Lists (16)
ATLAS Adversarial ML
AI/ML Security: MITRE ATLAS (atlas.mitre.org) + OWASP LLM Top 10 + Google SAIF. Covers prompt injection, model tampering, data poisoning, agent security, privac28 repositories
TA0001 Initial Access
Initial Access (TA0001): Gaining initial foothold in target networks. Includes phishing, exploiting public-facing apps, supply chain compromise, valid accounts. https://attack.mitre.org/tactics/TA000160 repositories
TA0002 Execution
Execution (TA0002): Running malicious code on target systems. Includes command interpreters, scripting, native APIs, exploitation for client execution. https://attack.mitre.org/tactics/TA0002319 repositories
TA0003 Persistence
Persistence (TA0003): Maintaining access across restarts and credential changes. Includes registry run keys, scheduled tasks, bootkit, implants, account manipulation. https://attack.mitre.org/tactics/TA000334 repositories
TA0004 Privilege Escalation
Privilege Escalation (TA0004): Gaining higher-level permissions. Includes exploitation, access token manipulation, UAC bypass, AD escalation, sudo/setuid abuse. https://attack.mitre.org/tactics/TA000492 repositories
TA0005 Defense Evasion
Defense Evasion (TA0005): Avoiding detection. Includes obfuscation, disabling security tools, process injection, masquerading, AMSI/ETW bypass, rootkits. https://attack.mitre.org/tactics/TA0005325 repositories
TA0006 Credential Access
Credential Access (TA0006): Stealing credentials. Includes password dumping, Kerberoasting, credential harvesting, brute force, keylogging, LSASS access. https://attack.mitre.org/tactics/TA0006135 repositories
TA0007 Discovery
Discovery (TA0007): Understanding target environment. Includes network enumeration, AD recon, system info gathering, account discovery, BloodHound. https://attack.mitre.org/tactics/TA0007152 repositories
TA0008 Lateral Movement
Lateral Movement (TA0008): Moving through the network. Includes pass-the-hash, RDP, SMB/WMI exec, SSH tunneling, pivoting, proxychains. https://attack.mitre.org/tactics/TA000877 repositories
TA0009 Collection
Collection (TA0009): Gathering target data. Includes screen capture, keylogging, email harvesting, clipboard data, memory dumping, secret scanning. https://attack.mitre.org/tactics/TA000921 repositories
TA0010 Exfiltration
Exfiltration (TA0010): Stealing data from target. Includes covert channels, DNS tunneling, steganography, encrypted transfers, cloud storage abuse. https://attack.mitre.org/tactics/TA001010 repositories
TA0011 Command and Control (C2)
Command and Control (TA0011): Communicating with compromised systems. Includes C2 frameworks (Cobalt Strike, Sliver), domain fronting, protocol tunneling. https://attack.mitre.org/tactics/TA0011247 repositories
TA0040 Impact
Impact (TA0040): Disrupting availability or integrity. Includes ransomware, data destruction, defacement, resource hijacking, service disruption. https://attack.mitre.org/tactics/TA00406 repositories
TA0042 Resource Development
Resource Development (TA0042): Building attack infrastructure. Includes payload development, infrastructure setup, capability acquisition, tool compilation. https://attack.mitre.org/tactics/TA0042386 repositories
TA0043 Reconnaissance
Reconnaissance (TA0043): Gathering target information. Includes OSINT, subdomain enumeration, network scanning, social engineering research. https://attack.mitre.org/tactics/TA0043168 repositories
Threat Hunting
Threat Hunting related repositories123 repositories
Starred repositories
65
stars
written in HTML
Clear filter
A curated list of awesome warez and piracy links
Mastering Bitcoin 3rd Edition - Programming the Open Blockchain
🐧 A list of awesome Linux softwares
A list of public penetration test reports published by several consulting firms and academic security groups.
Gather and update all available and newest CVEs with their PoC.
Jupyter notebooks for teaching/learning Python 3
Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
Automate the creation of a lab environment complete with security tooling and logging best practices
ChatGPT Jailbreaks, GPT Assistants Prompt Leaks, GPTs Prompt Injection, LLM Prompt Security, Super Prompts, Prompt Hack, Prompt Security, Ai Prompt Engineering, Adversarial Machine Learning.
Windows System Call Tables (NT/2000/XP/2003/Vista/7/8/10/11)
A curated list for awesome cloud native tools, software and tutorials.
HTTPLeaks - All possible ways, a website can leak HTTP requests
The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.
A curated list of amazingly awesome WordPress resources, themes, plugins and shiny things. Inspired by awesome-php.
A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.
Course Files for AWS Certified Solutions Architect Certification Course (SAAC02) - Adrian Cantrill
A curated list of useful resources that cover Offensive AI.
💻 Windows XP All Editions Universal Product Keys Collection
*DEPRECATED* mana toolkit for wifi rogue AP attacks and MitM
CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit
All releases of the security research group (a.k.a. hackers) The Hacker's Choice