Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

Create randomly insecure VMs

A reference of Windows API function calls, including functions for file operations, process management, memory management, thread management, dynamic-link library (DLL) management, synchronization,…

JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps v…

Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events…

Declination of @matcornic Learn theme to Hugo

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

Collection of things made during my OSCP journey

GUI alternative to the Rubeus command line tool, for all your Kerberos exploit requirements

Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator

A malicious LDAP server for JNDI injection attacks

Burp extension to detect alias traversal via NGINX misconfiguration at scale.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Enhanced fork with logging, OpenAPI 3.0 and Python 3 for security monitoring workshops

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

Curated list of public penetration test reports released by several consulting firms and academic security groups

A fork of https://github.com/SafeBreach-Labs/pinjectra with a practical implementation of Stack Bombing

Interactive tutorial for radare.

Various blog post projects.

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

Binary exploitation & Reverse engineering (assembly to C)

Утилиты и скрипты для MS SQL Server DBA

CowExploit Webshell

Compilation of commands, tips and scripts that helped me throughout Vulnhub, Hackthebox, OSCP and real scenarios

A forensic evidence collection & analysis toolkit for OS X