Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

Damn Vulnerable Kubernetes App (DVKA) is a series of apps deployed on Kubernetes that are damn vulnerable.

Ultimate Internet of Things/Industrial Control Systems reconnaissance tool.

Vulnerability Static Analysis for Containers

A tool to analyse the list of detected CVEs in the containers (usually created by static security scanner) and compare them to the Red Hat Security Data.

🐊 Policy Controller for Kubernetes

Cloud Native Policy Management

A simple, lightweight PowerShell script to remove pre-installed apps, disable telemetry, as well as perform various other changes to customize, declutter and improve your Windows experience. Win11D…

Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

PoC tools of Bytecode Jiu-Jitsu presented at Black Hat USA 2024 Briefings

KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory

A bunch of Windows anti-debugging tricks for x86 and x64.

Original C Implementation of the Hell's Gate VX Technique

Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry

Amsi Bypass payload that works on Windwos 11

Use hardware breakpoint to dynamically change SSN in run-time

game of active directory

Simple EDR implementation to demonstrate bypass

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass…

The Definitive Guide To Process Cloning on Windows

LSASS memory dumper using direct system calls and API unhooking.

AV/EDR evasion via direct system calls.

jubilee source files; for the docs, see:

SearXNG is a free internet metasearch engine which aggregates results from various search services and databases. Users are neither tracked nor profiled.

A repository for learning various heap exploitation techniques.

收集一些以前看过对于入门和进阶很有用的攻击原理文档..

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

Awesome Privacy - A curated list of services and alternatives that respect your privacy because PRIVACY MATTERS.