SysWhispers on Steroids - AV/EDR evasion via direct system calls.

一个高度可定制化的JNDI和Java反序列化利用工具

平常看到好的渗透hacking工具和多领域效率工具的集合

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Scripted Local Linux Enumeration & Privilege Escalation Checks

一个集成了各种好玩功能的Xposed模块，支持获取vip，去除广告，等功能 / An Xposed module that integrates various fun functions, supporting functions such as obtaining VIP, removing ads, etc.

各种无后门大马的整理，有用就点个Star吧~

Focalboard is an open source, self-hosted alternative to Trello, Notion, and Asana.

A self-hostable bookmark-everything app (links, notes and images) with AI-based automatic tagging and full text search

Learn how to design large-scale systems. Prep for the system design interview. Includes Anki flashcards.

All the deals for InfoSec related software/tools this Black Friday

A cheat sheet that contains advanced queries for SQL Injection of all types.

一个2023届毕业生在毕业前持续更新、收集的安全岗面试题及面试经验分享~

Tool for Active Directory Certificate Services enumeration and abuse

A simple index for HackTheBox machine along with tags

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

一个批量域名信息查询工具，可查ICP备案号、域名归属信息

批量查询ip对应域名及百度权重、备案信息；ip反查域名；ip查备案信息；资产归属查询；百度权重查询

备案域名批量查询

Web Pentesting Fuzz 字典,一个就够了。

记录实战中的各种sql注入绕过姿势

绕过杀软dumphash 离线读取

红队武器库漏洞利用工具合集整理

瓶颈渗透,web渗透,red红队,fuzz param,注释,js字典,ctf

一个旨在通过应用场景 / 标签对 Github 红队向工具 / 资源进行分类收集，降低红队技术门槛的手册【持续更新】

红队技术笔记

红方人员作战执行手册

通过 Redis 主从写出无损文件

自动化巡航扫描框架（可用于红队打点评估）