cruiser2016

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

bypass-paywalls-chrome

Bypass Paywalls web browser extension for Chrome and Firefox.

macos-virtualbox

Push-button installer of macOS Catalina, Mojave, and High Sierra guests in Virtualbox on x86 CPUs for Windows, Linux, and macOS

hacktricks

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

flare-vm

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

Active-Directory-Exploitation-Cheat-Sheet

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Responder

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

Rubeus

Trying to tame the three-headed dog.

Awesome-CobaltStrike

List of Awesome CobaltStrike Resources

Villain

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).

Kernelhub

:palm_tree:Linux、macOS、Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file (提权漏洞合集)

Neo-reGeorg

Neo-reGeorg is a project that seeks to aggressively refactor reGeorg

RedTeam-OffensiveSecurity

Tools & Interesting Things for RedTeam Ops

A-Red-Teamer-diaries

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Azure-Red-Team

Azure Security Resources and Notes

Freeze

Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods

security-cheatsheets

🔒 A collection of cheatsheets for various infosec tools and topics.

Microsoft-eventlog-mindmap

Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...

FunctionStomping

Shellcode injection technique. Given as C++ header, standalone Rust program or library.

HijackLibs

Project for tracking publicly disclosed DLL Hijacking opportunities.

ForgeCert

"Golden" certificates

SilentHound

Quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc.

hacktricks-cloud

DNS_Tunneling

DNS Tunneling using powershell to download and execute a payload. Works in CLM.

Malleable-C2-Profiles

Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x.

elastic-stack-docker-part-one

Getting up and running with Elastic Stack on Docker-Compose

wwwtree

A utility for quickly and easily locating, web hosting and transferring resources (e.g., exploits/enumeration scripts) from your filesystem to a victim machine during privilege escalation.

homebridge-google-nest-sdm

A Homebridge plugin for Google Nest devices that uses the Google Smart Device Management API. Supports Cameras, Doorbells, Displays, and Thermostats. Includes support for HomeKit Secure Video.

scripts

various scripts for linux admins

ECK

Elastic Cloud on Kubernetes