Andre Silva's repositories
API-Security-Checklist
Checklist of the most important security countermeasures when designing, testing, and releasing your API
awesome-javascript
🐢 A collection of awesome browser-side JavaScript libraries, resources and shiny things.
awesome-nodejs
:zap: Delightful Node.js packages and resources
car
Cyber Analytics Repository
cicd-goat
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
container-security-checklist
Checklist for container security - devsecops practices
ERC.Xdbg
An Xdbg Plugin of the ERC Library.
EVTX-ATTACK-SAMPLES
Windows Events Attack Samples
GCP-IAM-Privilege-Escalation
A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.
GTFOBins.github.io
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
KingOfBugBountyTips
Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..
kube-bench
Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
LaZagne
Credentials recovery project
LinEnum
Scripted Local Linux Enumeration & Privilege Escalation Checks
LOLBAS
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
nishang
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
OSINT
Collections of tools and methods created to aid in OSINT collection
OSWE
OSWE Preparation
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
pwn_jenkins
Notes about attacking Jenkins servers
RustScan
🤖 The Modern Port Scanner 🤖
sigma
Generic Signature Format for SIEM Systems
SplunkWhisperer2
Local privilege escalation, or remote code execution, through Splunk Universal Forwarder (UF) misconfigurations
Stormspotter
Azure Red Team tool for graphing Azure and Azure Active Directory objects
vortex
VPN Overall Reconnaissance, Testing, Enumeration and eXploitation Toolkit
WADComs.github.io
WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.
wordlistctl
Fetch, install and search wordlist archives from websites and torrent peers.
writehat
A pentest reporting tool written in Python. Free yourself from Microsoft Word.
You-Dont-Know-JS
A book series on JavaScript. @YDKJS on twitter.