The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Most advanced XSS scanner.

Applied Purple Teaming - (ITOCI4hr) - Infrastructure, Threat Optics, and Continuous Improvement - June 6, 2020

Bloodhound Reporting for Blue and Purple Teams

Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS

SysCon14 release

A wrapper around grep, to help you grep for things

Exchange Transport rules to detect and enable response to phishing

Sysmon configuration file template with default high-quality event tracing

In-depth attack surface mapping and asset discovery

AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation

📙 Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report

Ressources for bug bounty hunting

This script runs several security checks and makes modifications (with your permission) to your Active Directory domain to improve it's security posture.

Materials for OSCP exam

HomePwn - Swiss Army Knife for Pentesting of IoT Devices

PowerShell ReverseTCP Shell - Framework

This repository aims to hold suggestions (and hopefully/eventually code) for CTF challenges. The "project" is nicknamed Katana.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

All the deals for InfoSec related software/tools this Black Friday

The NCC Group Game from 44CON 2013

A plugin that provides resources for beginners to learn reverse engineering using Binary Ninja. It automatically installs several other plugins, and provides examples that showcase the features of …

Guesses hash types, picks some sensible dictionaries and rules for hashcat

Tool for checking passwords against TrueCrypt encrypted volumes and disks, and/or decrypting the data.

The Shared Host Integrated Password System (SHIPS) is a solution to provide unique and rotated local super user or administrator passwords for environments where it is not possible or not appropria…

Impacket is a collection of Python classes for working with network protocols.

articles

File upload vulnerability scanner and exploitation tool.