A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit/64-bit ARM, 8-bit AVR and 32-bit RISC-V architectures.

OSWE, OSEP, OSED, OSEE

A header-only C++ library for accessing files in COFF binary format. (Including Windows PE/PE+ formats)

Red Teaming Tactics and Techniques

Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll

Simple (relatively) things allowing you to dig a bit deeper than usual.

A list of interesting payloads, tips and tricks for bug bounty hunters.

Red Teaming & Pentesting checklists for various engagements

Shodan Dorks

Resources for Windows exploit development

Organized list of my malware development resources

A set of instructions, command and techniques that help during an Active Directory Assessment.

Course Repository for University of Cincinnati Malware Analysis Class (CS[567]038)

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

Source code of exploiting windows API for red teaming series

PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use. It provides C++ wrappers for the most p…

Random notes I want to backup.

Important notes and topics on my journey towards mastering Windows Internals

Pentesting cheatsheet with all the commands I learned during my learning journey. Will try to to keep it up-to-date.

Extract credentials from lsass remotely

CTF challenge (mostly pwn) files, scripts etc

A workshop about Malware Development

Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+Bloc…

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Centralized resource for listing and organizing known injection techniques and POCs

Multi-Cloud Security Auditing Tool

🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.