Lists (1)
Sort Name ascending (A-Z)
Stars
🐛 A list of writeups from the Google VRP Bug Bounty program
This repository contains detailed adversary simulation APT campaigns targeting various critical sectors. Each simulation includes custom tools, C2 servers, backdoors, exploitation techniques, stage…
A reliable exploit + write-up to elevate privileges to root. (Tested on Ubuntu 22.04)
Useful tips and resources for preparing for the AWAE exam.
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
Python script for exploiting command injection in Open PLC Webserver v3
This challenge is Inon Shkedy's 31 days API Security Tips.
📡 PoC auto collect from GitHub.
Various *nix tools built as statically-linked binaries
Python tool to test known techniques to bypass 403 and 401 HTTP responses.
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
A Path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager Project's Tiny File Manager <= 2.4.6 allows remote attackers with valid user accounts to …
Checklist for container security - devsecops practices
This repository contains a list of pseudo-sorted malicious JavaScripts collected from time to time.
Collection of CTF Web challenges I made
All the labs in this repository simulate real world bugs I found in the wild
PowerSploit - A PowerShell Post-Exploitation Framework
A little tool to play with Windows security
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
A list of public penetration test reports published by several consulting firms and academic security groups.
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
DevSkim is a set of IDE plugins, language analyzers, and rules that provide security "linting" capabilities.

