Stars
An open-source AI agent that brings the power of Gemini directly into your terminal.
High-performance DNS validator using template-based verification
A community-driven collection of BloodHound queries
A web based checklist driven note taking app following bug bounty and web app pentest methodology.
CF-Hero is a reconnaissance tool that uses multiple data sources to discover the origin IP addresses of Cloudflare-protected web applications
An offline, CLI-based MITRE ATT&CK Matrix browser. Written in Rust.
An even funnier way to disable windows defender. (through WSC api)
A research project to add some brrrrrr to Burp
A security assessment tool for analyzing Active Directory Group Policy Objects (GPOs) to identify misconfigurations and vulnerabilities
A Model Context Protocol (MCP) server to converse with data in Bloodhound
Abuse trust-boundaries to bypass firewalls and network controls
Penetration Testing For - Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting, etc...
A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass…
Evasive shellcode loader for bypassing event-based injection detection (PoC)
A method of bypassing EDR's active projection DLL's by preventing entry point exection
EDR & Antivirus Bypass to Gain Shell Access
Awesome EDR Bypass Resources For Ethical Hacking
Tylous / Mangle
Forked from optiv/MangleMangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs
KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory
The Python Risk Identification Tool for generative AI (PyRIT) is an open source framework built to empower security professionals and engineers to proactively identify risks in generative AI systems.
AI Red Teaming playground labs to run AI Red Teaming trainings including infrastructure.
A meta-list of public references to threat actor profiles and APT group datasets.
A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Integrates with LLM agents via MCP for enhanced analysis capabil…
Cybersecurity AI (CAI), an open Bug Bounty-ready Artificial Intelligence