beerandgin

mantis

Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.

ASPJinjaObfuscator

Heavily obfuscated ASP web shell generation tool.

AutoRecon

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

awesome-annual-security-reports

A curated list of annual cyber security reports

Awesome-GPT-Agents

A curated list of GPT agents for cybersecurity

C2

A basic C2 framework written in C

conpass

Continuous password spraying tool

cookie-monster

BOF to steal browser cookies

CortexVortex

CVE-2024-21338

Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.

CVE-2024-26229-BOF

BOF implementations of CVE-2024-26229 for Cobalt Strike and BruteRatel

DV_NEW

This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)

EDR-XDR-AV-Killer

Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver

FindMeAccess

GoRedOps

🦫 | GoRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team, with a specific focus on the Go programming language, all is made for educational purpoeses only.

HSC24RedTeamInfra

Slides and Codes used for the workshop Red Team Infrastructure Automation

InsightEngineering

Hardcore Debugging

MagicDot

A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue

MDE_Enum

One-Liners

A collection of awesome one-liners for bug bounty hunting.

Pyramid

a tool to help operate in EDRs' blind spots

RemillWorkshop

RWX_MEMEORY_HUNT_AND_INJECTION_DV

Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.

security-notes

Markdown repo for notes on all things redteaming

ShadowClone

Unleash the power of cloud

tiny-AES-c

Small portable AES128/192/256 in C

UltimateWDACBypassList

A centralized resource for previously documented WDAC bypass techniques

Voidgate

A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page.

vulnerability-Checklist

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

Web-Application-Pentest-Checklist

This is one of the largest checklist available so far on the Internet.