Secretsdump C# version only supporting local (live) operation

Library to load a DLL from memory.

Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into…

A tool to perform Kerberos pre-auth bruteforcing

Population based metaheuristic for password cracking. Siga(Simple genetic algorithm)

Standalone password candidate generator using the PRINCE algorithm

BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world.…

Learn where some of the network sysctl variables fit into the Linux/Kernel network flow. Translations: 🇷🇺

This tool can forward TCP traffic over DNS protocol. Non-compile clients + socks5 support.

Secure Socket Funneling - Network tool and toolkit - TCP and UDP port forwarding, SOCKS proxy, remote shell, standalone and cross platform

Security analysis toolkit for proprietary car protocols

A book-in-progress about the Linux kernel and its insides.

Wiki-like CTF write-ups repository, maintained by the community. 2017

Deserialization payload generator for a variety of .NET formatters

Check KeePass passwords against https://haveibeenpwned.com/Passwords

DevSec Linux Baseline - InSpec Profile

This guide details creating a secure Linux production system. OpenSCAP (C2S/CIS, STIG).

A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

HTTPLeaks - All possible ways, a website can leak HTTP requests

A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.

a Damn Vulnerable Serverless Application

P4wnP1 A.L.O.A. by MaMe82 is a framework which turns a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming and physical engagements ... or into "A Little Offensive Ap…

Attack and defend active directory using modern post exploitation adversary tradecraft activity

A curated list of amazingly awesome Burp Extensions

UAC bypass, Elevate, Persistence methods

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

A collection of all the lists, scripts and techniques I use while doing web application penetration tests.