Search Results for "security" - Page 3

Security‑Datasets is a community-driven repository maintained by the Open Threat Research Forge (OTRF) that curates publicly available malicious and benign datasets for threat-hunting, machine learning, event analysis, and cybersecurity research. Datasets include Windows events, logs, alerts, and simulated attack data to support detection engineering and academic research.

...The tool includes hooks that integrate into git commit and git merge, as well as commands to list, add, or remove secret patterns, and to scan existing history for leaks. Teams often deploy it as part of their developer toolchain to enforce a security guardrail: you catch leaks early rather than discovering them later. It is also often used in CI pipelines or continuous code quality checks to detect in-flight vulnerabilities. While git-secrets is not a full secrets management system, it plays a key role in defense-in-depth by preventing accidental exposure in source.

Invoke-TheHash is a PowerShell module providing utilities to perform “Pass-the-Hash” style remote operations over WMI and SMB by supplying NTLM hashes instead of plaintext passwords. The project includes multiple scripts/modules (Invoke-WMIExec, Invoke-SMBExec, Invoke-SMBEnum, Invoke-SMBClient, and a wrapper Invoke-TheHash) so operators can choose enumeration, file access, or command execution modes. It uses .NET’s TcpClient for direct SMB/WMI connections and performs authentication by...

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing. Import all the scripts in the current PowerShell session (PowerShell v3 onwards). Use the individual scripts with dot sourcing. Note that the help is available for the function loaded after running the script and not the script itself since version 0.3.8.

PowerShell scripts for notification of WSUS client status. Default summary report from WSUS server does not notify about inactual WSUS clients. WSUS CWE collects information about errors and if client is in sync from last month.

...Payloads demonstrate how the device can emulate human interface devices (keyboard/mouse), Ethernet adapters, serial gadgets, or mass storage to automate complex workflows once plugged into a host. The collection ranges from benign administrative automation to offensive security demonstrations used in penetration testing, showcasing patterns like keystroke automation, reverse shells, credential capture (for lab use), and lateral transport techniques. Each payload typically includes a payload.txt control file with stages and configurable parameters so operators can adapt behavior to different targets. Because the device and its payloads are powerful, the repository emphasizes responsible use—training, red-team engagements with authorization, and awareness of legal/ethical boundaries.

PowerSploit is a PowerShell-based post‑exploitation framework widely used by penetration testers, red‑teamers, and security researchers. It includes modules for code execution, introspection, lateral movement, persistence, and data exfiltration—deeply integrated into Windows environments.

PowerSploit is a collection of PowerShell modules that historically served as a toolkit for post-exploitation tasks, red-team exercises, and offensive-security research—covering areas like reconnaissance, lateral movement, persistence, and situational awareness. The repository bundles many focused scripts: code to enumerate system and Active Directory information, payload generation helpers, in-memory execution utilities, and modules to interact with credentials and services. Because the modules can be used to both demonstrate weaknesses and to exploit them, the project is typically referenced in threat emulation, penetration testing, and defensive research to understand attacker capabilities. ...