Esonhugh self-maintained-nuclei-templates public version. Use this as ~/nuclei-templates/local/esonhugh-public-nuclei, nuclei will add automatically when scanning and never conflict to other nuclei…

AWS云平台 AccessKey 泄漏利用工具

Suricata IDS rules 用来检测红队渗透/恶意行为等，支持检测CobaltStrike/MSF/Empire/DNS隧道/Weevely/菜刀/冰蝎/挖矿/反弹shell/ICMP隧道等

Fake Protocol Server

🚀Vulfocus 是一个漏洞集成平台，将漏洞环境 docker 镜像，放入即可使用，开箱即用。

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

📚 Freely available programming books

A True Instrumentable Binary Emulation Framework

AD Security Intrusion Detection System

some learning notes about Web Application Security、 Penetration Test

《互联网企业安全高级指南》思维脑图

PHP安全SDK及编码规范

红队基础设施自动化部署工具

BCS（北京网络安全大会）2019 红队行动会议重点内容

Papers

一款长亭自研的完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

fastjson remote code execute poc 直接用intellij IDEA打开即可 首先编译得到Test.class，然后运行Poc.java

渗透测试用到的东东

A macOS <= 10.14.3 Keychain exploit

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

原型版本

各种安全相关思维导图整理收集

VS Code in the browser

一个各种方式突破Disable_functions达到命令执行的shell

Knowledge Base 慢雾安全团队知识库

Security Conference Archive

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetN…

Open-Source Security Architecture | 开源安全架构

A comprehensive guide/material for anyone looking to get into infosec or take the OSCP exam

Maltego compilation of various assets, local transforms and helpful scripts