Skip to content

Some Pentesters, Security Researchers, Red Teamers which i learned from them a lot...

Notifications You must be signed in to change notification settings

DamonMohammadbagher/Some_Pentesters_SecurityResearchers_RedTeamers

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 

Repository files navigation

Some_Pentesters_SecurityResearchers_RedTeamers

Pentester

Special thanks to Peerlyst Community for mentioning me on the list (27_Influential_Penetration_Testers) but for me, "john" from Purple team [https://lnkd.in/eVfKuah] + these guys in below list are Influential Security Researchers/Pentesters/Red Teamers & Defenders ...

Note
in my opinion they have/had good researches & codes + videos (i learned a lot useful things from these guys), this is not all of them in my list & you can make your own list better than me ;D ...

# [off---def] Nomi Sec , (Hacker-Trends) => https://github.com/nomi-sec/Hacker-Trends
# [offensive] Nomi Sec , (PoC in GitHub) => https://github.com/nomi-sec/PoC-in-GitHub 
# [offensive] Amarjit Labhuram , (Malware Development C# workshop for AfricaHackon 2021) => https://github.com/chr0n1k/AH2021Workshop
# [off--book] zhassulan zhussupov , (Ebook & Malware Development C++ , Research on cybersecurity practical cases.) https://github.com/cocomelonc/meow
+ [offensive] Kudaes , (Using fibers to run in-memory code in a different and stealthy way.) => https://github.com/Kudaes/Fiber
+ [offensive] ghostpepper108 , (EDR/AV evasion using direct syscalls and assembly) => https://github.com/ghostpepper108/Evasion
+ [offensive] zer0condition , (Recursive and arbitrary code execution at kernel-level without a system thread creation) => https://github.com/zer0condition/ZeroThreadKernel
+ [offensive] cinzinga , (A variety of AV evasion techniques written in C# for practice.) => https://github.com/cinzinga/Evasion-Practice
+ [offensive] 0xHossam , (About Is a tool created to evade AVs and EDRs or security tools) => https://github.com/0xHossam/Killer
+ [offensive] kleiton0x00 , (RedditC2 , Abusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit) => https://github.com/kleiton0x00/RedditC2
+ [offensive] VirtualAlllocEx , (This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assembly) => https://github.com/VirtualAlllocEx/Create_Thread_Inline_Assembly_x86
+ [offensive] VirtualAlllocEx , (Start with shellcode execution using Windows APIs (high level), ) => https://github.com/VirtualAlllocEx/Direct-Syscalls-A-journey-from-high-to-low
+ [offensive] VirtualAlllocEx , (This POC provides the ability to execute x86 shellcode in the form of a .bin file based on x86) => https://github.com/VirtualAlllocEx/Create_Thread-Inline_Assembly_x86_Fibers
+ [offensive] VirtualAlllocEx , (This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR) => https://github.com/VirtualAlllocEx/Create-Thread-Shellcode-Fetcher
+ [offensive] VirtualAlllocEx , (Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged) => https://github.com/VirtualAlllocEx/Taskschedule-Persistence-Download-Cradles
+ [offensive] Bl4ckM1rror , (OctopusKeylogger , Smart Keylogger written in C#) => https://github.com/Bl4ckM1rror/OctopusKeylogger
+ [offensive] Bl4ckM1rror , (ZombieThread , Another meterpreter injection technique using C# that attempts to bypass WD) => https://github.com/Bl4ckM1rror/ZombieThread
+ [offensive] @Memory_before , (wmiexec-Pro , New generation of wmiexec.py.) => https://github.com/XiaoliChan/wmiexec-Pro
+ [offensive] @D1rkMtr , (UnhookingPatch , Bypass EDR Hooks by patching NT API stub) => https://github.com/TheD1rkMtr/UnhookingPatch
+ [offensive] @D1rkMtr , (HeapCrypt , Encypting the Heap while sleeping by hooking and modifying Sleep) => https://github.com/TheD1rkMtr/HeapCrypt
+ [offensive] @chvancooten , (NimPlant, A light-weight first-stage C2 implant written in Nim.) => https://github.com/chvancooten/NimPlant
  [offensive] machine1337 , (C2 Server, C2 Server That Communicates Via Google SMTP to evade Antivirus) => https://github.com/machine1337/gmailc2
  [offensive] XaFF-XaFF , (Black Angel is a Windows 11/10 x64 kernel mode rootkit) => https://github.com/XaFF-XaFF/Black-Angel-Rootkit
  [offensive] XaFF-XaFF , (ZwProcessHollowing is a x64 process hollowing project which uses direct systemcall) => https://github.com/XaFF-XaFF/ZwProcessHollowing
  [offensive] @fortraofficial , (Use hardware breakpoints to spoof the call stack for both syscalls and API calls) => https://github.com/fortra/hw-call-stack  
  [offensive] @kleiton0x7e , (Execute shellcode from a remote-hosted bin file using Winhttp) => https://github.com/kleiton0x00/RemoteShellcodeExec/tree/main
  [offensive] @C5pider , (An easily modifiable shellcode template for Windows x64/x86) => https://github.com/Cracked5pider/ShellcodeTemplate
  [offensive] @anthemtotheego , (InlineExecute-Assembly is a proof of concept Beacon Object File) => https://github.com/anthemtotheego/InlineExecute-Assembly
  [offensive] @octoberfest73 , (Execute unmanaged Windows executables in CobaltStrike Beacons) => https://github.com/Octoberfest7/Inline-Execute-PE
  [offensive] @octoberfest73 , (A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk) => https://github.com/Octoberfest7/MemFiles
  [offensive] @C5pider, (C2 server, The Havoc Framework) => https://github.com/HavocFramework/Havoc
  [offensive] @C5pider, (Sleep Obfuscation) => https://github.com/Cracked5pider/Ekko
  [offensive] @omri_baso , (A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass) => https://github.com/OmriBaso/RToolZ
  [defensive] PI-Defender , (Kernel Security driver used to block past, current and future process injection techniques on Windows OS) => https://github.com/PI-Defender/pi-defender
  [offensive] @KlezVirus , (PoC Implementation of a fully dynamic call stack spoofer) => https://github.com/klezVirus/SilentMoonwalk
  [offensive] @_EthicalChaos_ , (Threadless Process Injection using remote function hooking) => https://github.com/CCob/ThreadlessInject
  [offensive] @0xBoku , (A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features) => https://github.com/boku7/BokuLoader
  [offensive] @D1rkMtr , (Loading Remote AES Encrypted PE in memory , Decrypted it and run it) => https://github.com/TheD1rkMtr/FilelessPELoader
  [offensive] @dec0ne , (HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP) => https://github.com/Dec0ne/HWSyscalls
  [offensive] @trickster012 , (Rust Weaponization for Red Team Engagements) => https://github.com/trickster0/OffensiveRust
  [offensive] @trickster012 , (roof of concept of bypassing(unhooking) the hook of potential EDRs) => https://github.com/trickster0/LdrLoadDll-Unhooking
  [offensive] Deep Instinct , (A POC for the new injection technique, abusing windows fork API to evade EDRs) => https://github.com/deepinstinct/Dirty-Vanity
  [offensive] @daem0nc0re , (investigation of Windows process execution techniques [C#]) => https://github.com/daem0nc0re/TangledWinExec
  [offensive] @D1rkMtr , (Bypass Userland EDR hooks by Loading Reflective Ntdll in memory) => https://github.com/TheD1rkMtr/NTDLLReflection
  [defensive] @ZeroMemoryEx , (malware analysts to extract Command and Control C2 traffic) => https://github.com/ZeroMemoryEx/C2-Hunter
  [offensive] lem0nSec , (CreateRemoteThread: how to pass multiple parameters to the remote thread function without shellcode) => https://github.com/lem0nSec/CreateRemoteThreadPlus
  [offensive] QAX A-Team , (A tool mainly to erase specified records from Windows event logs) => https://github.com/QAX-A-Team/EventCleaner
  [offensive] 3gstudent , (Remove individual lines from Windows XML Event Log (EVTX) files) => https://github.com/3gstudent/Eventlogedit-evtx--Evolution
  [offensive] @hlldz , (Windows Event Log Killer) => https://github.com/hlldz/Phant0m
  [defensive] @foxit , (detect use of the DanderSpritz eventlogedit module [recover the removed event log entries]) => https://github.com/fox-it/danderspritz-evtx
  [offensive] @Ceramicskate0 , (C# Tool to interact with MS Exchange based on MS docs) => https://github.com/ceramicskate0/SharpExchange
  [offensive] @reveng007 , (implant will exfiltrate data via smtp and will read commands from C2 [Gmail] via imap protocol) => https://github.com/reveng007/SharpGmailC2
  [offensive] @cyberwarfarelab , (VectoredSyscall) => https://github.com/RedTeamOperations/VEH-PoC
  [offensive] fosstodon.org/@mttaggart , (Notion as a platform for offensive operations) => https://github.com/mttaggart/OffensiveNotion
  [offensive] @t3l3machus , (A Windows reverse shell payload generator) => https://github.com/t3l3machus/hoaxshell
  [offensive] @Idov31 , (Sandman is a NTP based backdoor for red team engagements in hardened networks) => https://github.com/Idov31/Sandman  
  [offensive] @trickster012 , (OffensiveRust, weaponizing Rust for implant development and general offensive operations.) => https://github.com/trickster0/OffensiveRust
  [offensive] @rad9800 , (TamperingSyscalls is alternative solution to direct syscalls) => https://github.com/rad9800/TamperingSyscalls                   
  [defensive] @thefLinkk , (Hunt-Sleeping-Beacons. Aims to identify sleeping beacons) => https://github.com/thefLink/Hunt-Sleeping-Beacons 
  [offensive] @thefLinkk , (DeepSleep. A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC) => https://github.com/thefLink/DeepSleep
  [offensive] @frodosbon , (breakcyserver. Kill EDR Services) => https://github.com/waawaa/breakcyserver
  [offensive] @dr4k0nia , (Origami is Packer compressing .net assemblies, (ab)using the PE format for data storage) => https://github.com/dr4k0nia/Origami
  [offensive] @Flangvik , (SharpDllProxy. Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading => https://github.com/Flangvik/SharpDllProxy
  [offensive] @Flangvik , (NetLoader. Loads any C# binary in mem, patching AMSI/ETW) => https://github.com/Flangvik/NetLoader                             
  [offensive] @bishopfox , (Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing) => https://github.com/BishopFox/sliver
  [defensive] LOLBAS-Project, (LOLBAS project is to document every binary, script & library that can be used for Living Off The Land techniques) => https://github.com/LOLBAS-Project/LOLBAS
  [offensive] @0xrepnz , (APC Internals Research Code) => https://github.com/repnz/apc-research
  [offensive] Nettitude , (PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming) => https://github.com/nettitude/PoshC2
  [offensive] @waldoirc , (YouMayPasser is an x64 implementation of Gargoyle) => https://github.com/waldo-irc/YouMayPasser
  [offensive] @_Wra7h , (Process Ghosting [x64 only] in C#) => https://github.com/Wra7h/SharpGhosting
  [offensive] @_Wra7h , (AppRecoveryCallback Inject PoC C#) => https://github.com/Wra7h/ARCInject 
  [offensive] daem0nc0re , (C# Utilities for Windows Notification Facility WNF) => https://github.com/daem0nc0re/SharpWnfSuite
  [offensive] @cerbersec , (loader written in C/C++ based on the Transacted Hollowing technique) => https://github.com/Cerbersec/Ares
  [offensive] @daem0nc0re , (C# Tools and PoCs for Windows syscall investigation) => https://github.com/daem0nc0re/AtomicSyscall
  [defensive] @winternl_t , (syscall-detect) => https://github.com/jackullrich/syscall-detect
  [defensive] @slaeryan , (Detects Module Stomping as implemented by Cobalt Strike) => https://github.com/slaeryan/DetectCobaltStomp
  [defensive] @_Apr4h , (CobaltStrikeScan, Scan files or process memory for CobaltStrike beacons) => https://github.com/Apr4h/CobaltStrikeScan
  [defensive] Siemens Healthineers , ETWAnalyzer (Command line tool to analyze one/many ETW file/s with simple queries) => https://github.com/Siemens-Healthineers/ETWAnalyzer
  [defensive] KANKOSHEV , (Detect-HiddenThread-via-KPRCB, Detect removed thread from PspCidTable) => https://github.com/KANKOSHEV/Detect-HiddenThread-via-KPRCB
  [offensive] @slaeryan , FALCONSTRIKE , (About A stealthy, targeted Windows Loader for delivering second-stage payloads) => https://github.com/slaeryan/FALCONSTRIKE
  [offensive] Michael Maltsev , (A global injection and hooking example) => https://github.com/m417z/global-inject-demo
  [offensive] @GeorgePatsias1 , (Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion) ) => https://github.com/GeorgePatsias/ScareCrow-CobaltStrike
  [offensive] F-Secure Countercept , (research on module stomping) => https://github.com/countercept/ModuleStomping
  [defensive] @waldoirc , (Detect strange memory regions and DLLs ) => https://github.com/waldo-irc/MalMemDetect
  [defensive] Rabobank Cyber Defence Centre , (Detect Tactics, Techniques & Combat Threats) => https://github.com/rabobank-cdc/DeTTECT
  [offensive] CyberWarFare Labs , (Advanced-Process-Injection-Workshop by CyberWarFare Labs) => https://github.com/RedTeamOperations/Advanced-Process-Injection-Workshop
  [offensive] @KlezVirus , (SysWhispers on Steroids - AV/EDR evasion via direct system calls) => https://github.com/klezVirus/SysWhispers3
  [offensive] Mieleke Blaam , (Process-Hollowing, Great explanation of Process Hollowing [a Technique often used in Malware]) => https://github.com/m0n0ph1/Process-Hollowing
  [offensive] deepsight , (C2Centipede is a POC proxy for reverse HTTP shell tools (metasploit/empire) to evade beaconing detection) => https://github.com/deepsight/C2Centipede
  [offensive] Marshall Hallenbeck , (Red Team Attack Lab) => https://github.com/Marshall-Hallenbeck/red_team_attack_lab
  [defensive] @jordanklepser , (defender-detectionhistory-parser, A parser of Windows Defender's DetectionHistory forensic artifact) => https://github.com/jklepsercyber/defender-detectionhistory-parser
  [offensive] djhohnstein , (TSMSISrv_poc, C# POC for the SessionEnv dll hijack by utilizing called functions of TSMSISrv.dll) => https://github.com/djhohnstein/TSMSISrv_poc
  [offensive] @ajpc500  , (NimlineWhispers2, A tool for converting SysWhispers2 syscalls for use with Nim projects) => https://github.com/ajpc500/NimlineWhispers2
  [defensive] @ScarredMonk  , (SysmonSimulator, Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs) => https://github.com/ScarredMonk/SysmonSimulator
  [offensive] Paranoid Ninja   , (EtwTi-Syscall-Hook, A simple program to hook the current process to identify the manual syscall executions on windows) => https://github.com/paranoidninja/EtwTi-Syscall-Hook
  [offensive] AD995  , (bluffy, Convert shellcode into different formats) => https://github.com/ad-995/bluffy
  [offensive] FULLSHADE , (WARFOX is a software-based HTTPS beaconing Windows implant that uses a multi-layered proxy network for C2 communications.) => https://github.com/FULLSHADE/WarFox
  [offensive] John Tear , (injection technique using C# that attempts to bypass Defender) => https://github.com/plackyhacker/Suspended-Thread-Injection
  [offensive] @C5pider , (KaynLdr is a Reflective Loader written in C/ASM) => https://github.com/Cracked5pider/KaynLdr
  [offensive] Shai S , (Examine, create and interact with remote objects in other .NET processes) => https://github.com/theXappy/RemoteNET
  [offensive] John Tear , (Another method for unhooking AV/EDR) => https://github.com/plackyhacker/Peruns-Fart
  [offensive] John Tear , (spoof the command line when spawning a new process from C#) => https://github.com/plackyhacker/CmdLineSpoofer
  [offensive] 0xsp-SRD , (mortar, evasion technique to defeat and divert detection and prevention of security products AV/EDR/XDR) => https://github.com/0xsp-SRD/mortar
  [offensive] mobdk , (zCore, Optimized version, Nt/ZwProtectVirtualMemory has been removed with every syscall) => https://github.com/mobdk/zCore
  [offensive] mobdk , (CloneProcess, Clone running process with ZwCreateProcess) => https://github.com/mobdk/CloneProcess
  [offensive] John Tear , (Shellcode-Encryptor, simple shell code encryptor/decryptor/executor to bypass AVs) => https://github.com/plackyhacker/Shellcode-Encryptor
  [offensive] VollRagm , (KernelSharp, C# Kernel Mode Driver example using NativeAOT) => https://github.com/VollRagm/KernelSharp
  [defensive] Splunk , (Cmelting-cobalt, Cobalt Strike Scanner that retrieves detected Team Server beacons) => https://github.com/splunk/melting-cobalt
  [defensive] Ali Davanian , (CnCHunter is a fork of RiotMan, and it allows exploiting malware for active probing) => https://github.com/adava/CnCHunter
  [offensive] @mariuszbit , (Stracciatella, OpSec-safe Powershell runspace from within C# [aka SharpPick] with AMSI) => https://github.com/mgeeky/Stracciatella
  [offensive] @mariuszbit , (UnhookMe, UnhookMe is an universal Windows API resolver) => https://github.com/mgeeky/UnhookMe
  [offensive] @Kara4Search , (ThreadHijacking_CSharp, Process inject technique "Thread hijacking" via C#) => https://github.com/Kara-4search/ThreadHijacking_CSharp
  [offensive] @Kara4Search , (HellgateLoader_CSharp, Load shellcode via HELLGATE, Rewrite hellgate with C#.Net) => https://github.com/Kara-4search/HellgateLoader_CSharp
  [offensive] @Kara4Search , (FullDLLUnhooking_CSharp, Unhook DLL via cleaning the DLLs text section) => https://github.com/Kara-4search/FullDLLUnhooking_CSharp
  [offensive] @0xpwnisher , (Various WMI experiments in a closed environment) => https://github.com/pwn1sher/WMEye
  [offensive] @0xpwnisher , (UUID based Shellcode loader for your favorite C2) => https://github.com/pwn1sher/uuid-loader
  [offensive] wavestone-cdt , (EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections) => https://github.com/wavestone-cdt/EDRSandblast
  [offensive] @KleiberIngo , (Simple HTTP server for delivering & exfiltrating files/data) => https://github.com/IngoKl/HTTPUploadExfil
  [offensive] @Kara4Search , (Load ntdll.dll via file mapping to bypass API inline hook via C#) => https://github.com/Kara-4search/NewNtdllBypassInlineHook_CSharp
  [offensive] @Kara4Search , (MappingInjection via C#) => https://github.com/Kara-4search/MappingInjection_CSharp
  [offensive] mai1zhi2 , (SysWhispers2_x86_Sysenter is responsible for generating 32-bit program) => https://github.com/mai1zhi2/SysWhispers2_x86
  [offensive] @Jackson_T , (SysWhispers2 helps with evasion by generating header/ASM files) => https://github.com/jthuraisamy/SysWhispers2
  [offensive] @Jackson_T , (SysWhispers helps with evasion by generating header/ASM files) => https://github.com/jthuraisamy/SysWhispers
  [offensive] @PwnDexter , (SharpEDRChecker, New & improved C# Implementation of Invoke-EDRChecker) => https://github.com/PwnDexter/SharpEDRChecker
  [offensive] @PwnDexter , (Invoke-EDRChecker) => https://github.com/PwnDexter/Invoke-EDRChecker
  [offensive] @SolomonSklash , (A shellcode function to encrypt a running process image when sleeping) => https://github.com/SolomonSklash/SleepyCrypt
  [offensive] @aaaddress1 , (Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR) => https://github.com/aaaddress1/Skrull
  [offensive] @codewhitesec , (PIC lsass dumper using cloned handles) => https://github.com/codewhitesec/HandleKatz
  [offensive] @snovvcrash , (shellcode injection techniques) => https://github.com/snovvcrash/DInjector
  [offensive] @snovvcrash , (Process Hollowing Technique & Nim) => https://github.com/snovvcrash/NimHollow
  [offensive] John Tear , (A collection of C# shellcode injection techniques) => https://github.com/plackyhacker/Shellcode-Injection-Techniques
  [offensive] Moath Maharmeh , (SharpStrike is a post-exploitation tool written in C# that uses either CIM or WMI to query remote systems) => https://github.com/iomoath/SharpStrike
  [offensive] Moath Maharmeh , (Unmanaged PowerShell execution using DLLs or a standalone executable) => https://github.com/iomoath/PowerShx
  [offensive] @mariuszbit , (in-memory evasion technique & fluctuate between RW,NoAccess,RX memory protection) => https://github.com/mgeeky/ShellcodeFluctuation
  [offensive] @mariuszbit , (Thread Stack Spoofing/Call Stack Spoofing PoC) => https://github.com/mgeeky/ThreadStackSpoofer
  [offensive] @KlezVirus , (Template-Driven AV/EDR Evasion Framework) => https://github.com/klezVirus/inceptor
  [offensive] GetRektBoy724 , (Syscall Stub Stealer, Freshly steal Syscall stub straight from the disk) => https://github.com/GetRektBoy724/TripleS
  [offensive] pedro31851511 , (meterpeter, C2 Powershell Command & Control Framework with BuiltIn Commands) => https://github.com/r00t-3xp10it/meterpeter
  [defensive] Airbus CERT , (Wireshark plugin to work with ETW) => https://github.com/airbus-cert/Winshark
  [offensive] ahmedkhlief , (C2 server by Purple Team to do stealthy computer & AD enumeration) => https://github.com/ahmedkhlief/Ninja
  [offensive] zcgonvh , (Exploit for EfsPotato MS-EFSR EfsRpcOpenFileRaw) => https://github.com/zcgonvh/EfsPotato
  [offensive] @c__sto , (pure-go implementation of using direct syscalls to do Windowsy stuff) => https://github.com/C-Sto/BananaPhone
  [offensive] @aaaddress1 , (POC for Process Herpaderping, ProcssGhosting & miniCreateProcessEx techniques) => https://github.com/aaaddress1/PR0CESS
  [offensive] nettitude , (C# Reflective loader for unmanaged binaries) => https://github.com/nettitude/RunPE
  [defensive] @_forrestorr , (Moneta, memory scanner) => https://github.com/forrest-orr/moneta
  [defensive] @hasherezade , (Pe-Sieve, memory scanner) => https://github.com/hasherezade/pe-sieve
  [offensive] odzhan , (Shellcodes for Windows/Linux/BSD running on x86, AMD64, Arch32, Arch64) => https://github.com/odzhan/shellcode
  [offensive] mobdk , (Upsilon, execute shellcode with syscalls, no API like NtProtectVirtualMemory is used) => https://github.com/mobdk/Upsilon
  [defensive] @arch_rabbit , (Fibratus is a tool for exploration and tracing of the Windows kernel) => https://github.com/rabbitstack/fibratus
  [offensive] wireless90 , (1.ProcessHollowing, 2.Net APCQueue Injection Techniques) => https://github.com/wireless90/ProcessInjector.NET
  [offensive] @topotam77 , (PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions ) => https://github.com/topotam/PetitPotam
  [defensive] Rajiv Kulkarni , (FalconEye, Real-time detection software for Windows process injections) => https://github.com/rajiv2790/FalconEye
  [offensive] SafeBreach Labs , (Pinjectra is a C/C++ library that implements Process Injection techniques) => https://github.com/SafeBreach-Labs/pinjectra
  [offensive] RedCursorSecurityConsultin , (Tool to bypass LSA Protection [aka Protected Process Light]) => https://github.com/RedCursorSecurityConsulting/PPLKiller
  [off---def] @brsn76945860 , (Enumerating and removing kernel callbacks using signed vulnerable drivers) => https://github.com/br-sn/CheekyBlinder
  [offensive] Ralph May , (deploy a phishing engagement in the cloud) => https://github.com/ralphte/build_a_phish
  [defensive] @standa_t , (tool to help malware analysts tell that the sample is injecting code to another process) => https://github.com/tandasat/RemoteWriteMonitor
  [offensive] @safe_buffer , (LightMe is a Simple HTTP Server serving Powershell Scripts/Payloads after Obfuscate them) => https://github.com/WazeHell/LightMe
  [defensive] Microsoft , (MSFT, CPU/Memory performance-analysis,very useful ETW Codes & tools for Blue Teams/Defenders) => https://github.com/microsoft/perfview
  [offensive] @_S_aint_Iker , (Process Ghosting Tool [64 bits Only]) => https://github.com/IkerSaint/KingHamlet/
  [offensive] cube0x0 , (SharpeningCobaltStrike, in realtime compiling of dotnet v35/v40 exe/dll binaries + obfuscation...)https://github.com/cube0x0/SharpeningCobaltStrike
  [defensive] HoShiMin , (Avanguard, The Win32 Anti-Intrusion Library) => https://github.com/HoShiMin/Avanguard 
  [offensive] Nicholas Spagnola , (MalwareDev) => https://github.com/MakoSec/MalwareDev
  [offensive] @aaaddress1 , (RunPE-In-Memory, Run 32bit/64bit copy of Exe File in memory like an Application Loader) => https://github.com/aaaddress1/RunPE-In-Memory
  [offensive] Samuel Wong , (NET-Obfuscate, Obfuscate ECMA CIL [.NET IL] assemblies to evade Windows Defender AMSI.) => https://github.com/BinaryScary/NET-Obfuscate
  [offensive] @matterpreter , (OffensiveCSharp, collection of C# tooling & POCs for use on operations) => https://github.com/matterpreter/OffensiveCSharp
  [off---def] m0rv4i , (Syscalls-Extractor, extracting syscall numbers for an OS) => https://github.com/m0rv4i/Syscalls-Extractor
  [offensive] @_batsec_ , (DarkLoadLibrary, LoadLibrary for offensive operations) => https://github.com/bats3c/DarkLoadLibrary
  [offensive] @Yas_o_h , (Backstab is a tool capable of killing antimalware protected processes by leveraging sysinternals) => https://github.com/Yaxser/Backstab
  [offensive] @passthehashbrwn , (avoiding direct syscall detections) => https://github.com/passthehashbrowns/hiding-your-syscalls
  [offensive] @kevin_robertson , (cross-platform .NET IPv4/IPv6 machine-in-the-middle tool) => https://github.com/Kevin-Robertson/Inveigh
  [defensive] Lares , (Pushes Sysmon Configs) => https://github.com/LaresLLC/SysmonConfigPusher
  [offensive] Gabriel Landau , (Post/Article: Process Ghosting) => https://www.elastic.co/blog/process-ghosting-a-new-executable-image-tampering-attack
  [offensive] @mariuszbit , (Cobalt Strike C2 Reverse proxy) => https://github.com/mgeeky/RedWarden
  [offensive] Alex Davies , (Some C# Process Injection Techniques) => https://github.com/pwndizzle/c-sharp-memory-injection
  [defensive] Improsec A/S , (Identify the attack paths in BloodHound breaking your AD tiering) => https://github.com/improsec/ImproHound
  [offensive] @itm4n , (Dump the memory of a PPL with a userland exploit) => https://github.com/itm4n/PPLdump
  [offensive] @R0h1rr1m , (Userland API Unhooker Project) => https://github.com/frkngksl/Celeborn
  [offensive] @checkymander , (run python code on systems without Python installed) => https://github.com/checkymander/Zolom
  [off--docs] @joevest , (redteam guide) => https://redteam.guide/docs/
  [offensive] @positive_sec , (upload arbitrary data from devices without internet) => https://github.com/positive-security/send-my
  [offensive] @infosecn1nja , (Red Teaming/Adversary Simulation Toolkit) => https://github.com/infosecn1nja/Red-Teaming-Toolkit
  [defensive] @pathtofile , (Easy ETW Tracing for Security Research) => https://github.com/pathtofile/Sealighter
  [offensive] https://github.com/optiv , (Dent) => https://github.com/optiv/Dent
  [off--blog] @pentestlabltd , (blog) => https://pentestlaboratories.com/blog/
  [offensive] @dafthack , (Cloud Pentest Cheatsheets) => https://github.com/dafthack/CloudPentestCheatsheets
  [off---def] @ale_sp_brazil , (dotnet malware threat, internals & reversing) => http://www.blackstormsecurity.com/docs/ALEXANDREBORGES_DEFCON_2019.pdf
  [defensive] @_lpvoid , (TiEtwAgent is ETW-based process injection detection) => https://github.com/xinbailu/TiEtwAgent
  [defensive] ComodoSecurity , (OpenEDR is a free & open source platform EDR) => https://github.com/ComodoSecurity/openedr
  [defensive] wazuh , (Wazuh is a free & open source platform EDR) => https://github.com/wazuh/wazuh
  [off---def] @0gtweet , (Simple solutions allowing you to dig a bit deeper than usual) => https://github.com/gtworek/PSBits
  [defensive] @cyb3rops , (Raccine, A Simple Ransomware Protection) => https://github.com/Neo23x0/Raccine
  [offensive] @scrtsa , (avcleaner, C/C++ source obfuscator for antivirus bypass) => https://github.com/scrt/avcleaner
  [offensive] @Arno0x0x , (DNSExfiltrator, Transfering/exfiltrate a file over a DNS request covert channel) => https://github.com/Arno0x/DNSExfiltrator
  [offensive] Mauricio Velazco & Olindo Verrillo, (defcon-27, Writing custom backdoor payloads with C#) => https://github.com/mvelazc0/defcon27_csharp_workshop
  [offensive] @Ne0nd0g , (Merlin is a cross-platform post-exploitation C2 server + agent written in Golang) => https://github.com/Ne0nd0g/merlin
  [offensive] CyberArk , (Kubesploit is a cross-platform post-exploitation C2 server + agent with Golang) => https://github.com/cyberark/kubesploit
  [offensive] G0ldenGunSec , (Post/Article: Transactional NTFS + API Hooking to Trick the CLR into Loading Your Code “From Disk”) https://blog.redxorblue.com/2021/05/assemblylie-using-transactional-ntfs.html
  [offensive] @_lpvoid , (DripLoader, Evasive shellcode loader for bypassing event-based injection detection) => https://github.com/xinbailu/DripLoader 
  [defensive] 3lp4tr0n , (BeaconHunter , Behavior based monitoring and hunting tool built in C# tool leveraging ETW tracing) => https://github.com/3lp4tr0n/BeaconHunter
  [offensive] antonioCoco , (RemotePotato0, Windows Privilege Escalation from User to Domain Admin) => https://github.com/antonioCoco/RemotePotato0
  [defensive] OpenCTI , (open source platform allowing organizations to manage their cyber threat intelligence knowledge) => https://github.com/OpenCTI-Platform/opencti
  [offensive] hackerschoice , (two users behind NAT/Firewall to establish a TCP connection with each other) => https://github.com/hackerschoice/gsocket
  [offensive] @JulioUrena , (SharpNoPSExec, File less command execution for lateral movement) => https://github.com/juliourena/SharpNoPSExec
  [off---def] Mr.Un1k0d3r , (EDRs Hooked APIs + some useful EDRs info for during red team exercise) => https://github.com/Mr-Un1k0d3r/EDRs
  [offensive] Yarden Shafir , (Post/Article: Thread/Process State Change & EDR Hook Evasion Method) => https://windows-internals.com/thread-and-process-state-change/
  [defensive] ion-storm , (Sysmon EDR Active Response Features) => https://github.com/ion-storm/sysmon-edr
  [offensive] @tokyoneon_ , (Chimera, PowerShell obfuscation script designed to bypass AMSI and antivirus) => https://github.com/tokyoneon/Chimera
  [offensive] nodauf , (Grish ,Golang Interactive Reverse SHell) => https://github.com/nodauf/Girsh
  [offensive] @pedro31851511 , (reverse tcp shells in post-exploitation tasks) => https://github.com/r00t-3xp10it/redpill
  [offensive] Ryan Reeves , (3 Process Hollowing PoC) => https://github.com/reevesrs24/EvasiveProcessHollowing
  [off---def] Roberto Rodriguez @Cyb3rWard0g , (Education/Training: Threat Hunter Playbook) => https://threathunterplaybook.com/introduction.html
  [offensive] hasherezade , (Education/Training: Malware Training) => https://github.com/hasherezade/malware_training_vol1
  [offensive] 0xpat (Education/Training: Red/Purple Teamers [Malware development] ) => https://0xpat.github.io/
  [offensive] @ShitSecure , (Nim Codes for CBT CallBackTechniques) => https://github.com/S3cur3Th1sSh1t/Nim_CBT_Shellcode
  [offensive] @_EthicalChaos_ , (Mirrordump, dump lsass) => https://github.com/CCob/MirrorDump
  [off---def] @_EthicalChaos_ , (MiniHook, hooking native API calls ) => https://github.com/CCob/MinHook.NET
  [off---def] Black Lantern Security, (writehat , Pentest reporting tool written in Python) => https://github.com/blacklanternsecurity/writehat
  [offensive] jthuraisamy, (Enumerate and disable common sources of telemetry used by AV/EDR.) => https://github.com/jthuraisamy/TelemetrySourcerer
  [offensive] ChaitanyaHaritash , (Shellcode Execution via Callback Func) => https://github.com/ChaitanyaHaritash/Callback_Shellcode_Injection
  [offensive] S4R1N , (Shellcode Execution via Callback Func) => https://github.com/S4R1N/AlternativeShellcodeExec
  [offensive] Deep Instinct, (lsass Dumper) => https://github.com/deepinstinct/LsassSilentProcessExit
  [offensive] asaurusrex, (Project to check which Nt/Zw functions your local EDR is hooking) => https://github.com/asaurusrex/Probatorum-EDR-Userland-Hook-Checker
  [offensive] optive, ScareCrow (Bypass EDR hooks, Whitelisting) => https://github.com/optiv/ScareCrow
  [offensive] antonioCoco or @splinter_code , (Mapping-Injection) => https://github.com/antonioCoco/Mapping-Injection
  [offensive] @spotheplanet (C++, minidumpwritedump , [without mimikatz]) => https://github.com/mantvydasb/RedTeam-Tactics-and-Techniques/blob/master/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass.md
  [offensive] @m0rv4i (C#, SafetyDump PID/lsass dumper [in-memory]) https://github.com/m0rv4i/SafetyDump
  [offensive] https://twitter.com/marcosd4h  Minjector/Memhunter (injector/ETW) => https://github.com/marcosd4h/memhunter
  [offensive] sh4hin , GoPurple (injector) => https://github.com/sh4hin/GoPurple
  [offensive] odzhan , Injection Methods => https://github.com/odzhan/injection
  [offensive] monozgas , sRDI (injector) => https://github.com/monoxgas/sRDI
  [offensive] @r3n_hat , (C# c2, GRAT2) => https://github.com/r3nhat/GRAT2
  [offensive] @jxy__s , (Process herpaderping) => https://github.com/jxy-s/herpaderping
  [defensive] @jtsmith282 , Blue teams monitor systems => https://github.com/ION28/BLUESPAWN
  [offensive] @Ch0pin , (AVIator) => https://github.com/Ch0pin/AVIator
  [off--blog] @netbiosX (Education/Training: blog) => https://pentestlab.blog/
  [offensive] @TheRealWover , (donut) => https://github.com/TheWover/donut
  [offensive] @gentilkiwi , (mimikatz) => https://github.com/gentilkiwi/mimikatz
  [offensive] @_RastaMouse , (SharpC2) => https://github.com/SharpC2/SharpC2
  [offensive] @b4rtik , (SharpMiniDump) => https://github.com/b4rtik/SharpMiniDump
  [offensive] @FuzzySec , (Sharp-Suite) => https://github.com/FuzzySecurity/Sharp-Suite
  [offensive] @FuzzySec , (Fermion) => https://github.com/FuzzySecurity/Fermion
  [offensive] @cobbr_io , (C2, Covenant) => https://github.com/cobbr/Covenant
  [offensive] @cobbr_io , (SharpSploit) => https://github.com/cobbr/SharpSploit
  [offensive] @pedro31851511 => https://github.com/r00t-3xp10it/Meterpreter_Paranoid_Mode-SSL
  [offensive] @gweeperx  , (SSI ,injector) => https://github.com/DimopoulosElias/SimpleShellcodeInjector
  [defensive] @hasherezade , (hollows_hunter , memory scanner) => https://github.com/hasherezade/hollows_hunter
  [offensive] @byt3bl33d3r , (SILENTTRINITY) => https://github.com/byt3bl33d3r/SILENTTRINITY
  [offensive] badBounty , (directInjectorPOC) => https://github.com/badBounty/directInjectorPOC
  [off---def] mvelazc0 , (PurpleSharp) => https://github.com/mvelazc0/PurpleSharp
  [offensive] @slaeryan , (Red-Teamer/Pentester Tools) => https://github.com/slaeryan/AQUARMOURY
  [off---def] boh , (C# Tools) => https://github.com/boh/RedCsharp
  [offensive] shogunlab , (Education/Training: ebook) => https://github.com/shogunlab/building-c2-implants-in-cpp
  [off---def] redcanaryco , (Red-Teaming) => https://github.com/redcanaryco/atomic-red-team
  [offensive] @_batsec_ , (shad0w) => https://github.com/bats3c/shad0w
  [offensive] @_forrestorr , (DLL hollowing) => https://github.com/forrest-orr/phantom-dll-hollower-poc
  [off--blog] @jack_halon , (blog) => https://jhalon.github.io
  [offensive] @martinoj2009 , (ICMP Exfil tool) => https://github.com/martinoj2009/ICMPExfil
  [offensive] @mubix , (hak5) => https://www.youtube.com/c/hak5/playlists
  [off--blog] @bohops , (blog) => https://bohops.com
  [offensive] https://twitter.com/buffaloverflow
  [offensive] https://twitter.com/domchell
  [off--blog] OsandaMalith , (blog) => https://osandamalith.com
  [off--blog] @_xpn_ , (blog) => https://blog.xpnsec.com
  [off--blog] @am0nsec , (blog) => https://ntamonsec.blogspot.com
  [off--blog] @peewpw , (blog) => https://www.peew.pw
  [offensive] https://twitter.com/5ub34x
  [offensive] https://twitter.com/vvalien1
  [off--blog] @424f424f , (blog) => https://medium.com/@rvrsh3ll

Some Videos About Pentesters & Red/Purple/Blue Teams (Offensive/Defensive teams + SOC/CTI...), these Videos made by Security Researchers/Pentesters/Red/Purple/Blue Teamers...

Note
i think you should watch these videos one by one, As Pentester/Red/Blue/Purple Teamer (Security Teams) these videos will help you a lot... (these video was useful to me a lot, but this list was for New Videos & i will add more videos (new/old videos) to this new list soon...

Note
these guys in these videos are "humble" which is important to me & their videos is very useful (technically).

"Humble" + "Useful" + "Pro" = "these guys ;D in this video list ..."

(videos: last update 01 Oct 2022)

! ([Programming] Hacking C#: Development for the Truly Lazy ,Simon Painter) => https://www.youtube.com/watch?v=0ial6pfgV9g
! ([Programming] Keynote: How do our ideas about coding affect the software we create? ,Christin Gorman) => https://www.youtube.com/watch?v=sSee-aDjtmw
! ([Programming] Locknote: Programming’s Greatest Mistakes ,Mark Rendle) => https://www.youtube.com/watch?v=YfKzJuXmZX8&t=1542s
! ([Programming] Measuring DevSecOps ,Victoria Almazova) => https://www.youtube.com/watch?v=UXQHREbSV-0
! ([Programming] What is DevSecOps? ,Andrea Crawford) => https://www.youtube.com/watch?v=J73MELGF6u0
! ([Programming] Where’s C# headed? ,Mads Torgersen) => https://www.youtube.com/watch?v=v8bqAm4aUFM
+ (Bypassing Microsoft Defender for Identity. Nikhil Mittal) => https://www.youtube.com/watch?v=bzLvOu1awKM
+ (Sideloading in Signed Office files, Pieter Ceelen & Dima van de Wouw) => https://www.youtube.com/watch?v=ll-ViQT9Oew
+ (Operation ShadowHammer: Costin Raiu and Vitaly Kamlyuk at TheSAS2019) => https://www.youtube.com/watch?v=T5wPwvLrBYU
+ (Nullcon: How To Bypass AM-PPL & Disable EDRs - A Red Teamer's Story-Stephen Kho & Juan Sacco) => https://www.youtube.com/watch?v=QtObgEfy5Jw
+ (Introduction to Threat Modeling | Siddhant Chouhan | Winja Unplugged) => https://www.youtube.com/watch?v=mpw-Lsqa5Ls
+ (Develop Your Own RAT: EDR + AV Defense by Dobin Rutishauser) => https://www.youtube.com/watch?v=w0bh7s7bVXI
+ (Building A Red Team – The Best Defense Is A Good Offense by Daniel Fabian) => https://www.youtube.com/watch?v=yfgfixMKFGI
+ (Command & Control Freak: Cloud Edition by Dagmawi Mulugeta) => https://www.youtube.com/watch?v=grCToZwUacc
(Jake Williams presents update on Cyber Threat Intelligence program) => https://youtu.be/MHfGIY2IyXE?t=414
(ATT&CK Updates: Data Sources and Detection, by Alexia Crumpton) => https://www.youtube.com/watch?v=eBeIRYeq7SM
(State of ATT&CK - ATT&CKcon 3.0 Day 1) => https://www.youtube.com/watch?v=1JLZkNe085g
(When Insiders ATT&CK! - ATT&CKcon 3.0 Day 2) => https://www.youtube.com/watch?v=qJ3DrNAbtxg 
(Mapping to MITRE ATT&CK - ATT&CKcon 3.0 Day 1) => https://www.youtube.com/watch?v=uYJAoedpJkQ
(ATT&CKing the Red/Blue Divide - ATT&CKcon 3.0 Day 2) => https://www.youtube.com/watch?v=lxAQiq2XtEQ
(Insights Into Highly Valued Data Sources) => https://www.youtube.com/watch?v=ba2e9pWxboU
(racking Noisy Behavior and Risk-Based Alerting with ATT&CK, by Haylee Mills) => https://www.youtube.com/watch?v=qqNUmfOW3gU
(Prioritizing Detection Implementation with Intelligence and ATT&CK, by Lindsay Kaye & Scott Small) => https://www.youtube.com/watch?v=pwl7L_Lh9_c
(Knowledge for the Masses: Storytelling with ATT&CK!) => https://www.youtube.com/watch?v=eRHw-An9NuI
(What is ATT&CK Coverage Anyway? Breadth and Depth Analysis w/ Atomic Red Team) => https://www.youtube.com/watch?v=RRq8jqFY6ts
(Blue-Team-as-Code: Lessons From Real-world Red Team Detection Automation Using Logs, By Oleg Kolesnikov & Den Iuzvyk) => https://www.youtube.com/watch?v=fz6SYlfvc-Y
(BH, Process Injection Techniques - Gotta Catch Them All, By Itzik Kotler and Amit Klein) => https://www.youtube.com/watch?v=xewv122qxnk
(BH, Exploiting Windows COM/WinRT ServicesExploiting Windows COM/WinRT Services, By XueFeng Li & Zhiniang Peng) => https://www.youtube.com/watch?v=KeQ0PHrHDVs
(BH, The Dark Age of Memory Corruption Mitigations in the Spectre Era, By Andrea Mambretti & Alexandra Sandulescu) => https://www.youtube.com/watch?v=vI7ABcuclpg
(BH, Rope: Bypassing Behavioral Detection of Malware with Distributed ROP-Driven Execution, By Daniele Cono D'Elia & Lorenzo Invidia) => https://www.youtube.com/watch?v=PBDHhOtc0zM
(BH, Securing Open Source Software - End-to-end, At massive scale, Together, By Jennifer Fernick & Christopher Robinson) => https://www.youtube.com/watch?v=S2ZFF5LyL_Y
(BH, Anatomy of Native IIS Malware, By Zuzana Hromcova) => https://www.youtube.com/watch?v=OwCmuQHHOUA
(BH, CnCHunter: An MITM-Approach to Identify Live CnC Servers, By Ali Davanian, Ahmad Darki & Michalis Faloutsos) => https://www.youtube.com/watch?v=UNQ-ZnbYfeQ
(BH, Fixing a Memory Forensics Blind Spot: Linux Kernel Tracing, By Andrew Case & Golden Richard) => https://www.youtube.com/watch?v=6oe7qL7-WoI
(BH, Locknote: Conclusions and Key Takeaways from Black Hat Europe 2021) => https://www.youtube.com/watch?v=neEytnFh_TY
(BH, Threat Hunting in Active Directory Environment By Anurag Khanna & Thirumalai Natarajan Muthiah) => https://www.youtube.com/watch?v=lBIaLmvVpBE
(BH, How Did the Adversaries Abusing the Bitcoin Blockchain Evade Our Takeover?) => https://www.youtube.com/watch?v=y8Z9KnL8s8s
(BH, Reverse Engineering Compliance by Adam Shostack) => https://www.youtube.com/watch?v=j7nDXgLahhU
(BH, Domain Borrowing, Catch My C2 Traffic if You Can) => https://www.youtube.com/watch?v=eVr0kKdgM2I
(BH, Mem2Img, Memory-Resident Malware Detection via Convolution Neural Network) => https://www.youtube.com/watch?v=6SDdUVejR2w
(Malware Traffic and CyberChef Magic 2021-08-19, by Doug Burks) => https://www.youtube.com/watch?v=dF2zWBO-Dgc
(Quick Malware Analysis with Security Onion, pcap from 2021-08-05, by Doug Burks) => https://www.youtube.com/watch?v=KBjr1fdb3jY
(DEF CON 29 Adversary Village, Mauricio Velazco, PurpleSharp Automated Adversary Simulation) => https://www.youtube.com/watch?v=yi1epKf0lcM
(DEF CON 29 Adversary Village, Jose Garduno, C2Centipede APT level C2 communications for common rev) => https://www.youtube.com/watch?v=m6ygA5oPSQo
(BHIS, No SPAN Port? No Tap? No Problem!, John Strand) => https://www.youtube.com/watch?v=EqjmZqa_Dho
(BHIS, How to Build a Phishing Engagement, Coding TTP's, Ralph May) => https://www.youtube.com/watch?v=VglCgoIjztE
(2021 Threat Detection Report , Red Canary) => https://www.youtube.com/watch?v=wk5qVUZnJp0
(Advanced Memory Forensics [Windows], Threat_Hunting & Initial Malware_Analysis [P1]) => https://www.youtube.com/watch?v=WB29XIUZjRU
(Workshop Track, Atomic red team , Carrie & Darin) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/b11b2349625349bfbfd3981ab9aced32/watch?source=CHANNEL
(Jason Downey, Six Things No One !@#$ing Told Me About Pentesting) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/249e698776384175a51f78b58bc75f86/watch?source=CHANNEL
(Jake Williams, Seeing the Forest Through the Trees Foundations of Event Log Analysis) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/47b94dcf6ba246cfb8657dbde5bd2e1f/watch?source=CHANNEL
(Dave Kennedy, Designing an Offensive Strategy for Defense) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/91b6bdc4a42f438a9fee0a6dcc4781de/watch?source=CHANNEL
(Madhav Bhatt & Brad Richardson, Red Team Engagements How to Train Your Blue Team to Hunt Adversaries) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/f8e577b0951d42d2895ae7b815743a7a/watch?source=CHANNEL
(Mauricio Velazco, PurpleSharp) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/c05f7c791eae4cc884931b40db37bb79/watch?source=CHANNEL
(Ralph May, Automate your Redteam) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/d2946bef40254e86aa1d439fbe7b965f/watch?source=CHANNEL
(Brian Donohue, Atomic Red Team) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/63ba587692a04df1b44a37e69f7bdf51/watch?source=CHANNEL
(Jorge Orchilles, Operationalizing Purple Team) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/240b20fd5c304f96b992eee10313e2ec/watch?source=CHANNEL
(SPECIAL WEBCAST, New Wave of Ransomware Attacks: How did this happen?, John Strand) => https://www.youtube.com/watch?v=v1jmrk758cM
(Hak5 ...) => https://www.youtube.com/c/hak5/playlists
(WWHF, Abusing Microsoft Office for Post-Exploitation, Kyle Avery) => https://www.youtube.com/watch?v=tWQNM2vuQEM
(Hands-On Purple Team Workshop with Tim Schulz, June 2) => https://www.youtube.com/watch?v=oogvR1U7Cls
(Collaborate and Validate, Let's talk Purple Teaming with SCYTHE & PlexTrac) => https://www.youtube.com/watch?v=XtC6xoIiHJU
(Practical Exploitation with Mubix, formerly Metasploit Minute) => https://www.youtube.com/playlist?list=PLW5y1tjAOzI3n4KRN_ic8N8Qv_ss_dh_F
(SCYTHE: #ThreatThursday, Conti Ransomware) => https://www.youtube.com/watch?v=R4rKnjs2VvA
(RTV: Threat Hunting With Elastic Security by Aravind Putrevu & Haran Kumar) => https://www.youtube.com/watch?v=E0Iix1jxVvo
(The SOC Puzzle: Where Does Threat Hunting Fit?, 2020 Threat Hunting & Incident Response Summit) => https://www.youtube.com/watch?v=Ut1t_n6NPQE
(Purple Team Maturity Model, Jorge Orchilles & Tim Schulz) => https://www.youtube.com/watch?v=iE0CgG0MAH4
(BHIS, Getting Started in Pentesting The Cloud: Azure, Beau Bullock) => https://www.youtube.com/watch?v=u_3cV0pzptY
(Topic 03 VQL Fundamentals Pt 2) => https://www.youtube.com/watch?v=tsmb_CuLVlE
(Live Launch: 2021 Threat Detection Report) => https://www.youtube.com/watch?v=wk5qVUZnJp0
(UniCon21) => https://www.youtube.com/watch?v=4WUauzWKa9M
(the Purple Team exercise is done: Now What? with Daniel DeCloss Founder & CEO PlexTrac) => https://www.youtube.com/watch?v=HNG3HNEcHs8
(1-10-60 Detection Metrics with Dmitri Alperovitch & Bryson Bort) => https://www.youtube.com/watch?v=arzi5LCI_Uk
(Detection Mechanisms for Common RedTeam TTPs) => https://www.youtube.com/watch?v=DSTsF0w3jMw 
(Threat Hunting with Sysmon - Binary Defense) => https://www.youtube.com/watch?v=pnnnCgTyZo8
(Hands-On Purple Team Workshop with Tim Schulz.March 31) => https://www.youtube.com/watch?v=v7j1ZJy-BFw
(Purple Team Exercise Framework PTEF Workshop) => https://www.youtube.com/watch?v=kGCH-DjGM8M
(PurpleTeamSummit Hands-On Purple Team Workshop) => https://www.youtube.com/watch?v=rwOh9MC0M7E
(Hands-On Purple Team Workshop with Tim Schulz) => https://www.youtube.com/watch?v=kTEBhfzLoXM
(BHIS-Your Free and Open Source EDR Options!, John Strand) => https://www.youtube.com/watch?v=yrFnlbwFG_E
(BHIS-EMERGENCY WEBCAST: OK, let's talk about ransomware, John Strand) => https://www.youtube.com/watch?v=wKAQB4Yp-k4
(BHIS-OPSEC Fundamentals for Remote Red Teams, Michael Allen) => https://www.youtube.com/watch?v=AHwfV3NFlno
(Atomic Purple Team Framework and Life Cycle, Kent Ickler & Jordan Drysdale) => https://www.youtube.com/watch?v=_KqtVWrw_Gc
(IPv6: How to Securely Start Deploying, Joff Thyer) => https://www.youtube.com/watch?v=ft35bUVxiLQ
(A Blue Team's Perspective on Red Team Hack Tools) => https://www.youtube.com/watch?v=0mIN2OU5hQE
(Active Defense & Cyber Deception - Part 1) => https://www.youtube.com/watch?v=uxktoNrIk4Q
(Active Defense & Cyber Deception - Part 2) => https://www.youtube.com/watch?v=qGwqYjJZclU
(Active Defense & Cyber Deception - Part 3) => https://www.youtube.com/watch?v=vmfB2u6rXtk
(Enterprise Recon For Purple Teams) => https://www.youtube.com/watch?v=5c4KHB8dZMw
(In-Depth SILENTTRINITY Demo, Explanation & Walkthrough!) => https://www.youtube.com/watch?v=0_b3A1SOyVw
(How to attack when LLMNR, mDNS, and WPAD attacks fail - Eavesarp) => https://www.youtube.com/watch?v=cKDdy0JFXpA
(Endpoint Security Got You Down? No PowerShell? No Problem.) => https://www.youtube.com/watch?v=IGMj9paeEWM
(Two Covert Command & Control (C2) Channels) => https://www.youtube.com/watch?v=USYXKK1MDU0
(Attack Tactics 5: Zero to Hero Attack) => https://www.youtube.com/watch?v=kiMD0JFFheI
(RITA, Finding Bad Things on Your Network Using Free & Open Source Tools) => https://www.youtube.com/watch?v=mpCBOQSjbOA
(WWHF Deadwood 2020-Everything You've Been Told About Threat Hunting is a Lie, Lesley Carhart) => https://www.youtube.com/watch?v=5mdsV2FTDR8
(WWHF Deadwood 2020-Don C. Weber, Detecting Encrypted Radio Communications Using Universal) => https://www.youtube.com/watch?v=fgJaNIAlk0E
(WWHF Deadwood 2020-Jorge Orchilles, Emulating Adversaries Via Attack Chains) => https://www.youtube.com/watch?v=BDzw9cGEJos
(WWHF Deadwood 2020-Dan DeCloss, Purple Teaming With Runbooks for Plextrac) => https://www.youtube.com/watch?v=8kuutYNz0I8
(WWHF Deadwood 2020-A Quickstart Guide to Insider Threats, Adam Mashinchi) => https://www.youtube.com/watch?v=GKK0ZS07neY
(WWHF Deadwood 2020-Stephen Spence, Converting Blue Team into Advanced Host-Based Alerting) => https://www.youtube.com/watch?v=Jlf-CMFYNtw
(WWHF Deadwood 2020-Resilient Detection Engineering, Olaf Hartong) => https://www.youtube.com/watch?v=zMPouyUNX5c
(WWHF Deadwood 2020-Tao and the Art of Tshark Fields, Chris Brenton) => https://www.youtube.com/watch?v=lQCTPTGWYv0
(WWHF Deadwood 2020-Exploits, Research, Tools, and the Impact to Security, Dave Kennedy) => https://www.youtube.com/watch?v=iVNxfvU5xm8
(WWHF Deadwood 2020-Upping Your Defenses & Detections For the Low Price of FREE, Kent & Jordan) => https://www.youtube.com/watch?v=S0VaNt3i9JU
(Functional Testing: A New Era of Pentesting, The December Roundup-Cloud Pentesting, Jon Helmus) => https://www.youtube.com/watch?v=wYMNd5oks5s
(Unicorn Evangelism: The Case for Purple Teaming, Kent Icker & Jordan Drysdale) => https://www.youtube.com/watch?v=VxUgr0MrBJA
(Move Aside Script Kiddies–Malware Execution in the Age of Advanced Defenses, Joff Thyer) => https://www.youtube.com/watch?v=wTmQ5FaRmf4

Flag Counter