{"id":13625673,"url":"https://github.com/BankSecurity/Red_Team","last_synced_at":"2025-04-16T10:32:46.681Z","repository":{"id":41552942,"uuid":"207887024","full_name":"BankSecurity/Red_Team","owner":"BankSecurity","description":"Some scripts useful for red team activities","archived":false,"fork":false,"pushed_at":"2022-01-27T18:55:16.000Z","size":274,"stargazers_count":1548,"open_issues_count":0,"forks_count":364,"subscribers_count":90,"default_branch":"master","last_synced_at":"2024-08-01T22:05:51.790Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/BankSecurity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-09-11T19:07:57.000Z","updated_at":"2024-07-26T22:47:41.000Z","dependencies_parsed_at":"2022-08-10T02:48:20.301Z","dependency_job_id":null,"html_url":"https://github.com/BankSecurity/Red_Team","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BankSecurity%2FRed_Team","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BankSecurity%2FRed_Team/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BankSecurity%2FRed_Team/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BankSecurity%2FRed_Team/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/BankSecurity","download_url":"https://codeload.github.com/BankSecurity/Red_Team/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223708290,"owners_count":17189754,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T21:01:59.243Z","updated_at":"2024-11-08T15:30:19.311Z","avatar_url":"https://github.com/BankSecurity.png","language":"PowerShell","readme":"# Red_Team\nSome scripts useful for red team activities\n\nCovered MITRE ATT\u0026CK Tactics \u0026 Techniques (https://attack.mitre.org/):\n\n\nInitial Access:\n\nT1192 - Spearphishing Link - https://attack.mitre.org/techniques/T1192/\n\nT1193 - Spearphishing Attachment - https://attack.mitre.org/techniques/T1193/\n\n\nExecution:\n\nT1047 - Windows Management Instrumentation - https://attack.mitre.org/techniques/T1047/\n\nT1059 - Command-Line Interface - https://attack.mitre.org/techniques/T1059/\n\nT1061 - Graphical User Interface - https://attack.mitre.org/techniques/T1061/\n\nT1064 - Scripting https://attack.mitre.org/techniques/T1064/\n\nT1085 - Rundll32 - https://attack.mitre.org/techniques/T1085/\n\nT1086 - PowerShell - https://attack.mitre.org/techniques/T1086/\n\nT1127 - Trusted Developer Utilities - https://attack.mitre.org/techniques/T1127/\n\nT1170 - Mshta (TBD) - https://attack.mitre.org/techniques/T1170/\n\n\nPersistence:\n\nT1060 - Registry Run Keys / Startup Folder - https://attack.mitre.org/techniques/T1060/\n\n\nDefense Evasion:\n\nT1027 - Obfuscated Files or Information - https://attack.mitre.org/techniques/T1027/\n\nT1107 - File Deletion - https://attack.mitre.org/techniques/T1107/\n\nT1140 - Deobfuscate/Decode Files or Information - https://attack.mitre.org/techniques/T1140/\n\nT1143 - Hidden Window - https://attack.mitre.org/techniques/T1143/\n\n\nCredential Access:\n\nT1003 - Credential Dumping - https://attack.mitre.org/techniques/T1003/\n\nT1081 - Credentials in Files - https://attack.mitre.org/techniques/T1081/\n\nT1214 - Credentials in Registry (TBD) - https://attack.mitre.org/techniques/T1214/\n\nT1503 - Credentials from Web Browsers - https://attack.mitre.org/techniques/T1503/\n\n\nDiscovery:\n\nT1007 - System Service Discovery - https://attack.mitre.org/techniques/T1007/\n\nT1010 - Application Window Discovery - https://attack.mitre.org/techniques/T1010/\n\nT1016 - System Network Configuration Discovery - https://attack.mitre.org/techniques/T1016/\n\nT1018 - Remote System Discovery - https://attack.mitre.org/techniques/T1018/\n\nT1033 - System Owner/User Discovery - https://attack.mitre.org/techniques/T1033/\n\nT1049 - System Network Connections Discovery - https://attack.mitre.org/techniques/T1049/\n\nT1057 - Process Discovery - https://attack.mitre.org/techniques/T1057/\n\nT1063 - Security Software Discovery - https://attack.mitre.org/techniques/T1063/\n\nT1069 - Permission Groups Discovery - https://attack.mitre.org/techniques/T1069/\n\nT1082 - System Information Discovery - https://attack.mitre.org/techniques/T1082/\n\nT1083 - File and Directory Discovery - https://attack.mitre.org/techniques/T1083/\n\nT1087 - Account Discovery - https://attack.mitre.org/techniques/T1087/\n\nT1135 - Network Share Discovery - https://attack.mitre.org/techniques/T1135/\n\nT1217 - Browser Bookmark Discovery - https://attack.mitre.org/techniques/T1217/\n\nT1201 - Password Policy Discovery - https://attack.mitre.org/techniques/T1201/\n\nT1518 - Software Discovery - https://attack.mitre.org/techniques/T1518/\n\n\nCollection:\n\nT1005 - Data from Local System - https://attack.mitre.org/techniques/T1005/\n\nT1056 - Input Capture - https://attack.mitre.org/techniques/T1056/\n\nT1074 - Data Staged - https://attack.mitre.org/techniques/T1074/\n\nT1113 - Screen Capture - https://attack.mitre.org/techniques/T1113/\n\nT1119 - Automated Collection - https://attack.mitre.org/techniques/T1119/\n\nT1123 - Audio Capture - https://attack.mitre.org/techniques/T1123/\n\nT1125 - Video Capture (TBD) - https://attack.mitre.org/techniques/T1125/\n\n\nCommand and Control \u0026 Exfiltration:\n\nT1020 - Automated Exfiltration - https://attack.mitre.org/techniques/T1020/\n\nT1043 - Commonly Used Port - https://attack.mitre.org/tactics/TA0011/\n\nT1537 - Transfer Data to Cloud Account - https://attack.mitre.org/techniques/T1537/\n","funding_links":[],"categories":["PowerShell","Github resources","PowerShell (153)","Pentesting"],"sub_categories":["Posts from Hacker101 members on how to get started hacking","Red Team"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FBankSecurity%2FRed_Team","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FBankSecurity%2FRed_Team","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FBankSecurity%2FRed_Team/lists"}