Pinned Repositories
31-days-of-API-Security-Tips
This challenge is Inon Shkedy's 31 days API Security Tips.
35c3ctf
35C3 Junior CTF pwnables
Active-Directory-Exploitation-Cheat-Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
AD-security-workshop
Resources for our Active Directory security workshops
Aggressor-Scripts
Aggressor scripts for Cobalt Strike
notes
Personal notes for pentest, dfir and various offense/defense fun.
pentest_compilation
Compilation of commands, tips and scripts that helped me throughout Vulnhub, Hackthebox, OSCP and real scenarios
RedBlueNotes
Personal notes from Red teamer for Blue/Red/Purple.
RedCsharp
Collection of C# projects. Useful for pentesting and redteaming.
terraform-phishing
Build a phishing server (Gophish) together with SMTP-redirector (Postfix) automatically in Digital Ocean with terraform and ansible..
boh's Repositories
boh/RedCsharp
Collection of C# projects. Useful for pentesting and redteaming.
boh/RedBlueNotes
Personal notes from Red teamer for Blue/Red/Purple.
boh/notes
Personal notes for pentest, dfir and various offense/defense fun.
boh/allinfosecnews_sources
A list of online news & info sources in the InfoSec/Cybersecurity space
boh/Awesome-Azure-Pentest
A collection of resources, tools and more for penetration testing and securing Microsofts cloud platform Azure.
boh/awesome-lolbins-and-beyond
A curated list of awesome LOLBins, GTFO projects, and similar 'Living Off the Land' security resources.
boh/Burp-Suite-Certified-Practitioner-Exam-Study
Burp Suite Certified Practitioner Exam Study
boh/BurpSuiteCertifiedPractitioner
Ultimate Burp Suite Exam and PortSwigger Labs Guide.
boh/CredGuess
Generate password spraying lists based on the pwdLastSet-attribute of users.
boh/detection-and-response-pipeline
✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The purpose is to create a reference hub for designing effective threat detection and response pipelines. 👷 🏗
boh/devops-resources
DevOps resources - Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP
boh/gophish
Gophish with Malicious Attachment and HTTP redirect support
boh/gowitness-cicd-example
A GitHub Actions Example for running gowitness
boh/Malware_Specimens
This GitHub repository contains benign specimens; however, the techniques demonstrated herein could potentially be exploited for malicious purposes. Exercise discretion and responsibility in their usage. I disclaim any liability for actions resulting from your utilization of this content.
boh/Microsoft-eventlog-mindmap
Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...
boh/n0kovo_subdomains
An extremely effective subdomain enumeration wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.
boh/OffensivePythonPipeline
Static standalone binaries for Linux and Windows (x64) of Python offensive tools. Compiled using PyInstaller, Docker for Windows, WSL2, and Make.
boh/Offensivesecurity-Checklists
Checklists for Testing Security environment
boh/OSCE3-Complete-Guide
OSWE, OSEP, OSED, OSEE
boh/PMAT-labs
Labs for Practical Malware Analysis & Triage
boh/precompiled-binaries
Collection of useful pre-compiled .NET binaries or other executables for penetration testing Windows Active Directory environments
boh/Process-Injection-Techniques
Various Process Injection Techniques
boh/Proxy-Attackchain
proxylogon & proxyshell & proxyoracle & proxytoken & all exchange server vulns summarization :)
boh/Red-Team-Management
boh/report_malware_public
Reporting malware
boh/S-500-G2-Rat-Hvnc-Hidden-Broswers-Hidden-Apps-OperaGX-Rat-Remote-Malware
Clone Profile Hidden Desktop Hidden Browsers Hidden Chrome Hidden Chromodo Hidden SlimJet Hidden Sputnik Hidden Awast Browser Hidden UC Browser Hidden Atom Browser Hidden Opera Neon Hidden Firefox Hidden Edge Hidden Brave Hidden Palemoon Hidden Waterfox Hidden Opera Hidden 360 browser Hidden Comodo Dragon Hidden Internet Explorer Hidden Explorer Hidden Powershell Hidden CMD Hidden Outlook Hidden Thunderbird Hidden Foxmail Hidden Password Recovery HVNC/HVNC browsers HRDP/HRDP browsers/Wallets Reverse Proxy UAC Exploit for Windows 11/10 UAC Exploit for Windows 7 Remote Desktop Remote Cam Remote Microphone Remote Regedit Remote Console Silent Execute File Manager (download,zip,unzip) Disable Windows Defender Execute on connection Tasks Recovery All Chrome based Browsers Recovery for All Firefox based Browsers Recovery & Send Logs To Discord Startup/Schedule task Persistence Miner Watch Dog TaskMgr Dog Spam Tools Hrdp Browers Hrdp Chrome Hrdp Firefox Hrdp Opera Hrdp Brave Hrdp Wallets ArmoryQt Coinomi Atomic Exodus Electrum Jaxx S-500 G2 Builder ! Change Assembly Change Exe Icon Change Exe Name Change Filename File Path Group Clients Mutex Multi Ports Supported Anti Debug System Kill Taskmgr Blue Screen Error Watch Dog Uac Exploit on Execution TaskMgr Dog Export as Shell Code Crypter Merged Run PE Obfuscate
boh/security-study-plan
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
boh/Threat-Hunting-and-Detection
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
boh/vulnhuntr
Zero shot vulnerability discovery using LLMs
boh/XSS-Bypass-Filters