🧙‍♂️ Node.js Command & Control for Script-Jacking Vulnerable Electron Applications

😱 A curated list of amazingly awesome OSINT

✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Pers…

StealthGuardian is a middleware layer that can be combined with adversary simulation tools to verify the resistance, detection level and behaviour detection of executed actions against defined def…

Projects for security students

AADInternals PowerShell module for administering Azure AD and Office 365

pySigma NetWitness backend

PowerSploit - A PowerShell Post-Exploitation Framework

Remote Desktop Protocol .NET Console Application for Authenticated Command Execution

A C# utility for interacting with SCCM

The materials of "Hypervisor 101 in Rust", a one-day long course, to quickly learn hardware-assisted virtualization technology and its application for high-performance fuzzing on Intel/AMD processors.

Tutorials for getting started with Pwntools

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.

A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

Attack and defend active directory using modern post exploitation adversary tradecraft activity

Master programming by recreating your favorite technologies from scratch.

Fermion, an electron wrapper for Frida & Monaco.

Containing my notes, practice binaries + solutions, blog posts, etc. for the Offensive Security Exploit Developer (OSED/EXP-301)

Cover various security approaches to attack techniques and also provides new discoveries about security breaches.

A collection of Azure AD/Entra tools for offensive and defensive security purposes

A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.

reverse shell using curl

This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.

BadZure orchestrates the setup of Azure AD tenants, populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack …

A FREE Windows C development course where we will learn the Win32API and reverse engineer each step utilizing IDA Free in both an x86 and x64 environment.

A FREE comprehensive online Rust hacking tutorial utilizing the x64, ARM64 and ARM32 architectures going step-by-step into the world of reverse engineering Rust from scratch.

Awesome free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs.

Linux kernel map