Stars
Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernet…
Tool for auditing RBACs in Kubernetes
Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide
Gnirehtet provides reverse tethering for Android
Detect and bypass web application firewalls and protection systems
CTF chall write-ups, files, scripts etc (trying to be more organised LOL)
Focalboard is an open source, self-hosted alternative to Trello, Notion, and Asana.
Enumeration/exploit/analysis/download/etc pentesting framework for GCP; modeled like Pacu for AWS; a product of numerous hours via @WebbinRoot
AWS Attack Path Management Tool - Walking on the Moon
A simple Toolkit to BF and decrypt Windows EntraId CacheData
Tools for interacting with authentication packages using their individual message protocols
WConsole Extractor is a python library which automatically exploits a Werkzeug development server in debug mode. You just have to write a python function that leaks a file content and you have your…
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
This map lists the essential techniques to bypass anti-virus and EDR
evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)
A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.
Bloodhound Reporting for Blue and Purple Teams
Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)
BlueHound - pinpoint the security issues that actually matter
Email security is a key part of internet communication. But what are SPF, DKIM, and DMARC, and how do they work? This guide will explain it all in simple terms to make these concepts clearer.
😎 Awesome list of all things related to Microsoft Entra
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.
Rump at BreizhCTF 2k24 presenting XSS escaping bypass with Unicode