A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts to achieve AV evasion, compiled for educational purposes. The contents of this repository are the result of personal research, including reading materials online and conducting trial-and-error attempts in labs and pentests.

OSCP 2023 Preparation Guide | Courses, Tricks, Tutorials, Exercises, Machines

WiFi Penetration Testing Guide

Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.

Discover new target domains using Content Security Policy

A Burp Suite extension for identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violations. It supports dynamic payload generation, including BCheck syntax, and can automatically generate Bambdas scripts. Additionally, it offers "Copy as JavaScript" to convert HTTP requests for enhanced XSS testing.

The Most Advanced Client-Side Prototype Pollution Scanner

one-stop resource for all things offensive security.

「💀」Proof of concept on BYOVD attack

SQLMutant is a powerful SQL injection testing tool that includes both passive and active reconnaissance processes for any given domain. It filters URLs to identify those with parameters susceptible to SQL injection formats and then performs injection attacks. These attacks include pattern matching, error analysis, and timing attacks.

This comprehensive and central repository is designed for cybersecurity enthusiasts, researchers, and professionals seeking to stay ahead in the field. It provides a valuable resource for those dedicated to improving their skills in malware development, malware research, offensive security, security defenses and measures.

No description provided.

fsociety is a penetration toolkit inspired from MR. ROBOT

Chalumeau is automated,extendable and customizable credential dumping tool based on powershell and python.

Red Team Arsenal - a comprehensive collection of tools, scripts, and techniques for conducting red team operations and adversary simulations, including custom beacons, malleable C2 profiles, aggressor scripts, advanced payload generation methods, as well as other evasion tools, tailored for red team operations and security research.

A lightweight Command and Control (C2) framework built for offensive security research and red teaming (Post Exploitation).

「⚠️」Performing a BYOVD on the truesight.sys driver

Our repo for crushing through RTO course & labs.

A nostalgic journey back to the era of retro RPGs with a cyber twist in the theme of Die Hard

urlyzer is a URL parsing analysis tool.

My experiments in weaponizing ONOS applications (https://github.com/opennetworkinglab/onos)

Vulnserver exploits

FConnch is a fast bulk subdomain availability checker

🏴‍☠️ BST is an ever-evolving collection of 🛠 tools to help in security and administration tasks 😉

ChatGPT terminal assistant with a good memory to be used in ethical hacking, offensive cybersecurity and red teaming. **Warning:** These scripts are for training purposes to accompany a training course. Do not use on real applications without explicit permissions.

keylogger using cpp and windows hooks , undetected by all antivirus providers

fipp.py is a flexible, interactive password processor that filters and customizes password lists based on length, special characters, numbers, uppercase requirements, and encoding, with both command-line and interactive modes.

Advanced Living Off the Land (LotL) tactics, tools, and abuse techniques for red teams, defenders, and cyber researchers. Stealth over payload.

A replica of proxychains, with UDP/TCP and future ptrace() support

Shark Raider is an offensive security firmware developed for ESP32 for educational use, research, lectures, workshops in controlled environments, and training of defensive security teams - Blue Team, with the purpose of raising awareness about vulnerabilities and security implementation