Damn Vulnerable NodeJS Application

The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST…

Sample JavaScript application with ShiftLeft Inspect integration

Super vulnerable todo list application

A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools

Collection of scripts and tools used during bug bounty work. This will be the location of my automation scripts created for my own personal use, and occassionally public released

SpicyAD is a C# Active Directory penetration testing tool designed for authorized security assessments. It combines multiple AD attack techniques into a single, easy-to-use tool with both interacti…

Hack-the-Box-OSCP-Preparation

Sliver CheatSheet for OSEP

bloodhound-cli is a Python command-line tool designed to query and manage data from a BloodHound database running on Neo4j. It enables you to enumerate ACLs, computers, and users (including filteri…

ADscan is a pentesting tool focused on automating collection, enumeration and common attack paths in Active Directory. It provides an interactive CLI with a wide range of commands to streamline int…

Attack and defend active directory using modern post exploitation adversary tradecraft activity

Attack Graph Visualizer and Explorer (Active Directory) ...Who's *really* Domain Admin?

CISSP Study Resources

improving...

OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST),…

Meaningful outline of the knowledge you need in order to obtain the OSCP certification

Powershell tool to automate Active Directory enumeration.

Scripts for offensive security

OSCP Exam Report Template in Markdown

OSCP 2023 Preparation Guide | Courses, Tricks, Tutorials, Exercises, Machines

Penetration Testing For - Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting, etc...

a C# implementation for a shellcode loader that capable to bypass Cortex XDR and Sophos EDR.

Dig your way out of networks like a Meerkat using SSH tunnels via ClickOnce.

This repository is a compilation of all APT simulations that target many vital sectors,both private and governmental. The simulation includes written tools, C2 servers, backdoors, exploitation tech…

LDAP Enumeration Tool for Pentesters

Hexdump metadata