Neat commands, code snippets and links to use during the tests.
https://github.com/ashemery/exploitation-course
https://github.com/fozavci/WeaponisingCSharp-Fundamentals
https://pythonforcybersecurity.com/courses/python3-for-infosec-professionals/
https://github.com/appsecco/breaking-and-pwning-apps-and-servers-aws-azure-training
https://portswigger.net/web-security
https://github.com/rootsecdev/Azure-Red-Team
https://malwareunicorn.org/workshops/re101.html#0
https://github.com/DamonMohammadbagher/eBook-BypassingAVsByCSharp
https://github.com/frankwxu/digital-forensics-lab
https://github.com/infosecn1nja/AD-Attack-Defense
https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
https://github.com/infosecn1nja/Red-Teaming-Toolkit
https://hausec.com/2019/03/12/penetration-testing-active-directory-part-ii/amp/
https://recipeforroot.com/bonus-linux-commands/
https://mobile.twitter.com/DirectoryRanger
https://www.pentestpartners.com/security-blog/cobalt-strike-walkthrough-for-red-teamers/
https://www.hackingarticles.in/abusing-microsoft-outlook-365-to-capture-ntlm/
http://blog.redxorblue.com/2019/01/red-teaming-made-easy-with-exchange.html
https://ptestmethod.readthedocs.io/en/latest/LFF-IPS-P4-PostExploitation.html
https://www.trustedsec.com/blog/breaking-typical-windows-hardening-implementations/
https://github.com/JPMinty/MindMaps
https://teamhydra.blog/2020/08/25/bypassing-credential-guard/amp/
https://github.com/BankSecurity/Red_Team
https://www.hackingarticles.in/get-reverse-shell-via-windows-one-liner/
https://gist.github.com/dogrocker/86881d2403fee138487054da82d5dc2e
https://github.com/S3cur3Th1sSh1t/WinPwn
https://github.com/bats3c/shad0w
https://github.com/boku7/azureOutlookC2
https://github.com/blackhatethicalhacking/HiddenEye
https://github.com/blackhatethicalhacking/Dr0p1t-Framework
https://www.blackhillsinfosec.com/my-first-joyride-with-silenttrinity/
https://github.com/nccgroup/OneLogicalMyth_Shell
https://github.com/antonioCoco/ConPtyShell
https://github.com/Cerbersec/DomainBorrowingC2
https://github.com/mgeeky/RedWarden
https://github.com/nyxgeek/o365recon
https://github.com/dafthack/MFASweep
https://github.com/gjjw/AzCredsGDorks
https://www.synacktiv.com/posts/pentest/azure-ad-introduction-for-red-teamers.html
https://posts.specterops.io/attacking-azure-azure-ad-and-introducing-powerzure-ca70b330511a
https://medium.com/xm-cyber/privilege-escalation-and-lateral-movement-on-azure-part-1-47e128cfdc06
https://github.com/OWASP/Amass/
https://github.com/eslam3kl/3klCon
https://www.infosecmatter.com/solving-problems-with-office-365-email-from-godaddy/
https://github.com/Idov31/FunctionStomping
https://github.com/plackyhacker/Shellcode-Injection-Techniques
https://github.com/RedTeamOperations/Advanced-Process-Injection-Workshop
https://github.com/med0x2e/NET-Assembly-Inject-Remote
https://github.com/mgeeky/ThreadStackSpoofer
https://gist.github.com/securitytube/c956348435cc90b8e1f7
https://www.mdsec.co.uk/2021/06/bypassing-image-load-kernel-callbacks/
https://github.com/0xd4y/RevShell
https://github.com/plackyhacker/CmdLineSpoofer
https://github.com/plackyhacker
https://github.com/S3cur3Th1sSh1t
https://github.com/snovvcrash/DInjector
https://github.com/darkr4y/geacon
https://github.com/klezVirus/inceptor
https://github.com/mobdk/InstallutilInject
https://github.com/EnginDemirbilek/Flip
https://github.com/two06/Inception
https://github.com/yzddmr6/Java-Shellcode-Loader
https://github.com/Flangvik/SharpDllProxy
https://github.com/bats3c/DarkLoadLibrary
https://github.com/xforcered/InvisibilityCloak
https://github.com/ad-995/bluffy
https://github.com/Paulo-D2000/ShellCodeObfuscator
https://github.com/jfmaes/LazySign
https://github.com/jfmaes/Invoke-DLLClone
https://github.com/APTortellini/unDefender
https://github.com/MartinSohn/Office-phish-templates
https://github.com/sevagas/macro_pack
https://s3cur3th1ssh1t.github.io/Phish-password-protected-Excel-files/
https://github.com/kmkz/exploit/blob/master/Full-payload-delivery-chain.ps1
https://github.com/InfosecMatter/Minimalistic-offensive-security-tools
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
https://www.hackingarticles.in/linux-privilege-escalation-using-path-variable/
https://www.hackingarticles.in/linux-privilege-escalation-using-capabilities/
https://github.com/S3cur3Th1sSh1t/WinPwn
https://github.com/PwnDexter/SharpEDRChecker
https://github.com/optiv/Registry-Recon
https://github.com/411Hall/JAWS
https://www.blackhillsinfosec.com/digging-deeper-vulnerable-windows-services/
https://secret.club/2020/04/23/directory-deletion-shell.html
https://github.com/bitsadmin/wesng
https://github.com/CCob/lsarelayx
https://adepts.of0x.cc/netsh-portproxy-code/
https://github.com/fox-it/Invoke-ACLPwn
https://github.com/S3cur3Th1sSh1t/PowerSharpPack
https://github.com/mubix/netview
https://github.com/lkarlslund/adalanche
https://github.com/skelsec/jackdaw/
https://github.com/canix1/ADACLScanner
https://github.com/ly4k/Certipy
https://github.com/T-S-A/smbspider
https://github.com/slaeryan/AQUARMOURY/
https://posts.specterops.io/automating-dll-hijack-discovery-81c4295904b0
https://github.com/MojtabaTajik/Robber
https://in.security/an-intro-into-abusing-and-identifying-wmi-event-subscriptions-for-persistence/
https://www.boozallen.com/s/insight/blog/user-space-persistence-techniques-application-shims.html
https://github.com/Fahrj/reverse-ssh
https://github.com/snovvcrash/NimHollow
https://blog.cobaltstrike.com/2021/10/29/create-a-proxy-dll-with-artifact-kit/
https://github.com/juliourena/SharpNoPSExec
https://www.fortalicesolutions.com/posts/shadow-credentials-workstation-takeover-edition
https://github.com/RiccardoAncarani/LiquidSnake
https://www.mdsec.co.uk/2020/09/i-like-to-move-it-windows-lateral-movement-part-2-dcom/
https://0xeb-bp.github.io/blog/2019/11/21/practical-guide-pass-the-ticket.html
https://riccardoancarani.github.io/2019-10-04-lateral-movement-megaprimer/
https://www.hackingarticles.in/impacket-guide-smb-msrpc/
https://github.com/iomoath/SharpStrike
https://github.com/blackarrowsec/mssqlproxy
https://github.com/aas-n/spraykatz
https://github.com/RedCursorSecurityConsulting/PPLKiller
https://github.com/trustedsec/hate_crack/
https://cqureacademy.com/cqure-labs/cqlabs-how-uac-bypass-methods-really-work-by-adrian-denkiewicz
https://github.com/w4fz5uck5/LonelyALPC-BypassUAC
https://github.com/sailay1996/UAC_Bypass_In_The_Wild
https://github.com/AzAgarampur/byeintegrity8-uac
https://0xpat.github.io/Malware_development_part_3/
https://jhalon.github.io/utilizing-syscalls-in-csharp-1/
https://github.com/iGh0st/gh0st3.6_src
https://github.com/dafthack/CloudPentestCheatsheets
https://medium.com/bugbountywriteup/aws-iam-explained-for-red-and-blue-teams-2dda8b20fbf7
https://blog.appsecco.com/an-ssrf-privileged-aws-keys-and-the-capital-one-breach-4c3c2cded3af
https://github.com/carlospolop/hacktricks/tree/master/pentesting-web
https://vdalabs.com/2020/05/08/burpsuite-extensions-some-favorites/
https://github.com/swisskyrepo/PayloadsAllTheThings
https://github.com/OWASP/CheatSheetSeries/tree/master/cheatsheets
https://medium.com/swlh/hacking-json-web-tokens-jwts-9122efe91e4a
https://github.com/rsrdesarrollo/generator-burp-extension
https://blog.secureideas.com/2019/06/better-api-penetration-testing-with-postman-part-4.html
https://webassembly-security.com/fuzzing-npm-nodejs-webassembly-parsing-library-with-jsfuzz/
https://github.com/V1n1v131r4/webdiscover
https://github.com/0xNanda/Oralyzer
https://github.com/momenbasel/keyFinder
https://github.com/fox-it/log4j-finder
https://github.com/michenriksen/aquatone/tree/v1.7.0
https://github.com/Josue87/GiveMeSecrets
https://github.com/jangelesg/py3webfuzz
https://github.com/nettitude/xss_payloads
https://medium.com/bugbountywriteup/bypassing-waf-to-perform-xss-2d2f5a4367f3
https://github.com/BishopFox/rmiscout
https://diablohorn.com/2017/09/09/understanding-practicing-java-deserialization-exploits/
https://www.n00py.io/2017/11/exploiting-blind-java-deserialization-with-burp-and-ysoserial/
https://github.com/leechristensen/DotNetDeserializationScanner/
https://github.com/saleemrashid/frida-sslkeylog
https://blog.securelayer7.net/sharpening-your-frida-scripting-skills-with-frida-tool/
https://offsec.almond.consulting/java-tls-intercept.html
https://github.com/0x0021h/expbox/blob/main/cve-2021-41349-poc.py
https://github.com/vaib25vicky/awesome-mobile-security
https://github.com/facebook/mariana-trench
https://github.com/shroudedcode/apk-mitm
https://github.com/xtiankisutsa/MARA_Framework
https://mobisec.reyammer.io/slides
https://laconicwolf.com/2019/07/21/using-burp-suite-with-android-devices/
https://vavkamil.cz/2019/09/15/how-to-bypass-android-certificate-pinning-and-intercept-ssl-traffic/
https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born
https://erev0s.com/blog/how-hook-android-native-methods-frida-noob-friendly/
https://fuzzing.science/page/fuzzing-android-native-libraries-with-libfuzzer-qemu/
https://drive.google.com/file/d/1JccmMLi6YTnyRrp_rk6vzKrUX3oXK_Yw/view
https://www.shogunlab.com/blog/2019/12/22/here-be-dragons-ghidra-1.html
https://github.com/atxsinn3r/VulnCases
https://github.com/RhinoSecurityLabs/Security-Research/tree/master/tools/aws-pentest-tools
https://github.com/toniblyx/my-arsenal-of-aws-security-tools
https://m.youtube.com/playlist?list=PLhr1KZpdzukdeX8mQ2qO73bg6UKQHYsHb
https://github.com/Voulnet/barq
https://www.cloudconformity.com/knowledge-base/aws/
https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/
https://www.jeffersonfrank.com/aws-blog/best-aws-cloud-migration-tools
https://docs.microsoft.com/en-us/learn/modules/automate-azure-tasks-with-powershell/
https://github.com/Azure/securedworkstation
https://docs.microsoft.com/en-gb/learn/paths/architect-great-solutions-in-azure/
https://blog.paramountdefenses.com/2020/05/active-directory-security-for-cyber-security-experts.html
https://github.com/decalage2/awesome-security-hardening
https://github.com/nshalabi/SysmonTools
https://github.com/littl3field/Audix
https://github.com/0x6d69636b/windows_hardening
https://github.com/ssh3ll/Windows-10-Hardening
https://github.com/NVISO-BE/posh-dsc-windows-hardening
https://github.com/sqall01/LSMS
https://github.com/hardenedlinux/harbian-audit/
https://github.com/Kirtar22/Litmus_Test/
https://gravitational.com/blog/how-to-ssh-properly/
https://www.inovex.de/blog/kubernetes-security-tools/
https://www.weave.works/blog/mitre-att-ck-matrix-for-kubernetes-tactics-techniques-explained-part-1
https://github.com/arthastang/IoT-Implant-Toolkit
https://github.com/ElevenPaths/HomePWN
https://github.com/last-byte/PersistenceSniper
https://github.com/CrowdStrike/SuperMem
https://github.com/hasherezade/pe-sieve
https://github.com/stuhli/awesome-event-ids
https://github.com/fireeye/ThreatPursuit-VM
https://github.com/cyb3rfox/Aurora-Incident-Response
https://github.com/RESOLVN/RTHVM
https://github.com/alexandreborges/malwoverview
https://github.com/muteb/Hoarder
https://www.bleepingcomputer.com/news/security/a-closer-look-at-the-robbinhood-ransomware/
https://www.sans.org/reading-room/whitepapers/dns/detecting-dns-tunneling-34152
http://correlatedsecurity.com/introducing-speed-use-case-framework-v1-0/amp/
https://github.com/cyberdefenders/DetectionLabELK
https://github.com/JPCERTCC/LogonTracer
https://nored0x.github.io/penetration%20testing/writeups-Bug-Bounty-hackrone
https://github.com/devanshbatham/Awesome-Bugbounty-Writeups
https://www.hackingarticles.in/ctf-challenges-walkthrough/
https://hackingresources.com/hackthebox-ai-writeup/
https://rizemon.github.io/hackthebox/ldap/kerberos/windows/2020/03/22/forest-htb.html