Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist

AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.

Example solutions demonstrating how to implement patterns within the AWS Security Reference Architecture guide using CloudFormation (including Customizations for AWS Control Tower) and Terraform.

A comprehensive guide/material for anyone looking to get into infosec or take the OSCP exam

The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.

Collection of things made during my OSCP journey

AzureGoat : A Damn Vulnerable Azure Infrastructure

Proof-of-Concept exploits for CVEs found by the team at Rhino Security Labs

BUG BOUNTY WRITEUPS - OWASP TOP 10 🔴🔴🔴🔴✔

A curated list of intriguing open-source security tools, with my reviews and insights.

bespoke tooling for offensive security's Windows Usermode Exploit Dev course (OSED)

Pentesting Android Application Course For Kids+ (English and Vietnamese edition)

Automated Recon for Pentesting & Bug Bounty

A Burp Suite extension for identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violations. It supports dynamic payload generation, including BChec…

A simple Burp Suite extension to crawl JavaScript (JS) files in passive mode and display the results directly on the issues

Python for cybersecurity with the basic concepts, easy to understand code examples, lab exercises, real-world examples, different security scripts covering web security, network security, defensive…

A collection of red teaming and adversary emulation related tools, scripts, techniques, notes, etc

Sophisticated cyber penetration attacks is a series of advanced techniques, notes and guidance that will help you to prepare as a hacker on your journey.

Hidden parameters discovery suite

my notes

BoB Web Application Security Project

Stakeholder-Specific Vulnerability Categorization

Notes I've taken while working through various web app pentesting labs.

An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidel…

All PortSwigger Web Security Academy labs grouped by difficulty level

Identifies vulnerabilities in network_security_config.xml, AndroidManifest.xml and if Firebase URL are accessible publicly

An ongoing & curated collection of awesome software practices and remediation, libraries and frameworks,payloads and techniques, best guidelines and technical resources about Application Security