Workshop resources and materials for Workshop presented at DefCon and other security conferences - Creating and Uncovering Malicious Containers

A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities

a CLI that provides a generic automation layer for assessing the security of ML models

Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams

A command-line murder mystery

Aligning Large Language Models with Human: A Survey

SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.

Package Binary Code as a Python class using Binary Ninja and Unicorn Engine

Prowler is the Open Cloud Security for AWS, Azure, GCP, Kubernetes, M365 and more. As agent-less, it helps for continuous monitoring, security assessments & audits, incident response, compliance, h…

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

Intel VT-x based hypervisor aiming to provide a thin VM-exit filtering platform on Windows.

Automating situational awareness for cloud penetration tests.

BlueHound - pinpoint the security issues that actually matter

Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did.

Arsenal is just a quick inventory and launcher for hacking programs

Simulating shitty network connections so you can build better systems.

Decompiler Explorer! Compare tools on the forefront of static analysis, now in your web browser!

Privilege Escalation Enumeration Script for Windows

Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.

Integrate markmap into VSCode

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

A fast TCP/UDP tunnel over HTTP

easy-to-use payload hosting

Launch a fresh docker container per SSH connection

Parse a PowerPoint PPTX file, extracting all URL's from notes and slides, and test for validity

A tool to abuse Exchange services

Asynchronous Password Spraying Tool in C# for Windows Environments

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks