ntlm hash cracker

Public repo to sync with security-pr

Collection of Cyber Threat Intelligence sources from the deep and dark web

Ask a TGS on behalf of another user without password

OWASP Domain Protect - prevent subdomain takeover

A tool for checking if MFA is enabled on multiple Microsoft Services

CVE-2019-1388 UAC提权 (nt authority\system)

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

BloodHound Attack Research Kit

Source Code Management Attack Toolkit

The recursive internet scanner for hackers. 🧡

Attack Graph Visualizer and Explorer (Active Directory) ...Who's *really* Domain Admin?

Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Microsoft Entra ID security configuration reviews.

Containing my notes, practice binaries + solutions, blog posts, etc. for the Offensive Security Exploit Developer (OSED/EXP-301)

Source Code Management Attack Toolkit

AzureGoat : A Damn Vulnerable Azure Infrastructure

AWSGoat : A Damn Vulnerable AWS Infrastructure

dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!

SMBeagle - Fileshare auditing tool.

A list of public penetration test reports published by several consulting firms and academic security groups.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Vulnerable app with examples showing how to not use secrets

Ultimate DevSecOps library

☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…

Scans every git push to your Github organisations to find unwanted secrets.

The idea is to collect all the C# projects that are Sharp{Word} that can be used in Cobalt Strike as execute assembly command.

A unique technique to execute binaries from a password protected zip