A huge chunk of my personal notes since I started playing CTFs and working as a Red Teamer.

🧠 Laws, Theories, Principles and Patterns for developers and technologists.

⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

A curated list of resources for learning about http://www.keycloak.org

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

An evolving how-to guide for securing a Linux server.

Argon2 library compiled for browser runtime

A tool for exploring each layer in a docker image

Um pouco sobre o kernel linux

Deep Learning model to analyze a large corpus of clear text passwords.

⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Web APIs for Django. 🎸