Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

A collection of manifests that will create pods with elevated privileges.

Read your tfstate or HCL to generate a graph specific for each provider, showing only the resources that are most important/relevant.

This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.

A Post-exploitation Toolset for Interacting with the Microsoft Graph API

A community trust management system based on explicit vouches to participate.

The Azure Execution Tool

AppLocker-Based EDR Neutralization

Lateral Movement via Bitlocker DCOM interfaces & COM Hijacking

A library that scrapes Linkedin for user data

generate CobaltStrike's cross-platform payload

Tool for testing logstash pipelines

Tool for building Kubernetes attack paths

vmware-backdoor

The Havoc Framework

A chrome extension to provide right-click -> summarize capabilities using GPT-3's summarization models

Automation and Scaling of Digital Forensics Tools

Remote Memory Acquisition Tool

build-once run-anywhere c library

Simple linux backdoors and hiding techniques

Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.

Generate manifest.json files for your tools to use them as macros within Sliver C2 client

Generate droppers with encrypted payloads automatically.

A project to replicate the functionality of Noah Powers' ServerSetup script, but with error handling and fixed Namecheap API support.

Rust Weaponization for Red Team Engagements.

CVE-2021-40444 PoC

Enumerate and disable common sources of telemetry used by AV/EDR.