Master the command line in one page
https://github.com/jlevy/the-art-of-command-line
All sysmon event types and their fields explained
https://github.com/olafhartong/sysmon-cheatsheet
https://github.com/jlevy/the-art-of-command-line
All sysmon event types and their fields explained
https://github.com/olafhartong/sysmon-cheatsheet
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet
https://github.com/fatedier/frp
Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration
https://github.com/XTLS/Xray-core
https://github.com/fatedier/frp
Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration
https://github.com/XTLS/Xray-core
ByPass SSL Pinning with IP Forwarding | iptables
https://medium.com/@yoshimlutfi/bypass-ssl-pinning-with-ip-forwarding-iptables-568171b52b62
Microsoft Internet Explorer Active-X Control Security Bypass
https://packetstormsecurity.com/files/165160/MICROSOFT-INTERNET-EXPLORER-ACTIVEX-CONTROL-SECURITY-BYPASS.txt
https://medium.com/@yoshimlutfi/bypass-ssl-pinning-with-ip-forwarding-iptables-568171b52b62
Microsoft Internet Explorer Active-X Control Security Bypass
https://packetstormsecurity.com/files/165160/MICROSOFT-INTERNET-EXPLORER-ACTIVEX-CONTROL-SECURITY-BYPASS.txt
#Bugbounty Resources
https://github.com/aufzayed/bugbounty
Poc, EXP, scripts, privilege escalation, gadgets, etc related to penetration testing
https://github.com/Mr-xn/Penetration_Testing_POC
https://github.com/aufzayed/bugbounty
Poc, EXP, scripts, privilege escalation, gadgets, etc related to penetration testing
https://github.com/Mr-xn/Penetration_Testing_POC
Intranet #penetration tools
https://github.com/Al1ex/Pentest-tools
Rust Weaponization for #Red_Team Engagements
https://github.com/trickster0/OffensiveRust
https://github.com/Al1ex/Pentest-tools
Rust Weaponization for #Red_Team Engagements
https://github.com/trickster0/OffensiveRust
Kali Intelligence Suite (KIS) is an intelligence gathering and data mining tool for penetration testers
https://github.com/chopicalqui/KaliIntelligenceSuite
A cross platform RAT
https://github.com/hash3liZer/SillyRAT
https://github.com/chopicalqui/KaliIntelligenceSuite
A cross platform RAT
https://github.com/hash3liZer/SillyRAT
#fileless-xec used on target machine to stealthy execute a binary file located on attacker machine
https://github.com/ariary/fileless-xec
Linux post #exploitation framework written in bash designed to assist red teams in persistence, reconnaissance, privilege escalation and leaving no trace
https://github.com/d4rk007/RedGhost
Multi-threaded, multi-os/platform (Linux/Windows) c2 server and Windows reverse TCP shell client
https://github.com/d4rk007/sak1to-shell
https://github.com/ariary/fileless-xec
Linux post #exploitation framework written in bash designed to assist red teams in persistence, reconnaissance, privilege escalation and leaving no trace
https://github.com/d4rk007/RedGhost
Multi-threaded, multi-os/platform (Linux/Windows) c2 server and Windows reverse TCP shell client
https://github.com/d4rk007/sak1to-shell
Automatically spawn a reverse shell fully interactive for Linux or Windows victim
https://github.com/nodauf/Girsh
Injects code into ELF executables post-build
https://github.com/zznop/drow
https://github.com/nodauf/Girsh
Injects code into ELF executables post-build
https://github.com/zznop/drow
User enumeration and password #bruteforce on Azure, ADFS, OWA, O365, Teams and gather emails on Linkedin
https://github.com/nodauf/GoMapEnum
NoSql Injection CLI tool, for finding #vulnerable websites using MongoDB
https://github.com/Charlie-belmer/nosqli
https://github.com/nodauf/GoMapEnum
NoSql Injection CLI tool, for finding #vulnerable websites using MongoDB
https://github.com/Charlie-belmer/nosqli
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory
https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
Cloud service provider security mistakes (AWS و GCP و Azure)
https://github.com/SummitRoute/csp_security_mistakes
https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
Cloud service provider security mistakes (AWS و GCP و Azure)
https://github.com/SummitRoute/csp_security_mistakes
#Ransomware #python open source 🔐
https://github.com/HugoLB0/Ransom0
#Rust Ransomware
https://github.com/cdong1012/Rust-Ransomware
#PHP Ransomware
https://github.com/ivan-sincek/php-ransomware
#Android Ransomware
https://github.com/termuxhackers-id/SARA
#Linux Ransomware
https://github.com/tarcisio-marinho/GonnaCry
https://github.com/HugoLB0/Ransom0
#Rust Ransomware
https://github.com/cdong1012/Rust-Ransomware
#PHP Ransomware
https://github.com/ivan-sincek/php-ransomware
#Android Ransomware
https://github.com/termuxhackers-id/SARA
#Linux Ransomware
https://github.com/tarcisio-marinho/GonnaCry
#CVE-2021-44228 #Log4Shell #RCE
Remote code injection in Log4j
Affected versions: Any #Log4j version prior to v2.15.0 is affected to this specific issue
poc
https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce
#Log4j impact on manufacturers and components summary from the Internet community
https://github.com/YfryTchsGD/Log4jAttackSurface
#LOG4J Java exploit - A trick to bypass words blocking patches
https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
vaccinate a victim server against Log4Shell
https://github.com/Cybereason/Logout4Shell
Detector for Log4Shell exploitation attempts
https://github.com/Neo23x0/log4shell-detector
Spring Boot web application vulnerable to #Log4j
https://github.com/christophetd/log4shell-vulnerable-app
Vulnerability scanner for #Log4j2
https://github.com/logpresso/CVE-2021-44228-Scanner
Simple Python 3 script to detect the #Log4j Java library vulnerability for a list of URL with multithreading
https://github.com/takito1812/log4j-detect
Remote code injection in Log4j
Affected versions: Any #Log4j version prior to v2.15.0 is affected to this specific issue
poc
https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce
#Log4j impact on manufacturers and components summary from the Internet community
https://github.com/YfryTchsGD/Log4jAttackSurface
#LOG4J Java exploit - A trick to bypass words blocking patches
https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
vaccinate a victim server against Log4Shell
https://github.com/Cybereason/Logout4Shell
Detector for Log4Shell exploitation attempts
https://github.com/Neo23x0/log4shell-detector
Spring Boot web application vulnerable to #Log4j
https://github.com/christophetd/log4shell-vulnerable-app
Vulnerability scanner for #Log4j2
https://github.com/logpresso/CVE-2021-44228-Scanner
Simple Python 3 script to detect the #Log4j Java library vulnerability for a list of URL with multithreading
https://github.com/takito1812/log4j-detect
#CVE-2021-42287 / #CVE-2021-42278 Scanner & Exploiter
https://github.com/cube0x0/noPac
impersonate DA from standard domain user
https://github.com/WazeHell/sam-the-admin
https://github.com/cube0x0/noPac
impersonate DA from standard domain user
https://github.com/WazeHell/sam-the-admin
Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL
https://github.com/snovvcrash/DInjector
venom C2 shellcode generator, compiler, handler
https://github.com/r00t-3xp10it/venom
https://github.com/snovvcrash/DInjector
venom C2 shellcode generator, compiler, handler
https://github.com/r00t-3xp10it/venom
#CVE-2021-44228 #Log4Shell #RCE
Log4j2 RCE Passive Scanner
plugin for BurpSuite
https://github.com/whwlsfb/Log4j2Scan
Nmap NSE scripts to check against log4shell
https://github.com/Diverto/nse-log4shell
The source IP uses Apache Log4j
RCE to try to attack
https://github.com/RedDrip7/Log4Shell_CVE-2021-44228_related_attacks_IOCs
Log4j2 RCE Passive Scanner
plugin for BurpSuite
https://github.com/whwlsfb/Log4j2Scan
Nmap NSE scripts to check against log4shell
https://github.com/Diverto/nse-log4shell
The source IP uses Apache Log4j
RCE to try to attack
https://github.com/RedDrip7/Log4Shell_CVE-2021-44228_related_attacks_IOCs
A script that checks for vulnerable Log4j systems using injection of the payload in common HTTP headers
https://github.com/NorthwaveSecurity/log4jcheck
log4j rce test environment and poc
https://github.com/leonjza/log4jpwn
Find log4j on some places
https://github.com/perryflynn/find-log4j
check whether one of your applications is affected by a bug Log4Shell
https://github.com/alexbakker/log4shell-tools
https://github.com/NorthwaveSecurity/log4jcheck
log4j rce test environment and poc
https://github.com/leonjza/log4jpwn
Find log4j on some places
https://github.com/perryflynn/find-log4j
check whether one of your applications is affected by a bug Log4Shell
https://github.com/alexbakker/log4shell-tools
#CVE-2021-3939 #ubuntu #accountsservice
poc
https://github.com/github/securitylab/tree/b36e194556f956c3ec63bf9d8af454c8f620f33a/SecurityExploits/Ubuntu/accountsservice_CVE-2021-3939
Getting root on Ubuntu through wishful thinking
https://securitylab.github.com/research/ubuntu-accountsservice-CVE-2021-3939
poc
https://github.com/github/securitylab/tree/b36e194556f956c3ec63bf9d8af454c8f620f33a/SecurityExploits/Ubuntu/accountsservice_CVE-2021-3939
Getting root on Ubuntu through wishful thinking
https://securitylab.github.com/research/ubuntu-accountsservice-CVE-2021-3939
Python implementation for #CVE-2021-42278 Active Directory Privilege Escalation
https://github.com/ly4k/Pachine
https://github.com/ly4k/Pachine
make use of a filesystem #bug for the #Playstation_4 on #firmware 9.00 to allow jailbreaking and kernel-level modifications to the system
https://github.com/ChendoChap/pOOBs4
https://github.com/ChendoChap/pOOBs4
explore Javascript Prototype Pollution
https://youtube.com/watch?v=XS_UMqQalLI&feature
https://youtube.com/watch?v=XS_UMqQalLI&feature