Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike. - GitHub - Syslifters/sysreptor: Fully customisable, offensiv...

Contribute to mandiant/ADFSpoof development by creating an account on GitHub.

UAC Bypass via DLL hijacking of Microsoft Support Diagnostic Tool (MSDT). The UAC bypass method described here is based on DLL hijacking which happens when loading the Bluetooth diagnostic package.

Lateral movement is the process of moving from one compromised host to another. Penetration testers and red teamers alike commonly used to…

You can think about the post-exploitation part of penetration testing as an army or rebel force living off the land. You’re scrounging around the victim’s website using what’s available —...

A tool to dump the login password from the current linux user - GitHub - huntergregal/mimipenguin: A tool to dump the login password from the current linux user

My notes about all things red teaming experiments and more. (Very well done notes, great stuff on red teaming)

Windows and Active Directory

Attackers commonly rely on backdoors to easily gain reentry and maintain control over a website. They also use PHP functions to further deepen the level of their backdoors. A good example of this is the shell_exec

Modern web applications typically rely on chains of multiple servers, which forward HTTP requests to one another. The attack surface created by this forwarding is increasingly receiving more attention, including the recent popularisation of cache poisoning...

A tool to abuse Exchange services. Contribute to sensepost/ruler development by creating an account on GitHub.

Azure Security Resources and Notes. Contribute to rootsecdev/Azure-Red-Team development by creating an account on GitHub.

Online Reverse Shell generator with Local Storage functionality, URI & Base64 Encoding, MSFVenom Generator, and Raw Mode. Great for CTFs.

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. - GitHub - lanjelot/patator: Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

Welcome to the page where you will find each hacking trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

Mainstream appreciation for cyberattacks targeting continuous integration and continuous delivery/continuous deployment (CI/CD) pipelines has been gaining momentum. Attackers and defenders increasingly understand that build pipelines are highly-privileged targets with a substantial attack surface. But what are the potential weak points in a CI/CD pipeline? What does this type of attack look like in practice? NCC Group has found many attack paths through different security assessments that could have led to a compromised CI/CD pipeline in enterprises large and small. In this post, we will share some of our war stories about what we have observed and been able to demonstrate on CI/CD pipeline security assessments, clearly showing why there is the saying, “they are execution engines"

Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations. - outflanknl/RedELK: Red Team's S...

Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV. - kgretzky/pwndrop: Self-deployable file hosting service for red teamers, al...