Utility to manipulate codesigned application in Mac OS X. Demonstrate the use of csops system call.

A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.

A curated list of awesome resources, tools, and other shiny things for LLM prompt engineering.

HTTP Request & Response Service, written in Python + Flask.

Pentesting cheatsheet with all the commands I learned during my learning journey. Will try to to keep it up-to-date.

A collection of notes, checklists, writeups on bug bounty hunting and web application security.

Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

Segment's Threat Modeling training for our engineers

Gather and update all available and newest CVEs with their PoC.

Modern tactical exploitation toolkit.

🍪 CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.

Red Teaming & Pentesting checklists for various engagements

Free, libre, effective, and data-driven wordlists for all!

OSWE Preparation

📦 Make security testing of K8s, Docker, and Containerd easier.

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

A tool for IDN homograph attacks and detection.

A collection of browser-based side channel attack vectors.

All Things Bug Bounty

A list of interesting payloads, tips and tricks for bug bounty hunters.

A container repository for my public web hacks!

A scripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs.

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.