Pinned Repositories
0xsp-Mongoose
a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.
Active-Directory-Exploitation-Cheat-Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
AD-Pentesting-Notes
ADCollector
A lightweight tool to quickly extract valuable information from the Active Directory environment for both attacking and defending.
ADGenerator
Active Directory Generator for upcoming domain pivoting course.
ADLab
Active Directory Lab for Penetration Testing
algorithms
Minimal examples of data structures and algorithms in Python
angr
A powerful and user-friendly binary analysis platform!
Anti-Virus-Evading-Payloads
During the exploitation phase of a pen test or ethical hacking engagement, you will ultimately need to try to cause code to run on target system computers. Whether accomplished by phishing emails, delivering a payload through an exploit, or social engineering, running code on target computers is part of most penetration tests. That means that you will need to be able to bypass antivirus software or other host-based protection for successful exploitation. The most effective way to avoid antivirus detection on your target's computers is to create your own customized backdoor. Here is a simple way to evade anti-virus software when creating backdoors!
sumrecon
zpaav's Repositories
zpaav/autoAssist
An ffxi windower addon to automatically assist a party member in combat
zpaav/autoSC
FFXI Windower addon to help with closing skillchains
zpaav/dirsearch
Web path scanner
zpaav/prowler
Prowler is an Open Source Security tool to perform Cloud Security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
zpaav/RedEye
RedEye is a visual analytic tool supporting Red & Blue Team operations
zpaav/90DaysOfDevOps
This repository is my documenting repository for learning the world of DevOps. I started this journey on the 1st January 2022 and I plan to run to March 31st for a complete 90-day romp on spending an hour a day including weekends to get a foundational knowledge across a lot of different areas that make up DevOps.
zpaav/Ciphey
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
zpaav/cosmopolitan
fast portable static native textmode containers
zpaav/Office365itpros
Office 365 for IT Pros PowerShell examples
zpaav/shells
Little script for generating revshells
zpaav/Arjun
HTTP parameter discovery suite.
zpaav/Azure-Sentinel
Cloud-native SIEM for intelligent security analytics for your entire enterprise.
zpaav/cloud_enum
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
zpaav/Fast-Google-Dorks-Scan
The OSINT project, the main idea of which is to collect all the possible Google dorks search combinations and to find the information about the specific web-site: common admin panels, the widespread file types and path traversal. The 100% automated.
zpaav/g0tmi1k-SecLists
SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.
zpaav/gtop
System monitoring dashboard for terminal
zpaav/hashicorp-training
Random code for HashiCorp related projects, training, etc.
zpaav/LaZagne
Credentials recovery project
zpaav/Locksmith
A small tool built to detect and fix common misconfigurations in Active Directory Certificate Services.
zpaav/Nimbo-C2
Nimbo-C2 is yet another (simple and lightweight) C2 framework
zpaav/OffensiveNim
My experiments in weaponizing Nim (https://nim-lang.org/)
zpaav/PowerHub
A post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting
zpaav/pretender
Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing.
zpaav/PurpleCloud
A little tool to play with Azure Identity - Azure Active Directory lab creation tool
zpaav/PurpleSharp
PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
zpaav/Rust
All Algorithms implemented in Rust
zpaav/rustlings
:crab: Small exercises to get you used to reading and writing Rust code!
zpaav/vulnerable-AD
Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
zpaav/you-get
:arrow_double_down: Dumb downloader that scrapes the web
zpaav/zaproxy
The OWASP ZAP core project