Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernet…

Tool for auditing RBACs in Kubernetes

Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide

Gnirehtet provides reverse tethering for Android

Dex to Java decompiler

Detect and bypass web application firewalls and protection systems

CTF chall write-ups, files, scripts etc (trying to be more organised LOL)

Focalboard is an open source, self-hosted alternative to Trello, Notion, and Asana.

Enumeration/exploit/analysis/download/etc pentesting framework for GCP; modeled like Pacu for AWS; a product of numerous hours via @WebbinRoot

AWS Attack Path Management Tool - Walking on the Moon

A simple Toolkit to BF and decrypt Windows EntraId CacheData

Tools for interacting with authentication packages using their individual message protocols

WConsole Extractor is a python library which automatically exploits a Werkzeug development server in debug mode. You just have to write a python function that leaks a file content and you have your…

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

This map lists the essential techniques to bypass anti-virus and EDR

evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)

GPT-4, GPT‑4o, GPT-3.5 Jailbreak

The Havoc Framework.

A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

Bloodhound Reporting for Blue and Purple Teams

Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)

BlueHound - pinpoint the security issues that actually matter

Email security is a key part of internet communication. But what are SPF, DKIM, and DMARC, and how do they work? This guide will explain it all in simple terms to make these concepts clearer.

A repo for TPM sniffing greatness

😎 Awesome list of all things related to Microsoft Entra

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.

FestIn - Open S3 Bucket Scanner

Rump at BreizhCTF 2k24 presenting XSS escaping bypass with Unicode