​​GATOR

GCP Attack Toolkit for Offensive Research, a tool designed to aid in research and exploiting Google Cloud Environments.

https://github.com/anrbn/GATOR

#infosec #pentesting #redteam

​​GregsBestFriend

A tool designed to bypass AV/EDR systems, and can be built using different compilers to achieve better results.

https://github.com/WKL-Sec/GregsBestFriend

#infosec #pentesting #redteam

​​Decrypt Chrome Passwords

A simple program to decrypt chrome password saved on your machine. This code has only been tested on windows, so it may not work on other OS.

https://github.com/ohyicong/decrypt-chrome-passwords

#cybersecurity #infosec #redteam

𝐑𝐞𝐝 𝐓𝐞𝐚𝐦 𝐓𝐨𝐨𝐥𝐬 🔥

🔴 RECONNAISSANCE:
- RustScan ==> https://lnkd.in/ebvRfBNy
- NmapAutomator ==> https://lnkd.in/gu5wxzf6
- AutoRecon ==> https://lnkd.in/g3DeG6YT
- Amass ==> https://lnkd.in/e7V569N5
- CloudEnum ==> https://lnkd.in/ePHDeGZv
- Recon-NG ==> https://lnkd.in/edwaXFjS
- AttackSurfaceMapper ==> https://lnkd.in/ebbcj6Rm
- DNSDumpster ==> https://dnsdumpster.com/

🔴 INITIAL ACCESS:
- SprayingToolKit ==> https://lnkd.in/eBSAPz5z
- o365Recon ==> https://lnkd.in/eJwCx-Ga
- Psudohash ==> https://lnkd.in/gcaxV6fR
- CredMaster ==> https://lnkd.in/gtMEDVuS
- DomainPasswordSpray ==> https://lnkd.in/guWj4TYv
- TheSprayer ==> https://lnkd.in/gZVuQYiv
- TREVORspray ==> https://lnkd.in/gHgcbjgV

🔴 DELIVERY:
- o365AttackToolKit ==> https://lnkd.in/etCCYi8y
- EvilGinx2 ==> https://lnkd.in/eRDPvwUg
- GoPhish ==> https://lnkd.in/ea26dfNg
- PwnAuth ==> https://lnkd.in/eqecM7de
- Modlishka ==> https://lnkd.in/eds-dR5C

🔴 COMMAND AND CONTROL:
- PoshC2 ==> https://lnkd.in/eqSJUDji
- Sliver ==> https://lnkd.in/ewN9Nday
- SILENTTRINITY ==> https://lnkd.in/eeZGbYMs
- Empire ==> https://lnkd.in/egAPa8gY
- AzureC2Relay ==> https://lnkd.in/efmh2t3g
- Havoc C2 ==> https://lnkd.in/gEFp2iym
- Mythic C2 ==> https://lnkd.in/gnCGwfWk

🔴 CREDENTIAL DUMPING:
- MimiKatz ==> https://lnkd.in/etEGfvJK
- HekaTomb ==> https://lnkd.in/eJx5Ugu5
- SharpLAPS ==> https://lnkd.in/eA28n9FT
- Net-GPPPassword ==> https://lnkd.in/e3CTez5A
- PyPyKatz ==> https://lnkd.in/eeb5b6Tz

🔴 PRIVILEGE ESCALATION:
- SharpUp ==> https://lnkd.in/etR2Pe_n
- MultiPotato ==> https://lnkd.in/eq53PXcJ
- PEASS ==> https://lnkd.in/eWA66akh
- Watson ==> https://lnkd.in/eZfYMSMX
- Bat-Potato ==> https://lnkd.in/gjziyG8q

🔴 DEFENSE EVASION:
- Villain ==> https://lnkd.in/gquyGFm5
- EDRSandBlast ==> https://lnkd.in/e8g8zYFT
- SPAWN - Cobalt Strike BOF ==> https://lnkd.in/e223PbqZ
- NetLoader ==> https://lnkd.in/ef5wCD4y
- KillDefenderBOF ==> https://lnkd.in/eVd54HUp
- ThreatCheck ==> https://lnkd.in/eHvSPakR
- Freeze ==> https://lnkd.in/eNUh3zCi
- GadgetToJScript ==> https://lnkd.in/egPQBBXJ

🔴 PERSISTENCE:
- SharPyShell ==> https://lnkd.in/eXm8h8Bj
- SharpStay ==> https://lnkd.in/erRbeFMj
- SharpEventPersist ==> https://lnkd.in/e_kJFNiB

🔴 LATERAL MOVEMENT:
- SCShell ==> https://lnkd.in/e256fC8B
- MoveKit ==> https://lnkd.in/eR-NUu_U
- ImPacket ==> https://lnkd.in/euG4hTTs

🔴 EXFILTRATION:
- SharpExfiltrate ==> https://lnkd.in/eGC4BKRN
- DNSExfiltrator ==> https://lnkd.in/epJ-s6gp
- Egress-Assess ==> https://lnkd.in/eXGFPQRJ

#redteam #cybersecurity #penetrationtesting #security #ethicalhacking #tools

[ 𝐋𝐈𝐒𝐓 𝐎𝐅 𝐃𝐀𝐌𝐍 𝐕𝐔𝐋𝐍𝐄𝐑𝐀𝐁𝐈𝐋𝐈𝐓𝐈𝐄𝐒 𝐋𝐀𝐁 ]

Damn Vulnerable Labs (DVL) are a collection of deliberately vulnerable applications and infrastructure that are designed to help security professionals and enthusiasts learn about and practice common security vulnerabilities. DVLs can be used to simulate real-world attacks and to test the effectiveness of security tools and techniques.

#AWSGoat : A Damn Vulnerable AWS Infrastructure
https://lnkd.in/dq2cYPG2

#AzureGoat : A Damn Vulnerable Azure Infrastructure
https://lnkd.in/dKMMrESA

#Webpentest: A Damn Vulnerable Web Application
https://lnkd.in/dNJxX-Fe

#API: A Damn Vulnerable Web Sockets
https://lnkd.in/dMbJgP5h

#Mobile: Damn Vulnerable Hybrid Mobile App
https://lnkd.in/dSMZMuzZ

#CICD: Deliberately vulnerable CI/CD environment
https://lnkd.in/dCxZb88q

#GraphQL: Damn Vulnerable GraphQL Application
https://lnkd.in/d5V6P9HA

#Webservice: Damn Vulnerable Web Services
https://lnkd.in/dAu8HAyd

#VamPI: Vulnerable API
https://lnkd.in/dRPpBNjj

#DVSA: Damn Vulnerable Serverless Application
https://lnkd.in/dnvdNcfq

#DVTA: DVTA is a Vulnerable Thick Client Application
https://lnkd.in/dDhEDgdx

#DVJA: Damn Vulnerable Java Application
https://lnkd.in/dqFyjYWP

#DVID: Damn Vulnerable IoT Device
https://lnkd.in/dNV2RjUj

#DVPWA: Damn Vulnerable Python Web Application
https://lnkd.in/diDvsz8u

#DVAS: Damn Vulnerable Application Scanner
https://lnkd.in/dq_aC4pX

#DVB: Damn Vulnerable Bank
https://lnkd.in/dyGWJzxD

#DVWPS: Damn Vulnerable WordPress Site
https://lnkd.in/dkY-tXHe

#DVNA: Damn Vulnerable NodeJS Application
https://lnkd.in/ds3JReM5

#DVRA: Damn Vulnerable Ruby on Rails
https://lnkd.in/djQ_ehzi

#DVGM: Damn Vulnerable Grade Management
https://lnkd.in/dAepn4K7

#Tiredful
https://lnkd.in/d3NjivMu

#DVCSharp: Damn Vulnerable C# Application
https://lnkd.in/d8cZxdnr

#DVHMA: Damn Vulnerable Hybrid Mobile App
https://lnkd.in/dSMZMuzZ

#DVIA: Damn Vulnerable iOS App
https://lnkd.in/dJqPp-d9

#DVIA2: Damn Vulnerable iOS App 2
https://lnkd.in/dhGUXurv

#DVRF: Damn Vulnerable Router Firmware
https://lnkd.in/dUda_XsF

#DVFaaS: Damn Vulnerable Functions as a Service
https://lnkd.in/drVpszwD

#DVCA: Damn Vulnerable Cloud Application
https://lnkd.in/dPyKYKw4

#cybersecurity #webapplicationsecurity #redteam #blueteam #bugbounty #damnvulnerable #dvwa

[𝐅𝐑𝐄𝐄 𝐂𝐘𝐁𝐄𝐑 𝐒𝐄𝐂𝐔𝐑𝐈𝐓𝐘 𝐂𝐎𝐔𝐑𝐒𝐄𝐒 𝐘𝐎𝐔 𝐒𝐇𝐎𝐔𝐋𝐃 𝐃𝐎 𝐑𝐈𝐆𝐇𝐓 𝐍𝐎𝐖]

Penetration Testing Course by TCM Security
https://lnkd.in/eb4ieU7b

Penetration Testing Course by IT Masters (CSU)
https://lnkd.in/ei6RrNXw

Internet of Things Intro by Stanford University
https://lnkd.in/eCrhKFKR

Free Cyber Defense Training by Mandiant (now part of Google Cloud)
https://lnkd.in/eSfbiTeY

Digital Forensic Courses List by DFIRDiva
https://lnkd.in/e4RRihcn

Blue Team Training Course by Security Blue Team
https://lnkd.in/ehwEzNfp

Splunk Free Course by Splunk
https://lnkd.in/e7CP_uqU

Cyber Threat Intelligence 101 by arcX
https://lnkd.in/ePqK-fNN

Cyber Security Free Course by Palo Alto Networks
https://lnkd.in/eiFkSHiK

#threatintelligence #splunk #hacking #redteam #cybersecurity #informationsecurity #pentest #digitalforensic #blueteam

If you are preparing or want to prepare for the OSCP certification, I have a great cheat sheet suggestion❗️😍 You should definitely add it to your bookmarks.🤞🏻🌸

Credit: @syr0_ 🌟🙌🏻

Repo: github.com/0xsyr0/OSCP

#CyberSecurity #OSCP #CheatSheet #redteam #Guide #CareerGrowth

OSINT tools for Offensive Security

https://github.com/wddadk/Offensive-OSINT-Tools

#osint #privacy #security #socmint #infosec #cybersec #redteam #offsec #recon #pentesting

Free Offensive Security Notes (OSCP, OSWE, OSEP, OSED) and more !!!!!!!!!!

𝐁𝐀𝐒𝐈𝐂 𝐍𝐎𝐓𝐄𝐒

Download : https://drive.google.com/drive/mobile/folders/12Mvq6kE2HJDwN2CZhEGWizyWt87YunkU

Credit: Joas A Santos

#OSWE #OSWEnotes #offensivesecurity #pentest #hacking #redteam #cybersecurity #oscp

Burp Suite 101 For Beginners🔥

#1 - Introduction and Installation:
🔗 hacklido.com/blog/621

#2 - Understanding Navigation, Dashboard, Configuration:
🔗hacklido.com/blog/624

#3 - Exploring Burp Proxy and Target Specification:
🔗hacklido.com/blog/625

#4 - Exploring Burp Repeater and Burp Comparer:
🔗hacklido.com/blog/628

#5 - Going deep Into intruder:
🔗hacklido.com/blog/631

Covering @Burp_Suite By @calc1f4r & @hacklido.

#BurpSuite #Hacking #Infosec #CyberSecurity #RedTeam

✨✨Online Website for practicing OWASP TOP 10 ✨✨
[ Open Web Application Security Project ]

Hack interactive applications to understand how you are vulnerable. Learn how to protect yourself with real, up-to-date code samples.

✅1. Broken Access Control
⌘ Broken Access Control: https://lnkd.in/gY6XAZyM
⌘ Directory Traversal: https://lnkd.in/gk6vwQrV
⌘ Cross-site Request Forgery: https://lnkd.in/gP27xvXh
✅2. Cryptographic Failures: https://lnkd.in/gVvU9kyB
✅3. Injection: https://lnkd.in/g3cBNnU4
✅4. Insecure Design: https://lnkd.in/ge-4eVh7
⌘ Information leak: https://lnkd.in/gjKgGjpz
⌘ File Upload Vulnerabilities: https://lnkd.in/g6GD8ZzU
✅5. Security Misconfiguration: https://lnkd.in/gA4Xepmq
✅6. Vulnerable and Outdated Components: https://lnkd.in/gAEYKNPa
✅7. Identification and Authentication Failures
⌘ Password Management: https://lnkd.in/gQTWWKEX
⌘ Privilege Escalation: https://lnkd.in/ga49VgvX
⌘ User Enumeration: https://lnkd.in/gsp336GQ
⌘ Session Fixation: https://lnkd.in/gBy2qB-6
⌘ Weak Session IDS: https://lnkd.in/gBgPB6Wg
✅8. Software and Data Integrity Failures:
⌘ Software and data integrity failures relate to code and infrastructure that does not protect against integrity violations. An example is when an application relies upon plugins, libraries, or modules from untrusted sources, repositories, and content delivery networks (CDNs).
✅9. Security Logging and Monitoring Failures: https://lnkd.in/gx3i92V5
✅10. Server-Side Request Forgery: https://lnkd.in/gsQpgbaA

Source: https://lnkd.in/gcb95RSk

▶ Youtube Link1: https://lnkd.in/dRJi-zVx
▶Link2: https://lnkd.in/dKUb_GHc
▶Link 3 : https://lnkd.in/dDzkNZk4
📘 Linkedin Learning the OWASP Top 10: https://lnkd.in/dYpnDj9q

#owasp #owasptop10 #cybersecurity #webapplicationsecurity #pentesting #blueteam #redteam #applicationsecurity

React our post for more posts like this .

Shared by @cybertrickzone

CVE-2024-21413: Microsoft Outlook Leak Hash

https://github.com/duy-31/CVE-2024-21413

#exploit #pentest #redteam #ad

Hey, Hackers 👋🏻

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

#infosec #redteam #Hacking #ActiveDirectory #Windows

Credit: @0xTib3rius

https://github.com/Tib3rius/Active-Directory-Exploitation-Cheat-Sheet?tab=readme-ov-file#domain-privilege-escalation

Shared by @cybertrickzone