Forensic tool to detect malicious persistence via Svchost Service Groups (MITRE ATT&CK T1543.003)

COM Hijack Detector - Tool to detect COM Object Hijacking persistence techniques (T1546.015)

OPH is an active research program aiming to construct a fundamental theory of physics from observer consistency.

Embed ngrok secure ingress into your Go apps as a net.Listener with a single line of code.

Interactive OAuth 2.0 / OIDC security lab, Auth Code + PKCE, Client Credentials, Device Flow, CSRF, Open Redirect, Consent Phishing. Single Node.js file, auto-detects host IP.

A Cobalt Strike RL built with Crystal Palace — module overloading, NtContinue entry transfer, call stack spoofing, sleep masking, and static signature removal.

Character N-gram Naive Bayes language identification system

Deadline countdowns for academic conferences in Security and Privacy

Deadline countdowns for academic conferences in Security and Privacy

A lightweight PowerShell tool for detecting suspicious in-memory shellcode on Windows systems. ShellSweep scans running processes, analyzes memory regions, and identifies potential malicious code i…

A comprehensive list of custom filters for Logger++ to identify various vulnerabilities in different API styles

🔒 Modern C2 Platform with Cloudflare Tunnel Integration | WinRM & SSH Remote Management | Real-time Terminal & Remote Desktop | Built with FastAPI & React

rep+ — Burp-style HTTP Repeater for Chrome DevTools with built‑in AI to explain requests and suggest attacks

File Upload checklist For Penetration test and RedTeam

A comprehensive checklist for identifying and mitigating cache vulnerabilities in web applications, covering web cache poisoning, deception, DNS poisoning, and CDN-specific attacks. Includes detect…

Python tool to generate crafted JWTs, exploiting the algorithm confusion vulnerability in JWT signature validation. Useful for security testing.

🛡️ Cybersecurity Awareness Training for Employees

Set of .NET-based projects designed to facilitate learning security materials!

This JavaScript script automates the process of withdrawing LinkedIn invitations that have been sent but not yet accepted. It is specifically designed to withdraw invitations that are older than on…

An overview of LLMs for cybersecurity.

A little tool to play with Windows security

A comprehensive collection of various techniques and methods for bypassing Two-Factor Authentication (2FA) security mechanisms.

AD concepts, attack surfaces and attack vectors notes, slides, video...

A tool for generating and detecting Unicode domains to identify phishing URLs, aimed at assisting cybersecurity professionals in recognizing and mitigating homograph attacks.

This repo help us to find web cache poisoning

📦🔗 Learning Solidity