boh's repositories
Aggressor-Scripts
Aggressor scripts for Cobalt Strike
deobfuscation-research
some paper/project/script about deobfuscation
31-days-of-API-Security-Tips
This challenge is Inon Shkedy's 31 days API Security Tips.
Active-Directory-Exploitation-Cheat-Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
windows-security
Resources About Windows Security. 1100+ Open Source Tools. 3300+ Blog Post and Videos.
Application-Security-Engineer-Interview-Questions
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
BadBlood
BadBlood by Secframe fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
blackhat-python3
Source code for the book "Black Hat Python" by Justin Seitz. The code has been fully converted to Python 3, reformatted to comply with PEP8 standards and refactored to eliminate issues of dependency resolution involving deprecated modules.
bruteforce-lists
Some files for bruteforcing certain things.
CS7038-Malware-Analysis
Course Repository for University of Cincinnati Malware Analysis Class (CS7038)
CuckooVM
Cuckoo running in a nested hypervisor
DDOS-D1GG3R
IT'S MY CODE ! DDOS Archive by D1GG3R (Scanners, BotNets (Mirai and QBot Premium & Normal and more), Exploits, Methods, Sniffers)
MobileHackingCheatSheet
Basics on commands/tools/info on how to assess the security of mobile applications
Pentest_Note
渗透测试常规操作记录
pentesting-cookbook
A set of recipes useful in fast-paced pentesting / red teaming scenarios
persistence
Resources About Persistence, Multiple Platforms. Including ~80 Tools and 300+ Posts.
Priv2Admin
Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.
PSBits
Simple (relatively) things allowing you to dig a bit deeper than usual.
redirect.rules
Quick and dirty dynamic redirect.rules generator
tea
ssh-client worm
top10webseclist
Top Ten Web Hacking Techniques List
web-methodology
Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
WebHackersWeapons
Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
WiFiDuck
Wireless keystroke injection attack platform
workshop-materials
Presented workshops since 2019
XSS_Cheat_Sheet_2020_Edition
xss漏洞模糊测试payload的最佳集合 2020版
Zines
hacking Zines mirror for the lulz and nostalgy