Kubernetes

• Awesome Kubernetes (K8s) Security - Collection of Kubernetes security resources
• Kubetools - Kubernetes security tools
• HackingKubernetes - Collection of Kubernetes Pentesting Resources
• Kubernetes Goat - Vulnerable-by-Design cluster environment for training
• KubePwn - Another Collection of resources about Kubernetes security
• HackTricks - Kubernetes Pentesting - HackTricks Collection of Kubernetes Pentesting
• Part 1
• Part 2
• Part 3

Azure

• Awesome Azure Pentest - A curated list of useful tools and resources for penetration testing and securing Microsofts cloud platform Azure.
• HackTricks - Azure Pentesting - HackTricks Collection of Kubernetes Pentesting

Active Directory

• Active Directory Exploitation Cheat Sheet - Cheat sheet for Active Directory Exploitation
• GOAD - Vulnerable-by-Design Active Directory environment
• Windows Red Team Cheat sheet - Windows for Red Teamers Cheat Sheet ([Moved to wiki](https://notes.morph3.blog/))
• Resource Collection #1 - Collection of Active Directory Pentesting resources #1
• Resource Collection #2 - Collection of Active Directory Pentesting resources #2
• Resource Collection #3 - Collection of Active Directory Pentesting resources #3
• Resource Collection #4 - Collection of Active Directory Pentesting resources #4
• OSCP Active Directory Cheat Sheet - Cheat sheet for Active Directory Attacks used in OSCP
• WADComs - Interactive cheat sheet - list of offensive security tools and their respective commands to be used against Windows/AD environments.
• HackTricks - Active Directory Pentesting - HackTricks Collection of Active Directory Pentesting
• Ultimate BloodHound Guide - The Ultimate Guide for BloodHound Community Edition (BHCE)

🔍 Discovery

• Amass - OWASP Network mapping of attack surfaces and external asset discovery using open source information
• Google Dorks - Google Dorks Hacking Database (Exploit-DB)
• ZoomEye - Zoomeye is a Cyberspace Search Engine recording information of devices, websites, services and components etc.
• Censys - Similar to shodan, search engine for specific devices including IoT

👁️‍🗨️ Enumeration

• enum4linux-ng - Python tool for enumerating information from Windows/Samba systems
• OSCP Enumeration Cheat sheet - Cheat sheet for Enumeration for OSCP Certificate
• 0xdf - SMB Enumeration - 0xdf's SMB Enumeration Cheat Sheet
• CrackMapExec Cheatsheet - Cheat sheet for CrackMapExec (CME)

🎯 Exploitation

• Java Deserialization Cheat Sheet - A cheat sheet for pentesters about Java Native Binary Deserialization vulnerabilities
• Empire Cheat Sheet - [Empire](http://www.powershellempire.com) is a PowerShell and Python post-exploitation framework
• Local File Inclusion (LFI) Cheat Sheet #1 - Arr0way's LFI Cheat Sheet
• Local File Inclusion (LFI) Cheat Sheet #2 - Aptive's LFI Cheat Sheet
• PowerView 2.0 Tricks
• PowerView 3.0 Tricks
• PHP htaccess Injection Cheat Sheet - htaccess Injection Cheat Sheet by PHP Secure Configuration Checker
• SQLite3 Injection Cheat Sheet
• Metasploit Cheat Sheet - A quick reference guide [(PNG version)](docs/Metasploit-CheatSheet.png)[(PDF version)](docs/Metasploit-CheatSheet.pdf)
• PowerSploit Cheat Sheet - [PowerSploit](https://github.com/PowerShellMafia/PowerSploit) is a powershell post-exploitation framework
• Metasploit Unleashed - The ultimate guide to the Metasploit Framework

🧿 Post-Exploitation

• Awesome Windows Post Exploitation - Collection of resources for Windows Post-Exploitation
• HackTricks - Post Exploitation - HackTricks Collection of Post-Exploitation

🗝 Privilege Escalation

• Windows / Linux Local Privilege Escalation Workshop - The Privilege Escalation Workshop covers all known (at the time) attack vectors of local user privilege escalation on both Linux and Windows operating systems and includes slides, videos, test VMs.
• linux-exploit-suggester.sh - Linux privilege escalation auditing tool written in bash (updated)
• Linux_Exploit_Suggester.pl v2 - Next-generation exploit suggester based on Linux_Exploit_Suggester (updated)
• Linux Soft Exploit Suggester - linux-soft-exploit-suggester finds exploits for all vulnerable software in a system helping with the privilege escalation. It focuses on software packages instead of Kernel vulnerabilities
• checksec.sh - bash script to check the properties of executables (like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source)
• Basic Linux Privilege Escalation - Linux Privilege Escalation by [@g0tmi1k](https://twitter.com/g0tmi1k)
• PowerUp - Excellent powershell script for checking of common Windows privilege escalation vectors. Written by [harmj0y](https://twitter.com/harmj0y) [(direct link)](https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Privesc/PowerUp.ps1)
• PowerUp Cheat Sheet

Active Directory

Tools

• SQLmap Tamper Scripts - SQLmap Tamper Scripts General/MSSQL/MySQL
• VIM Cheatsheet

Tools Online

• XSS'OR Encoder/Decoder - Online Decoder/Encoder for testing purposes (@evilcos)
• WebGun - WebGun, XSS Payload Creator (@brutelogic)
• revshells.com - Reverse shell payload generator ([Source code](https://github.com/0dayCTF/reverse-shell-generator))
• Segfault - Segfault: Free disposable root servers (by [@THC](https://www.thc.org/))
• suip.biz - Various free online pentesting tools like nmap, wpscan, sqlmap (...)

Write-Ups

• Write-Ups for CTF challenges

Defence Topics

• Docker Security Cheat Sheet - The following tips should help you to secure a container based system [(PDF version)](docs/DockerCheatSheet.pdf)

🗝 Privilege Escalation

• m0chan - Bug Bounty Methodology - m0chan's Bug Bounty Methodology Collection
• Ryan John Bug Bounty Playlist - Collection of Ryan John's BugBounty videos ([11h Full Course Video](https://www.youtube.com/watch?v=TTw-EY7F1rM))
• LiveOverFlow Bug Bounty Playlist - Collection of LiveOverflow's Bug bounty videos
• BBRE Podcast - Bug Bounty Reports Explained Podcast
• Critical Thinking Podcast - Critical Thinking Bug Bounty Podcast

🗝 Privilege Escalation

• Browser's-XSS-Filter-Bypass-Cheat-Sheet - Excellent List of working XSS bypasses running on the latest version of Chrome / Safari, IE 11 / Edge created by Masato Kinugawa
• Web Pentest Checklist - Checklist for Web Application Penetration Tests
• OWASP VWAD - Registry of all known vulnerable web applications currently available.
• SQL Injection Cheatsheet - PortSwigger SQL Injection Cheat Sheet
• Cross-Site-Scripting Cheat sheet - Site-Scripting (XSS) Cheat sheet
• Google CSP Evaluator - evaluator/fjohamlofnakbnbfjkohkbdigoodcejf))
• Awesome Web Security - Collection of resources for Web Pentesting #2
• XSS Polyglot Payloads #1 - Unleashing an Ultimate XSS Polyglot list by 0xsobky
• PortSwigger Web Penetration Testing Labs

🗝 Privilege Escalation

• Binary Exploitation Red Team Notes - ired.team notes for Binary Exploitation
• Binary Exploitation Notes - Ir0nstone's Binary Exploitation Notes
• Sticky Notes Binary Exploitation - Sticky Notes colletion for Binary Exploitation
• HackTricks - Binary Exploitation - HackTricks Collection of Binary Exploitation
• PwnTools Cheat sheet - Cheat sheet for PwnTools python library
• pwndbg Cheat sheet - Cheat sheet for pwndbg GDB plug-in
• GDB PEDA Cheat sheet - Cheat sheet for PEDA GDB plug-in

🗝 Privilege Escalation

• TryHackMe - Free online platform for learning cyber security & penetration testing