AD\-common\-queries.{0,1000}","greyware_tool_keyword","AD-common-queries","Collection of common ADSI queries for Domain Account enumeration","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","1","N/A","8","1","3","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*/AD-common-queries.git*",".{0,1000}\/AD\-common\-queries\.git.{0,1000}","greyware_tool_keyword","AD-common-queries","Collection of common ADSI queries for Domain Account enumeration","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","1","N/A","8","1","4","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*ADUsers-Disabled.txt*",".{0,1000}ADUsers\-Disabled\.txt.{0,1000}","greyware_tool_keyword","AD-common-queries","Collection of common ADSI queries for Domain Account enumeration","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","0","N/A","8","1","4","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*ADUsers-PasswordNeverExpires.txt*",".{0,1000}ADUsers\-PasswordNeverExpires\.txt.{0,1000}","greyware_tool_keyword","AD-common-queries","Collection of common ADSI queries for Domain Account enumeration","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","0","N/A","8","1","4","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*ADUsers-PasswordNotRequired.txt*",".{0,1000}ADUsers\-PasswordNotRequired\.txt.{0,1000}","greyware_tool_keyword","AD-common-queries","Collection of common ADSI queries for Domain Account enumeration","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","0","N/A","8","1","4","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*swarleysez/AD-common-queries*",".{0,1000}swarleysez\/AD\-common\-queries.{0,1000}","greyware_tool_keyword","AD-common-queries","Collection of common ADSI queries for Domain Account enumeration","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","1","N/A","8","1","4","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
Loading

0 comments on commit 16c27be

Please sign in to comment.