A list of useful payloads and bypass for Web Application Security and Pentest/CTF

An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.

HTTP parameter discovery suite.

Here are the challenges (including sources) of the GreHack CTF.

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation…

Splunk Security Content

All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭

A bash script for recon and DOS attacks

The Havoc Framework

Automated Adversary Emulation Platform

PSTeams is a PowerShell Module working on Windows / Linux and Mac. It allows sending notifications to Microsoft Teams via WebHook Notifications. It's pretty flexible and provides a bunch of options…

Scanners for Jar files that may be vulnerable to CVE-2021-44228

Curated list of resources for security Governance, Risk Management, Compliance and Audit professionals and enthusiasts (if they exist).

Attack Graph Visualizer and Explorer (Active Directory) ...Who's *really* Domain Admin?

Implementation of the proposed Russian block cipher standard, Kuznechik ("Grasshopper"). 128-bit block size, 256-bit key.

🧰 A set of PowerShell commands to gather information and create reports from Active Directory. 👨 👩 💻 This project relies on the Active Directory module from Microsoft.

Management tool for the information security management system / Outil de gestion du système de management de la sécurité de l'information

The useful exploit finder

SQL powered operating system instrumentation, monitoring, and analytics.

Mapping the MITRE ATT&CK Matrix with Osquery

Sysmon configuration file template with default high-quality event tracing

Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.

Repository of yara rules

“Section's Engineering Education (EngEd) Program is dedicated to offering a unique quality community experience for computer science university students."

An attempt to detect and prevent DDoS attacks using reinforcement learning. The simulation was done using Mininet.

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

This repo contains some Amsi Bypass methods i found on different Blog Posts.

PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server

NetSPI PowerShell Scripts