awesome-windows-red-team
github.com/marcosvalle/awesome-windows-red-team ↗A curated list of awesome Windows frameworks, libraries, software and resources for Red Teams
Use this list with your AI agent
Add the Context Awesome MCP server to Claude, Cursor, or any MCP client, then ask:
"Show me dde resources from awesome-windows-red-team"
Installation instructions →What's inside
Phishing
System Architecture
- Abusing GPO PermissionsLsass SAM NTLM GPO
- ADsecurity.orgActive Directory
- ATT&CK - Credential DumpingLsass SAM NTLM GPO
Credential Dumping
- Basic attacks on communication protocols – replay and reflection attacksKerberos
- BH2002 - Cracking NTLMv2 AuthenticationLsass SAM NTLM GPO
Cracking NTLMv2 Authentication
- BH2014 - Abusing Microsoft Kerberos: Sorry You Guys Don't Get ItKerberos
Abusing Microsoft Kerberos: Sorry You Guys Don't Get It
Exfiltration
- Abusing Windows Management Instrumentation (WMI)
- DEF CON 23 - Panel - WhyMI so Sexy: WMI Attacks - Real Time Defense and Advanced Forensics
Panel - WhyMI so Sexy: WMI Attacks - Real Time Defense and Advanced Forensics
- DerbyCon3 - Living Off The Land A Minimalist's Guide To Windows Post Exploitation
Living Off The Land A Minimalist's Guide To Windows Post Exploitation
Courses
- Advanced Windows Exploitation: Live Hands-on Penetration Testing Training
- Offensive Security Certified Expert
- Penetration Testing with Kali (PWK) Online Security Training Course
- Powershell for Pentesters - Pentester Academy
Pentester Academy
- Professor Messer's CompTIA SY0-501 Security+ Course
- Windows API Exploitation Recipes: Processes, Tokens and Memory RW
Lateral Movement
- An SMB Relay Race – How To Exploit LLMNR and SMB Message Signing for Fun and ProfitLLMNR/NBT-NS poisoning
- ATT&CK - Pass the HashPass the Hash
Pass the Hash
- ATT&CK - Pass the TicketPass the Ticket
Pass the Ticket
- BH2013 - Pass the Hash 2: The Admin's RevengePass the Hash
Pass the Hash 2: The Admin's Revenge
- BH2013 - Pass the Hash and other credential theft and reuse: Preventing Lateral Movement...Pass the Hash
Pass the Hash and other credential theft and reuse: Preventing Lateral Movement...
- From Pass-the-Hash to Pass-the-Ticket with No PainPass the Hash
Tools
- Atomic Red TeamAdversary Emulation
- Awesome PentestAdversary Emulation
- Awesome Red TeamingAdversary Emulation
- BloodHound
- CALDERAAdversary Emulation
- Cobalt StrikeAdversary Emulation
Defense Evasion
- AV Evasion - Obfuscating MimikatzAV
Obfuscating Mimikatz
- DerbyCon3 - Antivirus Evasion Lessons LearnedAV
Antivirus Evasion Lessons Learned
- DerbyCon7 - Evading AutorunsAV
Evading Autoruns
- DerbyCon7 - T110 Modern Evasion TechniquesAV
T110 Modern Evasion Techniques
- Getting PowerShell Empire Past Windows DefenderAV
- How to Bypass Anti-Virus to Run MimikatzAV
PowerShell
- BH2017 - Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science
Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science
- Daniel Bohannon – Invoke-Obfuscation: PowerShell obFUsk8tion
- DEF CON 18 - David Kennedy "ReL1K" & Josh Kelley - Powershell...omfg
David Kennedy "ReL1K" & Josh Kelley - Powershell...omfg
- DEF CON 22 - Investigating PowerShell Attacks
Investigating PowerShell Attacks
- DerbyCon2016 - 106 PowerShell Secrets and Tactics Ben0xA
106 PowerShell Secrets and Tactics Ben0xA
Showing a sample of 104 resources. View the full list on GitHub →