Subdosec is a fast, accurate subdomain takeover scanner with no false positives. It also offers a database of sites vulnerable to subdomain takeover (public results), along with detailed metadata l…

Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)

Attack to induce LLMs within hallucinations

Purple Team Exercise Framework

🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal!

Course Piracy Index 🏴‍☠️

Automation to assess the state of your M365 tenant against CISA's baselines

A FREE Windows C development course where we will learn the Win32API and reverse engineer each step utilizing IDA Free in both an x86 and x64 environment.

A small security playground implementation of GHOSTS User Simulation framework with an Active Directory deployment and Elastic.

An automated Breach and Attack Simulation lab with terraform. Built for IaC stability, consistency, and speed.

Repository for our Trevor projects for Derbycon VIII and IX

A workshop about Malware Development

Cards Against AppSec - A Party Game for Horrible AppSec People

FaceDancer is an exploitation tool aimed at creating hijackable, proxy-based DLLs by taking advantage of COM-based system DLL image loading

The website for fishshell.com

Rainbows and unicorns!

Knowledge Management for Offensive Security Professionals Official Repository

A repository of sysmon configuration modules

A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

Create lab environment for Linux Command Line course

A dope AF repo of all customized plugins & configurations I use as seen on my socials / YouTube. Helpful guides and troubleshooting too.

This repository contains the code and PCAPS used for the SANS webinar, "Hacking Proprietary Protocols" given on February 23, 2021.

Passive sniffing tool for capturing and visualising WiFi location data disclosed by iOS devices