Shrumplestiltskin

awesome-appsec

A curated list of resources for learning about application security

awesome-web-hacking

A list of web application security

awesome-web-security

🐶 A curated list of Web Security materials and resources.

continuous-threat-modeling

A Continuous Threat Modeling methodology

cve-2018-1002105

Test utility for cve-2018-1002105

distribution-library-image

Dockerfiles

Examples

dockerfiles-1

Various Dockerfiles I use on the desktop and on servers.

DropKnowledge

Drop knowledge before you forget it

fuzzdb

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

gitDigger

InsecureProgramming

mirror of gera's insecure programming examples | http://community.coresecurity.com/~gera/InsecureProgramming/

juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Knowledge

Kubernetes

mimi

ntlmsspparse

Parses ntlmssp netlm[v2] hashes out of a pcap file for use with a password cracker.

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

pipeline

ProgrammingExercises

QemuHelpers

SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

shinyproxy

ShinyProxy - Open Source Enterprise Deployment for Shiny

tbhm

The Bug Hunters Methodology

vault

A tool for secrets management, encryption as a service, and privileged access management

vault-creds

Sidecar container for requesting dynamic Vault database secrets

vault-sidekick

Vault sidekick