The open-sourced Python toolbox for backdoor attacks and defenses.

Process documentation, non-code deliverables, and miscellaneous artifacts of Kubernetes SIG Security

All about Cloud, DevOps & Tools

My notes and useful links I used to pass CISSP. I also included some videos talking about each of the eight domains. Happy Hunting on the exam!

Standard and Advanced Demos for learn.cantrill.io courses

Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use http basic auth.

A "Spring4Shell" vulnerability scanner.

Pascal Offsec repo for malware dev and red teaming 🚩

Guidelines and training material to write secure smart contracts

API Security Project aims to present unique attack & defense methods in API Security field

Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.

AzureRT - A Powershell module implementing various Azure Red Team tactics

Fast web fuzzer written in Go

Combination of all my Resources, Links & Scripts

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

CyberWarFare Labs hands-on workshop on the topic "Detecting Adversarial Tradecrafts/Tools by leveraging ETW"

Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities.

Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory t…

Syscall Shellcode Loader (Work in Progress)

StandIn is a small .NET35/45 AD post-exploitation toolkit

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, …

Generates permutations, alterations and mutations of subdomains and then resolves them

An example C program which contains vulnerable code for common types of vulnerabilities. It can be used to show fuzzing concepts.

☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud

Collections of Orange Tsai's public presentation slides.

Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive …