mcLays

Misconfiguration-Manager

Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.

personal-security-checklist

🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024

vocably-pro

For those who have used Duolingo for years but still suck at language

GOAD

game of active directory

IRM

Incident Response Methodologies 2022

russia-ukraine_IOCs

Russia / Ukraine 2022 conflict related IOCs from CERT Orange Cyberdefense Threat Intelligence Datalake

pentest-book

command-line-quick-reference

quick reference on command line tools and techniques for the people with limited time

SME

Azure-Red-Team

Azure Security Resources and Notes

AutoSUID

AutoSUID application is the Open-Source project, the main idea of which is to automate harvesting the SUID executable files and to find a way for further escalating the privileges.

ADenum

AD Enum is a pentesting tool that allows to find misconfiguration through the the protocol LDAP and exploit some of those weaknesses with kerberos.

h4cker

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.

malwoverview

Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.

4-ZERO-3

403/401 Bypass Methods + Bash Automation + Your Support ;)

GTFOBins.github.io

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

lpeworkshop

Windows / Linux Local Privilege Escalation Workshop

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

command-injection-payload-list

🎯 Command Injection Payload List

env

JScript for adding temporary variables to environment variables. Which can then be used in calling other scripts and applications.

nginx-admins-handbook

How to improve NGINX performance, security, and other important things.

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

databunker

Secure Vault for Customer PII/PHI/PCI/KYC Records

xca

X Certificate and Key management

Priv2Admin

Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.

snoop

Snoop — инструмент разведки на основе открытых данных (OSINT world)

SniperPhish

SniperPhish - The Web-Email Spear Phishing Toolkit

BigBountyRecon

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

TWAPT

Deploy your own lab of web application penetration testing with docker and docker-compose, webgoat, dvwap, bwapp and Juice Shop

wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.