Demos for Black Hat Europe 2025's The Forensic Trail On GitHub: Hunting For Supply Chain Activity

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

Run your GitHub Actions locally 🚀

A TUF repository and signing tool

Static analysis for GitHub Actions

GitHub Actions Cache Native Malware - for Educational and Research Purposes only.

GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.

poutine, a supply chain vulnerability scanner for build pipelines

A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain

Reconmap is a collaboration-first security operations platform for infosec teams and MSSPs, enabling end‑to‑end engagement management, from reconnaissance through execution and reporting. With buil…

Metis is an open-source, AI-driven tool for deep security code review

nightscout web monitor

A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.

Python reference implementation of The Update Framework (TUF)

An AI-powered security review GitHub Action using Claude to analyze code changes for security vulnerabilities.

Abuse trust-boundaries to bypass firewalls and network controls

Detect drift. Defend cloud.

A resources for who want to learn and get deep into client-side bugs

AI Red Teaming playground labs to run AI Red Teaming trainings including infrastructure.

Security scanner for AI agents, MCP servers and agent skills.

⚖️ The CNCF Technical Oversight Committee (TOC) is the technical governing body of the CNCF Foundation.

A comprehensive database of Model Context Protocol vulnerabilities, security research, and exploits

Front End interview preparation materials for busy engineers (updated for 2026)

Fetch many paths for many hosts - without killing the hosts

Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)

OSS-Fuzz - continuous fuzzing for open source software.

Fetch all the URLs that the Wayback Machine knows about for a domain

Fast web fuzzer written in Go

Potentially dangerous files

An AI agent that performs a security audit on a target codebase.