Stars
A Post-exploitation Toolset for Interacting with the Microsoft Graph API
Azure Security Resources and Notes
Tool for Active Directory Certificate Services enumeration and abuse
Python version of the C# tool for "Shadow Credentials" attacks
Execute unmanaged Windows executables in CobaltStrike Beacons
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
Detect and block introduction of unapproved 3rd party libraries. Typically used in a CI.
A lightweight HTTP/HTTPS reverse proxy for efficient, policy-based traffic filtering and redirection.
🌹 Thorn is an open-source, data privacy vault to store and manage PII in a fully compliant manner.
A graph-based tool for visualizing effective access and resource relationships in AWS environments.
You can find hardcoded Api-Key,Secret,Token Etc..
Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
Stealing Signatures and Making One Invalid Signature at a Time
C# POC to extract NetNTLMv1/v2 hashes from ETW provider
A tool to extract the IdP cert from vCenter backups and log in as Administrator
Procyon is a suite of Java metaprogramming tools, including a rich reflection API, a LINQ-inspired expression tree API for runtime code generation, and a Java decompiler.
Get root on macOS 13.0.1 with CVE-2022-46689 (macOS equivalent of the Dirty Cow bug), using the testcase extracted from Apple's XNU source.
Serverless Redirector in various cloud vendor for red team
A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats. Supports: ZIP, 7zip, PDF, ISO, IMG, CAB, VHD, VHDX
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …
Community curated list of templates for the nuclei engine to find security vulnerabilities.
Somewhat Reliable PoC Exploit for CVE-2022-36804 (BitBucket Critical Command Injection)