Six Degrees of Domain Admin

Cobalt Strike is a post-exploitation framework designed to be extended and customized by the user community. Several excellent tools and scripts have been written and published, but they can be cha…

This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

Grab your own sweet-looking '.is-a.dev' subdomain.

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

For educational purposes only, exhaustive samples of 500+ classic/modern trojan builders including screenshots.

real time face swap and one-click video deepfake with only a single image

Rust for malware Development is a repository for advanced Red Team techniques and offensive malwares & Ransomwares, focused on Rust 🦀

Modern CLI for exploring vulnerability data with powerful search, filtering, and analysis capabilities.

This repository is a compilation of all APT simulations that target many vital sectors,both private and governmental. The simulation includes written tools, C2 servers, backdoors, exploitation tech…

Malware Development for Ethical Hackers, published by Packt

The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.

Cameradar hacks its way into RTSP videosurveillance cameras

Awesome EDR Bypass Resources For Ethical Hacking

Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts watermarking, IOCs collection & PE Backdooring. You feed it wi…

For educational purposes only, samples of ransomware/wiper trojans including screenshots/ransom-notes.

Malware source code samples leaked online uploaded to GitHub for those who want to analyze the code.

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Make BASH stealthy and hacker friendly with lots of bash functions

Centralized resource for listing and organizing known injection techniques and POCs

OpenSSL-based Authenticode signing for PE, CAB, CAT, MSI, APPX, and script file

Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

OAuth Device Code Phishing Toolkit

Module to compile powershell scripts to executables

This repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them