A fully open source & end-to-end encrypted note taking alternative to Evernote.

MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.

Awesome list of step by step techniques to achieve Remote Code Execution on various apps!

Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, Th…

A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

Security scanner for your Terraform code

Collaborative Incident Response platform

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Confluence Pre-Auth Remote Code Execution via OGNL Injection (CVE-2022-26134)

Ultimate DevSecOps library

mailcow: dockerized - 🐮 + 🐋 = 💕 - we stand with 🇺🇦

NetSPI PowerShell Scripts

A turbo traffic generator pentesting tool to generate random traffic with random mac and ip addresses in addition to random sequence numbers to a particular ip and port.

Fast and customizable vulnerability scanner based on simple YAML based DSL.

Browser In The Browser (BITB) Templates

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

This repo is where I store my Threat Hunting ideas/content

Never ever ever use pixelation as a redaction technique

Gather and update all available and newest CVEs with their POC.

Rockyou for web fuzzing

PowerShell module to check if a Windows binary (EXE/DLL) has been compiled with ASLR, DEP, SafeSEH, StrongNaming, and Authenticode.

A collection of scripts for assessing Microsoft Azure security

Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Gophish with Malicious Attachment and HTTP redirect support

Confluence Server Webwork OGNL injection

This is a collection of phishing templates and a landing page to be used with goPhish

GUI for snapper, a tool for Linux filesystem snapshot management, works with btrfs, ext4 and thin-provisioned LVM volumes

Rapidly Search and Hunt through Windows Event Logs