A list of useful payloads and bypass for Web Application Security and Pentest/CTF

🕵️‍♂️ Offensive Google framework.

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

Hunt for security weaknesses in Kubernetes clusters

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

The perfect emulation setup to study and develop the Linux kernel v5.4.3, kernel modules, QEMU, gem5 and x86_64, ARMv7 and ARMv8 userland and baremetal assembly, ANSI C, C++ and POSIX. GDB step deb…

The FLARE team's open-source tool to identify capabilities in executable files.

JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.

Analyze the security of any domain by finding all the information possible. Made in python.

Programmable debugger

Kubernetes Security Training Platform - focusing on security mitigation

🐍 🔍 GuardDog is a CLI tool to Identify malicious PyPI and npm packages

Execute ELF files without dropping them on disk

Welcome to the Meta Threat Research Indicator Repository, a dedicated resource for the sharing of Indicators of Compromise (IOCs) and other threat indicators with the external research community

An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and security implications

A tool to keep AWS pentests and red teams efficient, organized, and stealthy.

PoC for gaining persistency on vulnerable Lambdas

Exploit-DB Docker Images