#Web_Attack Cheat Sheet
https://github.com/riramar/Web-Attack-Cheat-Sheet

Official #Matplotlib Cheat Sheets
https://github.com/matplotlib/cheatsheets

#PowerShell Tools #Red_Team

Small and highly portable detection tests based on MITRE's ATT&CK
https://github.com/redcanaryco/atomic-red-team

PowerSploit A PowerShell Post Exploitation
https://github.com/PowerShellMafia/PowerSploit

obfuscation script designed to bypass AMSI and commercial antivirus solutions
https://github.com/tokyoneon/Chimera

Shellcode implementation of Reflective DLL Injection Convert DLLs to position independent shellcode
https://github.com/monoxgas/sRDI

.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
https://github.com/Kevin-Robertson/Inveigh

Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
https://github.com/WazeHell/vulnerable-AD

Brutally effective DNS amplification ddos attack tool Can cripple a target machine from a single host. Use with extreme caution

https://github.com/thesc1ent1st/j0lt-ddos-tool

GHSL-2021-1031 Information leak in Qualcomm npu driver - CVE-2021-1969
https://securitylab.github.com/advisories/GHSL-2021-1031-npu

2230 - Linux: UAF read: SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) - project-zero
https://bugs.chromium.org/p/project-zero/issues/detail?id=2230

Developing GDB Extension for Heap #Exploitation

https://youtube.com/watch?v=tzUrYsQRHfs

A simple, modern and secure #encryption tool (and Go library) with small explicit keys, no config options

https://github.com/FiloSottile/age

Conti Ransomware In Depth Analysis

direct download ⬇️
https://www.prodaft.com/m/reports/Conti_TLPWHITE_v1.6_WVcSEtc.pdf

CVE-2021-42321 Microsoft Exchange Server Post-Auth RCE
https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398

Ghost let me Inject OS Commands RCE
https://medium.com/@Hossam.Mesbah/ghost-let-me-inject-os-commands-rce-a6e71e54445d

Spring Cloud Netflix Hystrix Dashboard template resolution vulnerability CVE-2021-22053
https://github.com/SecCoder-Security-Lab/spring-cloud-netflix-hystrix-dashboard-cve-2021-22053

Bypass CVE-2021-41379 patch in Windows 11 and Server 2022 with November 2021
https://github.com/klinix5/InstallerFileTakeOver

get SYSTEM via SeImpersonate privileges this project is able to open up a NamedPipe Server, impersonates any user connecting to it
https://github.com/S3cur3Th1sSh1t/MultiPotato

An easy-to-use library for emulating code in minidump files
https://github.com/mrexodia/dumpulator

Lsass NTLM Authentication Backdoor
https://github.com/kindtime/nosferatu

Penetration Testing Step by Step Guide
Second Edition
beginners practical guide to ethical hacking and penetration testing

how to #fuzz the Linux kernel
https://hackmag.com/security/linux-fuzzing

PPID #Spoofing
https://captmeelo.com/redteam/maldev/2021/11/22/picky-ppid-spoofing.html

C3 (Custom Command and Control) is a tool that allows #Red_Teams to rapidly develop and utilise esoteric command and control channels (C2). It's a framework that extends other red team tooling, such as the commercial Cobalt Strike (CS) product via ExternalC2, which is supported at release. It allows the Red Team to concern themselves only with the C2 they want to implement; relying on the robustness of C3 and the CS tooling to take care of the rest
https://github.com/FSecureLABS/C3

for a detailed tutorial
https://labs.f-secure.com/tools/c3

#Penetration_Testing
#oyabun_v2 #leak
_ More sandbox detection methods
_ Fresh modules for data exfiltration and administration
_ AV evasion options
_ Ngrok’s region selection
_ Possibility to manage multiple connections
_ Language-specific command stagers
_ Tunnels …
_ Dedicated command for testing connectivity of each endpoint
_ Experimental hardware disruptors
_ Improved authtoken initialization
_ Indicator of active implants count in the prompt
_ New approach for SSL keypairs regeneration
_ New custom banner and ASCII art
_ Other useful command-line options
#and_more .. .