Collection of Cyber Threat Intelligence sources from the deep and dark web

Containing my notes, practice binaries + solutions, blog posts, etc. for the Offensive Security Exploit Developer (OSED/EXP-301)

AzureADRecon is a tool which gathers information about the Azure Active Directory and generates a report which can provide a holistic picture of the current state of the target environment.

The Azure AD exploration framework.

C# and Impacket implementation of CVE-2021-1675/PrintNightmare

CVE-2021-1675 Detection Info

A list of established remote companies

CVE-2019-1388 UAC提权 (nt authority\system)

An Information Security Reference That Doesn't Suck

CMS/LMS/Library etc Versions Fingerprinter

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

This is just an semi-automated fully working, no-bs, non-metasploit version of the public exploit code for MS17-010 AKA EternalBlue

Security oriented fuzzer with powerful analysis options. Supports evolutionary, feedback-driven fuzzing based on code coverage (software- and hardware-based)

Extended Differential Fuzzing Framework

A list of interesting payloads, tips and tricks for bug bounty hunters.

A Tool for Domain Flyovers

Small and highly portable detection tests.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Striker is an offensive information and vulnerability scanner.

Analyze the security of any domain by finding all the information possible. Made in python.

✍️ A curated list of CVE PoCs.

The goal of this repository is to document the most common techniques to bypass AppLocker.

Poodle (Padding Oracle On Downgraded Legacy Encryption) attack