Public repository of my field notes from 25+ years as computer guy

Awesome secure by default libraries to help you eliminate bug classes!

Build AI assistants that interact with your systems

Build your personal knowledge base with Trilium Notes

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

MISP Playbooks

Google CTF

A simple threat modeling tool to help humans to reduce time-to-value when threat modeling

Config files for my GitHub profile.

OWASP Foundation Web Respository

A curated list of awesome browser security learning material.

Learn how to design large-scale systems. Prep for the system design interview. Includes Anki flashcards.

Tool to find metadata and hidden information in the documents.

A small tool to help developers understand a huge set of security requirements from appsec teams

A courseware built on the belief that anyone can learn foundational cloud engineering skills with the right guide and discipline

Open Source real-time strategy game engine for early Westwood games such as Command & Conquer: Red Alert written in C# using SDL and OpenGL. Runs on Windows, Linux, *BSD and Mac OS X.

Segment's Threat Modeling training for our engineers

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

XS-Leaks Wiki

KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

Analyze the security of any domain by finding all the information possible. Made in python.

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Detect and validate 500+ types of hardcoded secrets with advanced checks. Use it as a pre-commit hook, GitHub Action, or CLI for proactive secret detection and security.

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

Yar is a tool for plunderin' organizations, users and/or repositories.