Stars
A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encry…
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
A Nmap XSL implementation with Bootstrap.
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
đź“™ Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report
A pandoc LaTeX template to convert markdown files to PDF or LaTeX.
xkillbit / Binderscan
Forked from jsmit260/BinderscanMasters of Science in CyberSecurity Project
Small and highly portable detection tests based on MITRE's ATT&CK.
Send phishing messages and attachments to Microsoft Teams users
PowerShell runner for executing malicious payloads in order to bypass Windows Defender.
Callisto - An Intelligent Binary Vulnerability Analysis Tool
Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share th…
Offensive Security OSCP, OSWP, OSEP, OSWA, OSWE, OSED, OSMR, OSEE, OSDA Exam and Lab Reporting / Note-Taking Tool
Recurrent Neural Network SubDomain Discovery Tool
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readines…
Common password pattern generator using strings list
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Use Python to download files from SQL Reporting Services using NTLM authentication.
A unique technique to execute binaries from a password protected zip
A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation
Youtube as covert-channel - Control systems remotely and execute commands by uploading videos to Youtube
Exfiltration based on custom X509 certificates
Collection of malware source code for a variety of platforms in an array of different programming languages.
A collection of modern/faster/saner alternatives to common unix commands.
Joplin - the privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS.