Brian Fehrman // Many of you have likely heard of Domain Fronting. Domain Fronting is a technique that can allow your C2 traffic to blend in with a target’s traffic […]

A live pastebin for HTML, CSS & JavaScript and a range of processors, including SCSS, CoffeeScript, Jade and more...

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat...

Scenario You have recovered Domain User credentials for a domain but have  no privileged or interactive access to any targets i.e. no Domain Admin account or any account that is capable of establis…

A blog about information security, hacking, and protecting digital infrastructure. Penetration testing, malware analysis, and intrusion detection.

A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more. - trimstray/the-book-of-secret-knowledge

Pwn2Own is a heck of an amazing contest. Not only because of all the media and vibe that goes with it, but because of the caliber of skills that we see demonstrated. It’s also quite fascinating to see new people burst onto the scene with mad skills. Additionally…

As the pace of life accelerates, we spend less time waiting or in downtime.  Kubernetes offers something similar for our life with technology. It is a container orchestration platform that offers an easy, automated way...

In August 2019 Microsoft announced it had patched a collection of RDP bugs, two of which were wormable. The wormable bugs, CVE-2019-1181 & CVE-2019-1182 affect every OS from Windows 7 to Windows 10. There is some confusion about which CVE is which, though…

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc. - toniblyx/my-arsenal-of-aws-security-tools

Exploitation Framework for Embedded Devices. Contribute to threat9/routersploit development by creating an account on GitHub.

How To Create a Private Online Identity with An Anonymous Email Address and a Virtual Phone.

So you guys must be aware of CSRF attack, if not then here is a short intro:

Open-Source Phishing Toolkit. Contribute to gophish/gophish development by creating an account on GitHub.

Every Windows computer that joins a domain has a computer account. Similar to user accounts, computer accounts provide a means for authentic...