dipsec

byp4xx

Simple bash script to bypass "403 Forbidden" messages with well-known methods discussed in #bugbountytips

horrifying-pdf-experiments

:syringe: Stuff which works in Chrome and maybe Acrobat and Foxit.

Security-List

Opensource security tools list

100-redteam-projects

Projects for security students

Adhrit

Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.

APTnotes

Various public documents, whitepapers and articles about APT campaigns

Atomic-Red-Team-Intelligence-C2

ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabilities via .NET's DLR.

AutomatedLab

AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell scripts. It supports all Windows operating systems from 2008 R2 to 2019, some Linux distributions and various products like AD, Exchange, PKI, IIS, etc.

awesome-aws-security

Curated list of links, references, books videos, tutorials (Free or Paid), Exploit, CTFs, Hacking Practices etc. which are related to AWS Security

awesome-devsecops-1

Curating the best DevSecOps resources and tooling.

breaking-and-pwning-apps-and-servers-aws-azure-training

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

Cobalt-Strike-Aggressor-Scripts

Cobalt Strike Aggressor 插件包

dnscan

Elemental

Elemental - An ATT&CK Threat Library

kerbrute

A tool to perform Kerberos pre-auth bruteforcing

MalwLess

Test Blue Team detections without running any attack.

my-arsenal-of-aws-security-tools

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

OSSEM

Open Source Security Events Metadata (OSSEM)

Pentesting-Bugbounty

Bringing infosec community, group and leaders together that solve community challenges, problems, create cultural and provide value to Infosec community.

pwn_jenkins

Notes about attacking Jenkins servers

red-kube

Red Team KubeCTL Cheat Sheet

redteam_vul

红队作战中比较常遇到的一些重点系统漏洞整理。

restler-fuzzer

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.

samm

security-1

Kubernetes Security Process and Security Committee docs

security-champions-playbook

Security Champions Playbook v 1.1

ssllabs-scan

A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.

tech-interview-handbook

💯 Materials to help you rock your next coding interview

trojan

An unidentifiable mechanism that helps you bypass GFW.

wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.