A list of public penetration test reports published by several consulting firms and academic security groups.

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

These are the labs for my Intro class. Yes, this is public. Yes, this is intentional.

WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.

Malware samples, analysis exercises and other interesting resources.

A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.

Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI

The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifa…

Phishing with a fake reCAPTCHA

Embed and hide any file in an HTML file

Chrome browser extension-based Command & Control

Collection of Jupyter Notebooks by @fr0gger_

A malicious OAuth application that can be leveraged for both internal and external phishing attacks targeting Microsoft Azure and Office365 users.