Rahmi YILDIZ's repositories
awesome-oscp
A curated list of awesome OSCP resources
BadBlood
BadBlood by Secframe fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
Benchmark
OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually exploitable, it’s a fair test for any kind of vulnerability detection tool. For more details on this project, please see the OWASP Benchmark Project home page.
Pentest-Everything
A collection of CTF write-ups, pentesting topics, guides and notes. Notes compiled from multiple sources and my own lab research. Topics also support OSCP, Active Directory, CRTE, eJPT and eCPPT.
shiftleft-js-example
Sample JavaScript application with ShiftLeft Inspect integration
vulnerable-node
A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools
Amnesiac
Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with lateral movement within Active Directory environments
awesome-incident-response
A curated list of tools for incident response
awesome-privilege-escalation
A curated list of awesome privilege escalation
domain_audit
Audit tool for Active Directory. Automates a lot of checks from a pentester perspective.
GIUDA-fixed
Ask a TGS on behalf of another user without password
hayabusa
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
LeoOSCP
Meaningful outline of the knowledge you need in order to obtain the OSCP certification
networkit
NetworKit is a growing open-source toolkit for large-scale network analysis.
Octopus
Open source pre-operation C2 server based on python and powershell
offensivesecurity
Scripts for offensive security
OSCP-33
OSCP Guide
OSCP-Archives
An archive of everything related to OSCP
OSCP-Cheatsheet
Migrated OSCP Cheatsheet from Gdrive
OSCPRepo
A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' Keepnote. Reconscan in scripts folder.
ossf-cve-benchmark
The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST) tools and generate reports to evaluate those tools.
PrivescCheck
Privilege Escalation Enumeration Script for Windows
PsMapExec
A PowerShell tool that takes strong inspiration from CrackMapExec.
WinPwn
Automation for internal Windows Penetrationtest / AD-Security
YARA_Detection_Engineering
Detection Engineering with YARA