Bookmarks Menu
Mozilla Firefox
- Get Help
- Customize Firefox
- Get Involved
- About Us
Mozilla Firefox
- Get Help
- Customize Firefox
- Get Involved
- About Us
Bookmarks Toolbar
offensive-bookmarks
OSINT
individuals
- PimEyes: Face Recognition Search Engine and Reverse Image Search
- Username Search - Social Media Profile Lookup - IDCrawl
- CheckUsernames - Social Media Username Search by KnowEm
- FaceCheck - Reverse Image Search - Face Recognition Search Engine
- NameCheckup - Find Available Username
- WhatsMyName Web
- pictriev, face search engine
companies
- crt.sh | Certificate Search
- DNSdumpster.com - dns recon and research, find and lookup dns records
- 28 Online Vulnerability Scanners & Network Tools | HackerTarget.com
- Phonebook.cz - Intelligence X
- WHOIS Search, Domain Name, Website, and IP Tools - Who.is
- intoDNS: checks DNS and mail servers health
- URL and website scanner - urlscan.io
- Webpage archive
- Internet Archive: Digital Library of Free & Borrowable Books, Movies, Music & Wayback Machine
- BuiltWith Technology Lookup
- Hurricane Electric BGP Toolkit
- WordPress Recon and Security Testing | wprecon.com – Online WordPress Testing Tool to discover security related information and configuration issues.
- PageSpeed Insights
- Entrust Certificate Search - Entrust, Inc.
- Analyse your HTTP response headers
- IP and Domain Reputation Center || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
- Crunchbase: Discover innovative companies and the people behind them
- OSINT.SH - All in one Information Gathering Tools
- MAC Address Vendor Lookup | MAC Address Lookup
- Home | MAC Vendor Lookup Tool & API | MACVendors.com
emails
- Have I Been Pwned: Check if your email has been compromised in a data breach
- Temp Mail – The Best Temp Email Inbox
- Temp Mail - Temporary Email
- Find email addresses in seconds • Hunter (Email Hunter)
- Epieos, the ultimate OSINT tool
- Email Reputation Check, Email Risk Score Check | APIVoid
- Email Finder • Free email search for B2B sales | Snov.io
search engines
- Shodan Search Engine
- Exposure Management and Threat Hunting Solutions | Censys
- Google
- Yandex
- Yahoo Search - Web Search
- DuckDuckGo — Privacy, simplified.
- Home - ZoomEye really mapping,global leader of cyberspace mapping
- GreyNoise Visualizer
- SerpApi: Google Search API
- Google Hacking Database (GHDB) - Google Dorks, OSINT, Recon
geolocation
- Locate IP Address Lookup
- Online photo metadata and EXIF data viewer | Jimpl
- Photo Location & Online EXIF Data Viewer - Pic 2 Map
cameras
- Insecam - World biggest online cameras directory
- EarthCam - Webcam Network
wireless
- WiGLE: Wireless Network Mapping
- OSINT Framework
- jivoi/awesome-osint: A curated list of amazingly awesome OSINT
cheat sheets
web
- payloadbox/xss-payload-list: 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
- https://security.love/CSRF-PoC-Genorator/
- Bug Bounty Cheatsheet
- swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF
- dwisiswant0/awesome-oneliner-bugbounty: A collection of awesome one-liner scripts especially for bug bounty tips.
- daffainfo/AllAboutBugBounty: All about bug bounty (bypasses, payloads, and etc)
- GTFOBins
- LOLBAS
- HackTricks - HackTricks
- blackc03r/OSCP-Cheatsheets: OSCP Cheatsheets
- Nmap Cheat Sheet 2023: All the Commands, Flags & Switches
- infosecn1nja/AD-Attack-Defense: Attack and defend active directory using modern post exploitation adversary tradecraft activity
- File Signatures
- explainshell.com - match command-line arguments to their help text
- Cheat Sheets | pentestmonkey
- Red Teaming Toolkit Collection -
malware development
code repos
- adamyaxley/Obfuscate: Guaranteed compile-time string literal obfuscation header-only library for C++14
- JustasMasiulis/inline_syscall: Inline syscalls made easy for windows on clang
- cinzinga/Evasion-Practice: A variety of AV evasion techniques written in C# for practice.
- jthuraisamy/SysWhispers: AV/EDR evasion via direct system calls.
- vxunderground/MalwareSourceCode: Collection of malware source code for a variety of platforms in an array of different programming languages.
- tarcisio-marinho/GonnaCry: A Linux Ransomware
- EgeBalci/EGESPLOIT: EGESPLOIT is a golang library for malware development
- cobbr/SharpSploit: SharpSploit is a .NET post-exploitation library written in C#
- not-sekiun/PyIris: PyIris is a modular remote access trojan toolkit written in python targeting Windows and Linux systems.
- dmdhrumilmistry/pyhtools: A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.
- cdong1012/Rust-Ransomware: Ransomware written in Rust
- cocomelonc/peekaboo: Simple undetectable shellcode and code injector launcher example. Inspired by RTO malware development course.
- safesploit/PythonRAT: Command and Control (C2) server with backdoor acting as Remote Administration Trojan (RAT) written in Python3
- MrTuxx/OffensiveGolang: A collection of offensive Go packages inspired by different Go repositories.
- EddieIvan01/memexec: A library for loading and executing PE (Portable Executable) from memory without ever touching the disk
- Mahmoud7Osman/CVenom: CVenom is An Ultra Easy-To-Use Cross-Platform Malware Development Framework For Advanced Malware Development
- alichtman/malware-techniques: A collection of techniques commonly used in malware to accomplish core tasks.
- MalDev101/Loveware: Community driven computer worm
- LordNoteworthy/al-khaser: Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
- rootkit-io/awesome-malware-development: Organized list of my malware development resources
- sevagas/macro_pack: macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.
- outflanknl/EvilClippy: A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
- Mr-Un1k0d3r/UniByAv
- govolution/avet: AntiVirus Evasion Tool
- gentilkiwi/mimikatz: A little tool to play with Windows security
- huntergregal/mimipenguin: A tool to dump the login password from the current linux user
- skelsec/pypykatz: Mimikatz implementation in pure Python
- mkaring/ConfuserEx: An open-source, free protector for .NET applications
- tkmru/awesome-linux-rootkits: a summary of linux rootkits published on GitHub
- CheckPointSW/Evasions: Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into categories for ease of searching and understanding. Also provided are code samples, signature recommendations and countermeasures within each category for the described techniques.
- 3intermute/linux_syscall_hook: system call hooking on arm64 linux via a variety of methods
- packing-box/awesome-executable-packing: A curated list of awesome resources related to executable packing
- ElliotAlderson51/Fsociety-RAT: Fsociety RAT, The Open Source C++ Remote Administration Tool (RAT)
- s9rA16Bf4/go-evil: Customizing evil has never been so easy
- S3cur3Th1sSh1t/OffensiveVBA: This repo covers some code execution and AV Evasion methods for Macros in Office documents
- S3cur3Th1sSh1t/Amsi-Bypass-Powershell: This repo contains some Amsi Bypass methods i found on different Blog Posts.
- hfiref0x/UACME: Defeating Windows User Account Control
blogs
- TheXcellerator
- vx-underground
- 0xPat blog – Red/purple teamer
- The Wover – Red Teaming, .NET, and random computing topics
- cocomelonc
- Malware Development – Welcome to the Dark Side: Part 1 - Checkmate
- TMZ Lair - Underground Coding
- The Art of Malware
- Evasion techniques
- https://smarinovic.github.io/
- Capt. Meelo
- How to Build Obfuscated Macros for your Next Social Engineering Campaign
- Malicious Macros for Script Kiddies - TrustedSec
- XIT – Medium
- Linux.Midrashim: Assembly x64 ELF virus | TMZ Lair - Underground Coding
- Creating a Rootkit to Learn C - The Human Machine Interface
- (nearly) Complete Linux Loadable Kernel Modules
- Engineering antivirus evasion – Sec Team Blog
- Hidden in PEB Sight: Hiding Windows API Imports With a Custom Loader
- A Brief Survey of Code Obfuscation Techniques
- 100% evasion - Write a crypter in any language to bypass AV – Sam's Hacking Wonderland
youtube
- (6) TheSphinx - YouTube
- (6) Joey Abrams - YouTube
- (6) w3w3w3 - YouTube
- (6) Cosmodium CyberSecurity - YouTube
- (6) crow - YouTube
- (6) ActiveXSploit - YouTube
- AMSI.fail
malware analysis
tools
- matterpreter/DefenderCheck: Identifies the bytes that Microsoft Defender flags on.
- rasta-mouse/ThreatCheck: Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.
- Feodo Tracker
- SSLBL | Detecting malicious SSL connections
- URLhaus | Malware URL exchange
- ThreatFox | Share Indicators Of Compromise (IOCs)
- Sysinternals Utilities - Sysinternals | Microsoft Learn
sandboxes
- ANY.RUN - Interactive Online Malware Sandbox
- Free Automated Malware Analysis Service - powered by Falcon Sandbox
- VirusTotal - Home
resources
- ytisf/theZoo: A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
- Malpedia (Fraunhofer FKIE)
- MalwareBazaar | Malware sample exchange
- Vitali Kremez | Ethical Hacker | Reverse Engineer
- zerosum0x0
- MalwareTech
- albertzsigovits/malware-writeups: Personal research and publication on malware families
- kh4sh3i/Ransomware-Samples: Small collection of Ransomware organized by family.
- MalShare
- Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
shells
- Online - Reverse Shell Generator
- php-reverse-shell/php-reverse-shell.php at master · pentestmonkey/php-reverse-shell
miscellaneous
- CyberChef
- WeTransfer - Send Large Files & Share Photos Online - Up to 2GB Free
- 4shared.com - free file sharing and storage
- Transfer Big Files Free - Email or Send Large Files
- Pastebin.com - #1 paste tool since 2002!
- Barcode Reader. Free Online Web Application
- rot13.com
- Vigenere Cipher - Online Decoder, Encoder, Solver, Translator
- Brainfuck Language - Online Decoder, Translator, Interpreter
- Online JavaScript beautifier
- iLovePDF | Online PDF tools for PDF lovers
- Compress JPEG Images Online
- Compress images online - Reduce your image size online and for free
blogs & resources
blogs
- Hacking Articles - Raj Chandel's Blog
- Web Security Blog - PortSwigger
- The DigiNinja Blog - DigiNinja
- Blog | hackers-arise
- Home | S3cur3Th1sSh1t
- TECH BLOG — Improsec | improving security
- Ethical hacking and penetration testing - InfoSec, IT, Kali Linux, BlackArch
- Shell is Only the Beginning
- ihazomgsecurityskillz
- Become a bug bounty hunter - Learn about web application vulnerabilities and how to find them on bug bounty programs | BugBountyHunter.com
- Help Net Security - Cybersecurity News
- NCC Group Research Blog | Making the world safer and more secure
- Research | Trellix Stories
- Andrey Konovalov | Andrey Konovalov
- The Journey to Try Harder: TJnull’s Preparation Guide for PEN-200 PWK/OSCP 2.0 | NetSec Focus
- Guide To Using Reverse Image Search For Investigations - bellingcat
youtube
- (6) Marcus Hutchins - YouTube
- (6) Black Hat - YouTube
- (6) DEFCONConference - YouTube
- (6) IppSec - YouTube
- (6) John Hammond - YouTube
- (6) NetworkChuck - YouTube
- (6) The Cyber Mentor - YouTube
- (6) HackerSploit - YouTube
- (6) David Bombal - YouTube
- (6) InsiderPhD - YouTube
- (6) jhaddix - YouTube
- (6) Tom Hudson - YouTube
- (6) STÖK - YouTube
- (6) Hak5 - YouTube
- (6) Null Byte - YouTube
- (6) LiveOverflow - YouTube
- (6) NahamSec - YouTube
- (6) zSecurity - YouTube
- MITRE ATT&CK®
forums
- 0x00sec - The Home of the Hacker
obfuscation
command prompt
- danielbohannon/Invoke-DOSfuscation: Cmd.exe Command Obfuscation Generator & Detection Test Harness
python
- Oxyry Python Obfuscator - The most reliable python obfuscator in the world
- pyarmor · PyPI
- PyObfx/PyObfx: Python Obfuscator & Packer
php
- PHP Obfuscator
powershell
- danielbohannon/Invoke-Obfuscation: PowerShell Obfuscator
- JoelGMSec/Invoke-Stealth: Simple & Powerful PowerShell Script Obfuscator
- tokyoneon/Chimera: Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
javascript
- JS Obfuscator
C/C++
- C/C++ Obfuscator - Obfuscate your C/C++ source code for free and online
.NET
- yck1509/ConfuserEx: An open-source, free protector for .NET applications
privilege escalation
windows
- PEASS-ng/winPEAS at master · carlospolop/PEASS-ng · GitHub
- itm4n/PrivescCheck: Privilege Escalation Enumeration Script for Windows
- bitsadmin/wesng: Windows Exploit Suggester - Next Generation
- GhostPack/Seatbelt: Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
linux
- PEASS-ng/linPEAS at master · carlospolop/PEASS-ng · GitHub
- rebootuser/LinEnum: Scripted Local Linux Enumeration & Privilege Escalation Checks
- The-Z-Labs/linux-exploit-suggester: Linux privilege escalation auditing tool
- diego-treitos/linux-smart-enumeration: Linux enumeration tool for pentesting and CTFs with verbosity levels
- linted/linuxprivchecker: linuxprivchecker.py -- a Linux Privilege Escalation Check Script
passwords, hashes & wordlists
default passwords
- Default Passwords | CIRT.net
- List of Router Default Passwords For All Brands [Tried & Tested]
wordlists
- Mebus/cupp: Common User Passwords Profiler (CUPP)
- danielmiessler/SecLists: SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
- Assetnote Wordlists
- digininja/CeWL: CeWL is a Custom Word List Generator
cracking
- Hashkiller.io - List Manager
- CrackStation - Online Password Hash Cracking - MD5, SHA1, Linux, Rainbow Tables, etc.
- SHAttered
- Online Password Hash Crack - MD5 NTLM Wordpress Joomla WPA PMKID, Office, iTunes, Archive, ..
- RsaCtfTool/RsaCtfTool: RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data
- example_hashes [hashcat wiki]
- Cmd5 - MD5 Online ,MD5 Decryption, MD5 Hash Decoder
- GPUHASH.me - online WPA/WPA2 PMKID cracker and MD5,SHA1,SHA256,MD5CRYPT,NTLM,bcrypt,vBulletin,IPB,BTC/LTC wallet password recovery
- Recovery of Password from Office documents (XLSX / DOCX), ZIP files and Hashes (Cisco, SHA1, MD5)
- Md5 Online Decrypt & Encrypt - Compare your hash with our Database
- Decrypt MD5, SHA1, MySQL, NTLM, SHA256, SHA512, Wordpress, Bcrypt hashes for free online
practice
- TryHackMe | Cyber Security Training
- Hack The Box: Hacking Training For The Best | Individuals & Companies
- Vulnerable By Design ~ VulnHub
- Web Security Academy: Free Online Training from PortSwigger
- OverTheWire: Wargames
- Command Challenge!
- Proving Grounds: Virtual Pentesting Labs | Offensive Security
- Virtual Hacking Labs | Penetration Testing Training Labs & Courses
- Hack This Site
- PentesterLab: Our exercises
- HBH: Learn how hackers break in, and how to keep them out.
- Free Cybersecurity Training and Career Development | Cybrary
- https://amanhardikar.com/mindmaps/Practice.html
Bookmarks Toolbar
offensive-bookmarks
OSINT
individuals
- PimEyes: Face Recognition Search Engine and Reverse Image Search
- Username Search - Social Media Profile Lookup - IDCrawl
- CheckUsernames - Social Media Username Search by KnowEm
- FaceCheck - Reverse Image Search - Face Recognition Search Engine
- NameCheckup - Find Available Username
- WhatsMyName Web
- pictriev, face search engine
companies
- crt.sh | Certificate Search
- DNSdumpster.com - dns recon and research, find and lookup dns records
- 28 Online Vulnerability Scanners & Network Tools | HackerTarget.com
- Phonebook.cz - Intelligence X
- WHOIS Search, Domain Name, Website, and IP Tools - Who.is
- intoDNS: checks DNS and mail servers health
- URL and website scanner - urlscan.io
- Webpage archive
- Internet Archive: Digital Library of Free & Borrowable Books, Movies, Music & Wayback Machine
- BuiltWith Technology Lookup
- Hurricane Electric BGP Toolkit
- WordPress Recon and Security Testing | wprecon.com – Online WordPress Testing Tool to discover security related information and configuration issues.
- PageSpeed Insights
- Entrust Certificate Search - Entrust, Inc.
- Analyse your HTTP response headers
- IP and Domain Reputation Center || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
- Crunchbase: Discover innovative companies and the people behind them
- OSINT.SH - All in one Information Gathering Tools
- MAC Address Vendor Lookup | MAC Address Lookup
- Home | MAC Vendor Lookup Tool & API | MACVendors.com
emails
- Have I Been Pwned: Check if your email has been compromised in a data breach
- Temp Mail – The Best Temp Email Inbox
- Temp Mail - Temporary Email
- Find email addresses in seconds • Hunter (Email Hunter)
- Epieos, the ultimate OSINT tool
- Email Reputation Check, Email Risk Score Check | APIVoid
- Email Finder • Free email search for B2B sales | Snov.io
search engines
- Shodan Search Engine
- Exposure Management and Threat Hunting Solutions | Censys
- Google
- Yandex
- Yahoo Search - Web Search
- DuckDuckGo — Privacy, simplified.
- Home - ZoomEye really mapping,global leader of cyberspace mapping
- GreyNoise Visualizer
- SerpApi: Google Search API
- Google Hacking Database (GHDB) - Google Dorks, OSINT, Recon
geolocation
- Locate IP Address Lookup
- Online photo metadata and EXIF data viewer | Jimpl
- Photo Location & Online EXIF Data Viewer - Pic 2 Map
cameras
- Insecam - World biggest online cameras directory
- EarthCam - Webcam Network
wireless
- WiGLE: Wireless Network Mapping
- OSINT Framework
- jivoi/awesome-osint: A curated list of amazingly awesome OSINT
- smicallef/spiderfoot: SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
cheat sheets
web
- payloadbox/xss-payload-list: 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
- https://security.love/CSRF-PoC-Genorator/
- Bug Bounty Cheatsheet
- swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF
- dwisiswant0/awesome-oneliner-bugbounty: A collection of awesome one-liner scripts especially for bug bounty tips.
- daffainfo/AllAboutBugBounty: All about bug bounty (bypasses, payloads, and etc)
- GTFOBins
- LOLBAS
- HackTricks - HackTricks
- blackc03r/OSCP-Cheatsheets: OSCP Cheatsheets
- Nmap Cheat Sheet 2023: All the Commands, Flags & Switches
- infosecn1nja/AD-Attack-Defense: Attack and defend active directory using modern post exploitation adversary tradecraft activity
- File Signatures
- explainshell.com - match command-line arguments to their help text
- Cheat Sheets | pentestmonkey
- Red Teaming Toolkit Collection -
malware development
code repos
- adamyaxley/Obfuscate: Guaranteed compile-time string literal obfuscation header-only library for C++14
- JustasMasiulis/inline_syscall: Inline syscalls made easy for windows on clang
- cinzinga/Evasion-Practice: A variety of AV evasion techniques written in C# for practice.
- jthuraisamy/SysWhispers: AV/EDR evasion via direct system calls.
- vxunderground/MalwareSourceCode: Collection of malware source code for a variety of platforms in an array of different programming languages.
- tarcisio-marinho/GonnaCry: A Linux Ransomware
- EgeBalci/EGESPLOIT: EGESPLOIT is a golang library for malware development
- cobbr/SharpSploit: SharpSploit is a .NET post-exploitation library written in C#
- not-sekiun/PyIris: PyIris is a modular remote access trojan toolkit written in python targeting Windows and Linux systems.
- dmdhrumilmistry/pyhtools: A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.
- cdong1012/Rust-Ransomware: Ransomware written in Rust
- cocomelonc/peekaboo: Simple undetectable shellcode and code injector launcher example. Inspired by RTO malware development course.
- safesploit/PythonRAT: Command and Control (C2) server with backdoor acting as Remote Administration Trojan (RAT) written in Python3
- MrTuxx/OffensiveGolang: A collection of offensive Go packages inspired by different Go repositories.
- EddieIvan01/memexec: A library for loading and executing PE (Portable Executable) from memory without ever touching the disk
- Mahmoud7Osman/CVenom: CVenom is An Ultra Easy-To-Use Cross-Platform Malware Development Framework For Advanced Malware Development
- alichtman/malware-techniques: A collection of techniques commonly used in malware to accomplish core tasks.
- MalDev101/Loveware: Community driven computer worm
- LordNoteworthy/al-khaser: Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
- rootkit-io/awesome-malware-development: Organized list of my malware development resources
- sevagas/macro_pack: macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.
- outflanknl/EvilClippy: A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
- Mr-Un1k0d3r/UniByAv
- govolution/avet: AntiVirus Evasion Tool
- gentilkiwi/mimikatz: A little tool to play with Windows security
- huntergregal/mimipenguin: A tool to dump the login password from the current linux user
- skelsec/pypykatz: Mimikatz implementation in pure Python
- mkaring/ConfuserEx: An open-source, free protector for .NET applications
- tkmru/awesome-linux-rootkits: a summary of linux rootkits published on GitHub
- CheckPointSW/Evasions: Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into categories for ease of searching and understanding. Also provided are code samples, signature recommendations and countermeasures within each category for the described techniques.
- 3intermute/linux_syscall_hook: system call hooking on arm64 linux via a variety of methods
- packing-box/awesome-executable-packing: A curated list of awesome resources related to executable packing
- ElliotAlderson51/Fsociety-RAT: Fsociety RAT, The Open Source C++ Remote Administration Tool (RAT)
- s9rA16Bf4/go-evil: Customizing evil has never been so easy
- S3cur3Th1sSh1t/OffensiveVBA: This repo covers some code execution and AV Evasion methods for Macros in Office documents
- S3cur3Th1sSh1t/Amsi-Bypass-Powershell: This repo contains some Amsi Bypass methods i found on different Blog Posts.
- hfiref0x/UACME: Defeating Windows User Account Control
blogs
- TheXcellerator
- vx-underground
- 0xPat blog – Red/purple teamer
- The Wover – Red Teaming, .NET, and random computing topics
- cocomelonc
- Malware Development – Welcome to the Dark Side: Part 1 - Checkmate
- TMZ Lair - Underground Coding
- The Art of Malware
- Evasion techniques
- https://smarinovic.github.io/
- Capt. Meelo
- How to Build Obfuscated Macros for your Next Social Engineering Campaign
- Malicious Macros for Script Kiddies - TrustedSec
- XIT – Medium
- Linux.Midrashim: Assembly x64 ELF virus | TMZ Lair - Underground Coding
- Creating a Rootkit to Learn C - The Human Machine Interface
- (nearly) Complete Linux Loadable Kernel Modules
- Engineering antivirus evasion – Sec Team Blog
- Hidden in PEB Sight: Hiding Windows API Imports With a Custom Loader
- A Brief Survey of Code Obfuscation Techniques
- 100% evasion - Write a crypter in any language to bypass AV – Sam's Hacking Wonderland
youtube
- (6) TheSphinx - YouTube
- (6) Joey Abrams - YouTube
- (6) w3w3w3 - YouTube
- (6) Cosmodium CyberSecurity - YouTube
- (6) crow - YouTube
- (6) ActiveXSploit - YouTube
- AMSI.fail
malware analysis
tools
- matterpreter/DefenderCheck: Identifies the bytes that Microsoft Defender flags on.
- rasta-mouse/ThreatCheck: Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.
- Feodo Tracker
- SSLBL | Detecting malicious SSL connections
- URLhaus | Malware URL exchange
- ThreatFox | Share Indicators Of Compromise (IOCs)
- Sysinternals Utilities - Sysinternals | Microsoft Learn
sandboxes
- ANY.RUN - Interactive Online Malware Sandbox
- Free Automated Malware Analysis Service - powered by Falcon Sandbox
- VirusTotal - Home
resources
- ytisf/theZoo: A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
- Malpedia (Fraunhofer FKIE)
- MalwareBazaar | Malware sample exchange
- Vitali Kremez | Ethical Hacker | Reverse Engineer
- zerosum0x0
- MalwareTech
- albertzsigovits/malware-writeups: Personal research and publication on malware families
- kh4sh3i/Ransomware-Samples: Small collection of Ransomware organized by family.
- MalShare
- Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
shells
- Online - Reverse Shell Generator
- php-reverse-shell/php-reverse-shell.php at master · pentestmonkey/php-reverse-shell
miscellaneous
- CyberChef
- WeTransfer - Send Large Files & Share Photos Online - Up to 2GB Free
- 4shared.com - free file sharing and storage
- Transfer Big Files Free - Email or Send Large Files
- Pastebin.com - #1 paste tool since 2002!
- Barcode Reader. Free Online Web Application
- rot13.com
- Vigenere Cipher - Online Decoder, Encoder, Solver, Translator
- Brainfuck Language - Online Decoder, Translator, Interpreter
- Online JavaScript beautifier
- iLovePDF | Online PDF tools for PDF lovers
- Compress JPEG Images Online
- Compress images online - Reduce your image size online and for free
blogs & resources
blogs
- Hacking Articles - Raj Chandel's Blog
- Web Security Blog - PortSwigger
- The DigiNinja Blog - DigiNinja
- Blog | hackers-arise
- Home | S3cur3Th1sSh1t
- TECH BLOG — Improsec | improving security
- Ethical hacking and penetration testing - InfoSec, IT, Kali Linux, BlackArch
- Shell is Only the Beginning
- ihazomgsecurityskillz
- Become a bug bounty hunter - Learn about web application vulnerabilities and how to find them on bug bounty programs | BugBountyHunter.com
- Help Net Security - Cybersecurity News
- NCC Group Research Blog | Making the world safer and more secure
- Research | Trellix Stories
- Andrey Konovalov | Andrey Konovalov
- The Journey to Try Harder: TJnull’s Preparation Guide for PEN-200 PWK/OSCP 2.0 | NetSec Focus
- Guide To Using Reverse Image Search For Investigations - bellingcat
youtube
- (6) Marcus Hutchins - YouTube
- (6) Black Hat - YouTube
- (6) DEFCONConference - YouTube
- (6) IppSec - YouTube
- (6) John Hammond - YouTube
- (6) NetworkChuck - YouTube
- (6) The Cyber Mentor - YouTube
- (6) HackerSploit - YouTube
- (6) David Bombal - YouTube
- (6) InsiderPhD - YouTube
- (6) jhaddix - YouTube
- (6) Tom Hudson - YouTube
- (6) STÖK - YouTube
- (6) Hak5 - YouTube
- (6) Null Byte - YouTube
- (6) LiveOverflow - YouTube
- (6) NahamSec - YouTube
- (6) zSecurity - YouTube
- MITRE ATT&CK®
forums
- 0x00sec - The Home of the Hacker
obfuscation
command prompt
- danielbohannon/Invoke-DOSfuscation: Cmd.exe Command Obfuscation Generator & Detection Test Harness
python
- Oxyry Python Obfuscator - The most reliable python obfuscator in the world
- pyarmor · PyPI
- PyObfx/PyObfx: Python Obfuscator & Packer
php
- PHP Obfuscator
powershell
- danielbohannon/Invoke-Obfuscation: PowerShell Obfuscator
- JoelGMSec/Invoke-Stealth: Simple & Powerful PowerShell Script Obfuscator
- tokyoneon/Chimera: Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
javascript
- JS Obfuscator
C/C++
- C/C++ Obfuscator - Obfuscate your C/C++ source code for free and online
.NET
- yck1509/ConfuserEx: An open-source, free protector for .NET applications
privilege escalation
windows
- PEASS-ng/winPEAS at master · carlospolop/PEASS-ng · GitHub
- itm4n/PrivescCheck: Privilege Escalation Enumeration Script for Windows
- bitsadmin/wesng: Windows Exploit Suggester - Next Generation
- GhostPack/Seatbelt: Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
linux
- PEASS-ng/linPEAS at master · carlospolop/PEASS-ng · GitHub
- rebootuser/LinEnum: Scripted Local Linux Enumeration & Privilege Escalation Checks
- The-Z-Labs/linux-exploit-suggester: Linux privilege escalation auditing tool
- diego-treitos/linux-smart-enumeration: Linux enumeration tool for pentesting and CTFs with verbosity levels
- linted/linuxprivchecker: linuxprivchecker.py -- a Linux Privilege Escalation Check Script
passwords, hashes & wordlists
default passwords
- Default Passwords | CIRT.net
- List of Router Default Passwords For All Brands [Tried & Tested]
wordlists
- Mebus/cupp: Common User Passwords Profiler (CUPP)
- danielmiessler/SecLists: SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
- Assetnote Wordlists
- digininja/CeWL: CeWL is a Custom Word List Generator
cracking
- Hashkiller.io - List Manager
- CrackStation - Online Password Hash Cracking - MD5, SHA1, Linux, Rainbow Tables, etc.
- SHAttered
- Online Password Hash Crack - MD5 NTLM Wordpress Joomla WPA PMKID, Office, iTunes, Archive, ..
- RsaCtfTool/RsaCtfTool: RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data
- example_hashes [hashcat wiki]
- Cmd5 - MD5 Online ,MD5 Decryption, MD5 Hash Decoder
- GPUHASH.me - online WPA/WPA2 PMKID cracker and MD5,SHA1,SHA256,MD5CRYPT,NTLM,bcrypt,vBulletin,IPB,BTC/LTC wallet password recovery
- Recovery of Password from Office documents (XLSX / DOCX), ZIP files and Hashes (Cisco, SHA1, MD5)
- Md5 Online Decrypt & Encrypt - Compare your hash with our Database
- Decrypt MD5, SHA1, MySQL, NTLM, SHA256, SHA512, Wordpress, Bcrypt hashes for free online
practice
- TryHackMe | Cyber Security Training
- Hack The Box: Hacking Training For The Best | Individuals & Companies
- Vulnerable By Design ~ VulnHub
- Web Security Academy: Free Online Training from PortSwigger
- OverTheWire: Wargames
- Command Challenge!
- Proving Grounds: Virtual Pentesting Labs | Offensive Security
- Virtual Hacking Labs | Penetration Testing Training Labs & Courses
- Hack This Site
- PentesterLab: Our exercises
- HBH: Learn how hackers break in, and how to keep them out.
- Free Cybersecurity Training and Career Development | Cybrary
- https://amanhardikar.com/mindmaps/Practice.html