Application and Image Security Scans in CI/CD

An step by step fuzzing tutorial. A GitHub Security Lab initiative

WTF Snapshot fuzzing of macOS targets

PoC for a new sleep obfuscation technique leveraging waitable timers to evade memory scanners.

Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation , it contains Anti-sandbox , if you run it under unperformant…

Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique

Build your own reconnaissance system with Osmedeus Next Generation

Open-source tool to enforce privacy & security best-practices on Windows, because privacy is sexy 🍑🍆

Red Teaming Tactics and Techniques

Empire is a PowerShell and Python 3.x post-exploitation framework.

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@fireeye.com

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

Small and highly portable detection tests based on MITRE's ATT&CK.

Cyberdelia, a Collection of Command and Control frameworks

Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat…

Exploit Database binary exploits located in the /sploits directory

Framework for Making Environmental Keyed Payloads (NO LONGER SUPPORTED)

THE ESP8266 HONEYPOT: A PROJECT TO TRAP SCRIPT KIDDIES EVERYWHRE!!

Serverless reference app and backend API, showcasing authentication and authorization patterns using Amazon Cognito, Amazon API Gateway, AWS Lambda, and AWS IAM.

API server for your secrets.

Sets Transparent proxy tunnel through Tor, I2P, Privoxy, Polipo and modify DNS; Include Anonymizing Relay Monitor (arm), macchanger and wipe (Cleans ram/cache & swap-space) features, ID spoofing ha…

two grpc microservices with mutual TLS and token authentication in Go

Simple VPN.

⚡ Lightning Fast and Elegant Scraping Framework for Gophers ⚡

gcredstash manages credentials using AWS Key Management Service (KMS) and DynamoDB.