r/purpleteamsec bot
@r-purpleteamsec.bsky.social
Mirrors r/purpleteamsec, "we believe that when Red and Blue teams unite, security becomes not just a goal but a shared journey." Unofficial. Operated by @tweedge.net, open source @ https://github.com/tweedge/xpost-reddit-to-fediverse
magnet: Purple-team telemetry & simulation toolkit
magnet: Purple-team telemetry & simulation toolkit
github.com
November 23, 2025 at 7:39 PM
magnet: Purple-team telemetry & simulation toolkit
GoDefender: Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox, VM Detect package
GoDefender: Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox, VM Detect package
github.com
November 23, 2025 at 12:39 PM
GoDefender: Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox, VM Detect package
Covert red team phishing with Phishing Club
Covert red team phishing with Phishing Club
phishing.club
November 22, 2025 at 11:39 PM
Covert red team phishing with Phishing Club
x64 Return Address Spoofing
x64 Return Address Spoofing
hulkops.gitbook.io
November 22, 2025 at 5:54 PM
x64 Return Address Spoofing
APT35 Internal Leak of Hacking Campaigns Against Lebanon, Kuwait, Turkey, Saudi Arabia, Korea, and Domestic Iranian Targets - DomainTools Investigations
APT35 Internal Leak of Hacking Campaigns Against Lebanon, Kuwait, Turkey, Saudi Arabia, Korea, and Domestic Iranian Targets - DomainTools Investigations
dti.domaintools.com
November 22, 2025 at 11:24 AM
APT35 Internal Leak of Hacking Campaigns Against Lebanon, Kuwait, Turkey, Saudi Arabia, Korea, and Domestic Iranian Targets - DomainTools Investigations
Microsoft Defender for Endpoint Internal 0x06 — Custom Collection
Microsoft Defender for Endpoint Internal 0x06 — Custom Collection
medium.com
November 20, 2025 at 7:09 PM
Microsoft Defender for Endpoint Internal 0x06 — Custom Collection
impacket-jump: Remote service-staging tool built on Impacket, designed for BOF-style lateral movement workflows that lets you upload custom service loaders, set descriptions, and run them on demand.
impacket-jump: Remote service-staging tool built on Impacket, designed for BOF-style lateral movement workflows that lets you upload custom service loaders, set descriptions, and run them on demand.
github.com
November 20, 2025 at 2:24 PM
impacket-jump: Remote service-staging tool built on Impacket, designed for BOF-style lateral movement workflows that lets you upload custom service loaders, set descriptions, and run them on demand.
AI-driven-MITRE-Attack: This repository demonstrates a machine learning pipeline for detecting MITRE ATT&CK techniques from logs and enriching the output using a local LLM.
AI-driven-MITRE-Attack: This repository demonstrates a machine learning pipeline for detecting MITRE ATT&CK techniques from logs and enriching the output using a local LLM.
github.com
November 20, 2025 at 4:54 AM
AI-driven-MITRE-Attack: This repository demonstrates a machine learning pipeline for detecting MITRE ATT&CK techniques from logs and enriching the output using a local LLM.
SCCM Hierarchy Takeover via Entra Integration Because of the Implication
SCCM Hierarchy Takeover via Entra Integration Because of the Implication
specterops.io
November 19, 2025 at 7:09 PM
SCCM Hierarchy Takeover via Entra Integration Because of the Implication
Time Traveling in KQL
Time Traveling in KQL
academy.bluraven.io
November 19, 2025 at 6:24 PM
Time Traveling in KQL
How I Built My Own AMSI Bypass in Rust
How I Built My Own AMSI Bypass in Rust
medium.com
November 19, 2025 at 7:24 AM
How I Built My Own AMSI Bypass in Rust
Introducing the DRAPE Index: How to measure (in)success in a Threat Detection practice?
Introducing the DRAPE Index: How to measure (in)success in a Threat Detection practice?
detect.fyi
November 18, 2025 at 6:54 PM
Introducing the DRAPE Index: How to measure (in)success in a Threat Detection practice?
Open source HIDS tailored for Microsoft Windows and Active Directory
Open source HIDS tailored for Microsoft Windows and Active Directory
github.com
November 17, 2025 at 12:39 AM
Open source HIDS tailored for Microsoft Windows and Active Directory
SAMDump: Extracts SAM and SYSTEM using Volume Shadow Copy (VSS) API with multiple exfiltration options and XOR obfuscation
SAMDump: Extracts SAM and SYSTEM using Volume Shadow Copy (VSS) API with multiple exfiltration options and XOR obfuscation
github.com
November 16, 2025 at 12:54 AM
SAMDump: Extracts SAM and SYSTEM using Volume Shadow Copy (VSS) API with multiple exfiltration options and XOR obfuscation
Hunting for EDR-Freeze
Hunting for EDR-Freeze
blog.axelarator.net
November 15, 2025 at 8:54 PM
Hunting for EDR-Freeze
Abusing Delegation with Impacket (Part 2): Constrained Delegation
Abusing Delegation with Impacket (Part 2): Constrained Delegation
www.blackhillsinfosec.com
November 14, 2025 at 4:54 PM
Abusing Delegation with Impacket (Part 2): Constrained Delegation
Rehabilitating Registry Tradecraft with RegRestoreKey
Rehabilitating Registry Tradecraft with RegRestoreKey
www.preludesecurity.com
November 14, 2025 at 1:09 AM
Rehabilitating Registry Tradecraft with RegRestoreKey
The Complete Guide to Hunting Cobalt Strike - Part 1: Detecting in Open Directories
The Complete Guide to Hunting Cobalt Strike - Part 1: Detecting in Open Directories
hunt.io
November 13, 2025 at 10:54 PM
The Complete Guide to Hunting Cobalt Strike - Part 1: Detecting in Open Directories
ZeroCrumb: Dumping App Bound Protected Credentials & Cookies Without Privileges.
ZeroCrumb: Dumping App Bound Protected Credentials & Cookies Without Privileges.
github.com
November 12, 2025 at 7:39 PM
ZeroCrumb: Dumping App Bound Protected Credentials & Cookies Without Privileges.
EntraMFACheck: Identify Azure AD resources that issue tokens without MFA enforcement using the ROPC grant flow
EntraMFACheck: Identify Azure AD resources that issue tokens without MFA enforcement using the ROPC grant flow
github.com
November 12, 2025 at 6:54 AM
EntraMFACheck: Identify Azure AD resources that issue tokens without MFA enforcement using the ROPC grant flow
How I got Domain Admin via Citrix FAS through ESC3
How I got Domain Admin via Citrix FAS through ESC3
medium.com
November 11, 2025 at 1:54 AM
How I got Domain Admin via Citrix FAS through ESC3
ExitPatcher: Prevent in-process process termination by patching exit APIs
ExitPatcher: Prevent in-process process termination by patching exit APIs
github.com
November 10, 2025 at 8:09 PM
ExitPatcher: Prevent in-process process termination by patching exit APIs
Purple-team telemetry & simulation toolkit.
Purple-team telemetry & simulation toolkit.
github.com
November 10, 2025 at 5:54 PM
Purple-team telemetry & simulation toolkit.
MaleficentVM: practice VM for malware development
MaleficentVM: practice VM for malware development
github.com
November 9, 2025 at 4:24 PM
MaleficentVM: practice VM for malware development
ADCSDevilCOM: A C# tool for requesting certificates from ADCS using DCOM over SMB. This tool allows you to remotely request X.509 certificates from CA server using the MS-WCCE protocol over DCOM and It bypasses the traditional endpoint mapper requirement by using SMB directly.
ADCSDevilCOM: A C# tool for requesting certificates from ADCS using DCOM over SMB. This tool allows you to remotely request X.509 certificates from CA server using the MS-WCCE protocol over DCOM and It bypasses the traditional endpoint mapper requirement by using SMB directly.
github.com
November 9, 2025 at 2:54 PM
ADCSDevilCOM: A C# tool for requesting certificates from ADCS using DCOM over SMB. This tool allows you to remotely request X.509 certificates from CA server using the MS-WCCE protocol over DCOM and It bypasses the traditional endpoint mapper requirement by using SMB directly.