A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

Community guide to using YubiKey for GnuPG and SSH - protect secrets with hardware crypto.

A list of public penetration test reports published by several consulting firms and academic security groups.

Gather and update all available and newest CVEs with their PoC.

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

Automate the creation of a lab environment complete with security tooling and logging best practices

Contour is a Kubernetes ingress controller using Envoy proxy.

Malware samples, analysis exercises and other interesting resources.

Utilities for MITRE™ ATT&CK

Everything needed for doing CTFs

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases

CTFs, solutions and presentations

Courseware for computer system security course at HIT

python-pentesting-tool

Burp HTTP history browser (bhhb) - A tool to view HTTP history exported from Burp Suite Community Edition

Browser-Based Checklists for Penetration Testing