KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes, BloodHound, NTDS and DCSync). - GitHub - helviojunior/knowsmore: KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes, BloodHound, NTDS and DCSync).
Compiled Binaries for Ghostpack (.NET v4.0). Contribute to r3motecontrol/Ghostpack-CompiledBinaries development by creating an account on GitHub.
This project is aimed at providing technical guides on various hacking topics. The most advanced topics are Active Directory and Web services. Other topics will be added. The ultimate goal is centralize all hacking techniques
These are notes about all things focusing on, but not limited to, red teaming and offensive security.
For more info on the project, click on the logo.
If you want to contribute, check out our contribution guide. Our criteria list sets out what we define as a LOLBin/Script/Lib. More information on programmatically accesssing this project can be found on the API page.
MITRE ATT&CK® and ATT&CK® are registered trademarks of The MITRE Corporation. You can see the current ATT&CK® mapping of this project on the ATT&CK® Navigator.
If you are looking for UNIX binaries, please visit gtfobins.github.io.
If you are looking for drivers, please visit loldrivers.io.
Helps you create requests faster, saving precious time on development.
Never ever ever use pixelation as a redaction technique - GitHub - BishopFox/unredacter: Never ever ever use pixelation as a redaction technique
The Network Execution Tool. Contribute to Pennyw0rth/NetExec development by creating an account on GitHub.
Learn to use NetExec
🦚 A web-app pentesting suite written in rust . Contribute to pwnwriter/kanha development by creating an account on GitHub.
⚡ Blazing-fast tool to grab screenshots of your domain list right from terminal. - GitHub - pwnwriter/haylxon: ⚡ Blazing-fast tool to grab screenshots of your domain list right from terminal.
In this video, we explore different ways to create a fully working environment for Android Penetration Testing and we create our setup using the SDK provided...
Contribute to DenisPodgurskii/pentestkit development by creating an account on GitHub.
Hello, we shall run the OWASP juice shop as a deployment, and expose it as a service in a local kubernetes cluster launched with kind. Hence, familiarity with kubernetes deployment and service is essential to follow along. You can try this with any cluster, though I am using a cluster that was launched with kind. For those not aware, kind is a tool that makes launching k8s clusters on your local machine easy.
Welcome to the page where you will find each hacking trick/technique/whatever I have learnt from CTFs, real life apps, reading researches, and news.
https://viperone.gitbook.io/pentest-everything/
Hello, 🌎! Ngrok is a simple tool with an important purpose — make your local services accessible behind a NATed network without having to expose your public IP address. Ngrok is one of my favorite…
https://infosecwriteups.com/make-usb-rubber-ducky-with-less-than-3-fa72dac9e4de
A repo to automatically generates and keep updated a series of Docker images through GitHub Actions. - GitHub - cybersecsi/RAUDI: A repo to automatically generates and keep updated a series of Docker images through GitHub Actions.
Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use http basic auth. - GitHub - sc0tfree/updog: Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use http basic auth.
ChopChop is a command-line tool for dynamic application security testing on web applications, initially written by the Michelin CERT.
Its goal is to scan several endpoints and identify exposition of services/files/folders through the webroot. Checks/Signatures are declared in a config file (by default: chopchop.yml), fully configurable, and especially by developers.
BloodHound data collection, aka Sharphound, is quite a complex beast.
When giving BloodHound workshops, the part where I get the most questions is always data collection.
How is the BloodHound data collected? What methods do what? Who am I talking to? How do I fly under the radar?
This SQL injection cheat sheet contains examples of useful syntax that you can use to perform a variety of tasks that often arise when performing SQL ...
Callback config for xxe
ZAP 2.10.0 Anniversary Release
Again a great collection of things worth reading all around bug bounty and pentesting.
This time a video, I haven't watched it completly until now, but I scrolled through the slide deck and think it is worth watching.
When we browse any application that application server fetch data such as images, web pages from different locations on the same server or maybe from a different server on the internet. So to make…
My personal hacklab, create your own. Contribute to johackim/docker-hacklab development by creating an account on GitHub.
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics. - tanprathan
This course is a comprehensive overview of web security. The goal is to build an understanding of the most common web attacks and their countermeasures. Given the pervasive insecurity of the modern web landscape, there is a pressing need for programmers and system designers to improve their understanding of web security issues.
We'll be covering the fundamentals as well as the state-of-the-art in web security.
Topics include: Principles of web security, attacks and countermeasures, the browser security model, web app vulnerabilities, injection, denial-of-service, TLS attacks, privacy, fingerprinting, same-origin policy, cross site scripting, authentication, JavaScript security, emerging threats, defense-in-depth, and techniques for writing secure code. Course projects include writing security exploits, defending insecure web apps, and implementing emerging web standards.