A list of helpful cybersecurity / infosec resources

AADInternals PowerShell module for administering Azure AD and Office 365

Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.

MSBuildShell, a Powershell Host running within MSBuild.exe

Universal Shared Library User-space Loader

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics…

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

AppSec Ezine Public Repository.

Slint is a declarative GUI toolkit to build native user interfaces for Rust, C++, or JavaScript apps.

This is a repo which documents real bugs in real software to illustrate trends, learn how to prevent or find them more quickly.

A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit/64-bit ARM, 8-bit AVR and 32-bit RISC-V architectures.

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

Managed code hooking template.

Retrieve host information from NTLM

PoSh BloodHound Dog Whisperer

Rust for Windows

The engine that powers DeLorean!

A declarative desktop UI framework for Rust built on GTK and Gtk-rs

Python module for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro and Rekall to dump in-memory PE files and reconstruct imports.

.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers

AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation

A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, i…

Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.

Launch processes with TrustedInstaller privilege

A polyglot payload generator

Credentials gathering tool automating remote procdump and parse of lsass process.

The sleekest looking WEBUI for qBittorrent made with Vuejs!

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)