Pinned Repositories
AD-Attack-Defense
Attack and defend active directory using modern post exploitation adversary tradecraft activity
APISecurityBestPractices
Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.
APTnotes
Various public documents, whitepapers and articles about APT campaigns
ASRT_SpeechRecognition
A Deep-Learning-Based Chinese Speech Recognition System 基于深度学习的中文语音识别系统
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
ATTCK-PenTester-Book
ATTCK-PenTester-Book
awesome-cheatsheets
👩💻👨💻 Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.
Awesome-CobaltStrike
cobaltstrike的相关资源汇总 / List of Awesome CobaltStrike Resources
Awesome-Hacking
A collection of various awesome lists for hackers, pentesters and security researchers
awesome-honeypots
an awesome list of honeypot resources
y159357's Repositories
y159357/AD-Attack-Defense
Attack and defend active directory using modern post exploitation adversary tradecraft activity
y159357/atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
y159357/awesome-cheatsheets
👩💻👨💻 Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.
y159357/Awesome-Hacking
A collection of various awesome lists for hackers, pentesters and security researchers
y159357/awesome-vehicle-security
🚗 A curated list of resources for learning about vehicle security and car hacking.
y159357/blackhat-arsenal-tools
Official Black Hat Arsenal Security Tools Repository
y159357/blockchain
A simple Blockchain in Python
y159357/bylibrary
白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目
y159357/cheatsheets
My cheatsheets
y159357/CVE-2021-40444
CVE-2021-40444 PoC
y159357/DNS-Fender
A Proof-of-Concept tool utilizing open DNS resolvers to produce an amplification attack against web servers. Using Shodan APIs and native Linux commands, this tool is in development to cripple web servers using spoofed DNS recursive queries.
y159357/Ehoney
Seccome Teamer积累十几年的安全经验,都将对外逐步开放,首开的Ehoney欺骗防御系统,该系统是基于云原生的欺骗防御系统,也是业界唯一开源的对标商业系统的产品,欺骗防御系统通过部署高交互高仿真蜜罐及流量代理转发,再结合自研密签及诱饵,将攻击者攻击引导到蜜罐中达到扰乱引导以及延迟攻击的效果,可以很大程度上保护业务的安全。护网必备良药
y159357/goby_poc
goby poc or exp,分享goby最新网络安全漏洞检测或利用代码
y159357/Information_Security_Books
150本信息安全方面的书籍书籍(持续更新)
y159357/InstallerFileTakeOver
y159357/Intranet_Penetration_Tips
2018年初整理的一些内网渗透TIPS,后面更新的慢,所以整理出来希望跟小伙伴们一起更新维护~
y159357/ip2region
Ip2region is a offline IP location library with accuracy rate of 99.9% and 0.0x millseconds searching performance. DB file is ONLY a few megabytes with all IP address stored. binding for Java,PHP,C,Python,Nodejs,Golang,C#,lua. Binary,B-tree,Memory searching algorithm
y159357/jieba
结巴中文分词
y159357/Loki
Loki - Simple IOC and Incident Response Scanner
y159357/MemProcFS
The Memory Process File System
y159357/metasploitable3
Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.
y159357/movies-for-hackers
🎬 A curated list of movies every hacker & cyberpunk must watch.
y159357/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
y159357/Penetration_Testing_POC
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
y159357/PoC-in-GitHub
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
y159357/public-pentesting-reports
Curated list of public penetration test reports released by several consulting firms and academic security groups
y159357/Resources-for-Beginner-Bug-Bounty-Hunters
A list of resources for those interested in getting started in bug bounties
y159357/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
y159357/vulbase
各大漏洞文库合集
y159357/vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose