A knowledge source about TTPs used to target GenAI-based systems, copilots and agents

Based on Lightspin proprietary data, research, and our tracking of cloud security trends in the market, our research team has compiled a list of the 2022 Top 7 Cloud Attack Paths across AWS, Azure, GCP, and Kubernetes as seen on the Lightspin Cloud Native Application Protection Platform.

A Tool for Semantic Ranking for Automated Adversarial Technique Annotation in Security Text

A Python script to generate MITRE ATT&CK Navigator layers from TTPs

GyoiThon is a growing penetration test tool using Machine Learning.

Technical Documentation

Ring -1 engine for MitM attacks on CPU registers. Leverages $DR0$-$DR7$ for zero-footprint interception, real-time data sniffing, and active argument tampering via WriteProcessMemory. Facilitates EDR bypass without modifying app code.

Pentesting checklists for various engagements

Zero-file, LotL command for memory-resident binary execution. Bypasses EDR vectors by leveraging memfd_create and os.execve to pivot from an obfuscated Base85/Bit-Shift one-liner to a fileless process execution masquerading as a kernel thread without disk footprints.

Exploit for Linux Privilege Escalation via Insecure Container Wrappers (e.g., runc). Automates the entire kill chain from rootfs creation to host pwnage. Inspired by Giveback @ HTB.

ttpnav is a Python library that simplifies navigating MITRE ATT&CK data, enabling users to effortlessly retrieve comprehensive information about specific techniques with a single query. It provides details on mitigations, detections, procedure examples, groups, and related software/tools, streamlining cybersecurity analysis.

Organized goldmine of common TTPs for pentesting / CTFs. Includes folder of canvas files for Obsidian.

A Ruby framework designed to aid in the penetration testing of WordPress systems.

AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and additional checks. Official CIS for AWS guide: https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf

Interactive Editor for creating & annotating enriched Cyber Kill Chains by mapping MITRE ATT&CK, CAPEC, CWE & STIX 2.1 Objects to the Unified Kill Chain framework. Drag-and-drop interface with metadata, confidence scoring, and export capabilities. Track complex kill chains and combine TTPs with atomic IOCs easily.

Config files for my GitHub profile.

> Hello, friend. Advanced Persistent Threat (APT) operational archives. Featuring real-world Red Team TTPs, Active Directory exploitation, Zero-Day research, and Offensive Threat Intelligence. The blueprint of modern infrastructure subversion.

An Android app that lets you use your card cloning devices in the field.

Curated list of resources related to serverless architectures and the Serverless Framework

CSHARP DCOM Fun