David B.'s repositories
SUDO_KILLER
A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.
OffensiveCloud
Offensive security and Penetration Testing TTP for Cloud based environment (AWS / Azure / GCP)
AutomatedBadLab
Scripts to provision vulnerable and testing environments using AutomatedLab
Awesome-CloudSec-Labs
Awesome free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs.
AzureAD-Attack-Defense
This publication is a collection of various common attack scenarios on Azure Active Directory and how they can be mitigated or detected.
BlueTeam-Tools
Tools and Techniques for Blue Team / Incident Response
cloudgoat
CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
evil-winrm-UA
The ultimate WinRM shell for hacking/pentesting
GOAD
game of active directory
hacktricks
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
KeePwn
A python tool to automate KeePass discovery and secret extraction.
ldeep
In-depth ldap enumeration utility
LinikatzV2
Linikatz V2 is a bash script which allows post-exploitation tasks on UNIX computers joined to Active Directory
Locksmith
A small tool built to detect and fix common misconfigurations in Active Directory Certificate Services.
MFASweep
A tool for checking if MFA is enabled on multiple Microsoft Services
mimipenguin
A tool to dump the login password from the current linux user
Misconfiguration-Manager
Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.
MultiDump
MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly.
OffensiveNim
My experiments in weaponizing Nim (https://nim-lang.org/)
psudohash
Generates millions of keyword-based password mutations in seconds.
PurpleOps
An open-source self-hosted purple team management web application.
RedTeam-Tools
Tools and Techniques for Red Team / Penetration Testing
rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance
RustRedOps
🦀 | RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team, with a specific focus on the Rust programming language. (In Construction)
ssh3
SSH3: faster and rich secure shell using HTTP/3, checkout our article here: https://arxiv.org/abs/2312.08396
tor-socks-proxy
🐳 Tiny Docker image (🤏 10MB) as 🧅 Tor SOCKS5 proxy 🛡
trufflehog
Find and verify credentials
VISION-ProcMon
A ProcessMonitor visualization application written in rust.