A Central Control Plane for AWS Permissions and Access

Sophisticated, battery-conscious background-geolocation with motion-detection

[CCS'24] A dataset consists of 15,140 ChatGPT prompts from Reddit, Discord, websites, and open-source datasets (including 1,405 jailbreak prompts).

Microsoft ICSpector (ICS Forensics Tools framework) is an open-source forensics framework that enables the analysis of Industrial PLC metadata and project files.

Python script to enumerate valid Microsoft 365 domains, retrieve tenant name, and check for an MDI instance.

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Wiki.js with Let's Encrypt Using Docker Compose

Google Drive permission audit tool

A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities and enables running traffic-based analysis of any type.

Source code for Twitter's Recommendation Algorithm

Tools and Techniques for Blue Team / Incident Response

Tools and Techniques for Red Team / Penetration Testing

Practical Ethical Hacking Labs 🗡🛡

SOC Interview Questions

Extract Windows Wi-Fi Passwords to Remote URL

An automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and "loot" secrets out of the client-facing code of sites.

Git All the Payloads! A collection of web attack payloads.

🎓 Path to a free self-taught education in Computer Science!

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

Standard and Advanced Demos for learn.cantrill.io courses

Checklist for container security - devsecops practices

The lazier way to manage everything docker

Lab files for A Cloud Guru's Google Certified Associate Cloud Engineer course -- ACG GCP ACE

The Google Cloud Developer's Cheat Sheet

ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON.

Script gets you access to download private videos on Vimeo

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

Threat matrix for CI/CD Pipeline

Documenting your Threat Models with HCL