GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

A list of public penetration test reports published by several consulting firms and academic security groups.

Automagically reverse-engineer REST APIs via capturing traffic

Gather and update all available and newest CVEs with their PoC.

vCard is a fully responsive personal portfolio website, responsive for all devices.

notes for software engineers getting up to speed on new AI developments. Serves as datastore for https://latent.space writing, and product brainstorming, but has cleaned up canonical references und…

Card-style Hugo theme designed for bloggers

Automate the creation of a lab environment complete with security tooling and logging best practices

Official OWASP Top 10 Document Repository

Application Security Verification Standard

Windows System Call Tables (NT/2000/XP/2003/Vista/7/8/10/11)

ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.

Active Directory and Internal Pentest Cheatsheets

WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.

Pretty basic theme for Hugo that covers all of the essentials. All you have to do is start typing!

Incomplete list of macOS `defaults` commands with demos ✨

A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.

Security Certification Roadmap HTML5/CSS3 version

Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI

Repository for information about 0-days exploited in-the-wild.

Hardware/IOT Pentesting Wiki

Fast, minimal blog with dark mode support.

Vocabulary for Event Recording and Incident Sharing (VERIS)

The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifa…

A python module for working with ATT&CK

Tools, techniques, cheat sheets, and other resources to assist those defending organizations and detecting adversaries

⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases

The project is designed as a file resource cloner. Metadata, including digital signature, is extracted from one file and injected into another.

A living document for penetration testing and offensive security.