Bookmarks Menu

Mozilla Firefox

Get Help

Customize Firefox

Get Involved

About Us

Mozilla Firefox

Get Help

Customize Firefox

Get Involved

About Us

Bookmarks Toolbar

offensive-bookmarks

OSINT

individuals

PimEyes: Face Recognition Search Engine and Reverse Image Search

Username Search - Social Media Profile Lookup - IDCrawl

CheckUsernames - Social Media Username Search by KnowEm

FaceCheck - Reverse Image Search - Face Recognition Search Engine

NameCheckup - Find Available Username

WhatsMyName Web

pictriev, face search engine

companies

crt.sh | Certificate Search

DNSdumpster.com - dns recon and research, find and lookup dns records

28 Online Vulnerability Scanners & Network Tools | HackerTarget.com

Phonebook.cz - Intelligence X

WHOIS Search, Domain Name, Website, and IP Tools - Who.is

intoDNS: checks DNS and mail servers health

URL and website scanner - urlscan.io

Webpage archive

Internet Archive: Digital Library of Free & Borrowable Books, Movies, Music & Wayback Machine

BuiltWith Technology Lookup

Hurricane Electric BGP Toolkit

WordPress Recon and Security Testing | wprecon.com – Online WordPress Testing Tool to discover security related information and configuration issues.

PageSpeed Insights

Entrust Certificate Search - Entrust, Inc.

Analyse your HTTP response headers

IP and Domain Reputation Center || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence

Crunchbase: Discover innovative companies and the people behind them

OSINT.SH - All in one Information Gathering Tools

MAC Address Vendor Lookup | MAC Address Lookup

Home | MAC Vendor Lookup Tool & API | MACVendors.com

emails

Have I Been Pwned: Check if your email has been compromised in a data breach

Temp Mail – The Best Temp Email Inbox

Temp Mail - Temporary Email

Find email addresses in seconds • Hunter (Email Hunter)

Epieos, the ultimate OSINT tool

Email Reputation Check, Email Risk Score Check | APIVoid

Email Finder • Free email search for B2B sales | Snov.io

search engines

Shodan Search Engine

Exposure Management and Threat Hunting Solutions | Censys

Google

Yandex

Yahoo Search - Web Search

DuckDuckGo — Privacy, simplified.

Home - ZoomEye really mapping,global leader of cyberspace mapping

GreyNoise Visualizer

SerpApi: Google Search API

Google Hacking Database (GHDB) - Google Dorks, OSINT, Recon

geolocation

Locate IP Address Lookup

Online photo metadata and EXIF data viewer | Jimpl

Photo Location & Online EXIF Data Viewer - Pic 2 Map

cameras

Insecam - World biggest online cameras directory

EarthCam - Webcam Network

wireless

WiGLE: Wireless Network Mapping

OSINT Framework

jivoi/awesome-osint: A curated list of amazingly awesome OSINT

cheat sheets

web

payloadbox/xss-payload-list: 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

https://security.love/CSRF-PoC-Genorator/

Bug Bounty Cheatsheet

swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF

dwisiswant0/awesome-oneliner-bugbounty: A collection of awesome one-liner scripts especially for bug bounty tips.

daffainfo/AllAboutBugBounty: All about bug bounty (bypasses, payloads, and etc)

GTFOBins

LOLBAS

HackTricks - HackTricks

blackc03r/OSCP-Cheatsheets: OSCP Cheatsheets

Nmap Cheat Sheet 2023: All the Commands, Flags & Switches

infosecn1nja/AD-Attack-Defense: Attack and defend active directory using modern post exploitation adversary tradecraft activity

File Signatures

explainshell.com - match command-line arguments to their help text

Cheat Sheets | pentestmonkey

Red Teaming Toolkit Collection -

malware development

code repos

adamyaxley/Obfuscate: Guaranteed compile-time string literal obfuscation header-only library for C++14

JustasMasiulis/inline_syscall: Inline syscalls made easy for windows on clang

cinzinga/Evasion-Practice: A variety of AV evasion techniques written in C# for practice.

jthuraisamy/SysWhispers: AV/EDR evasion via direct system calls.

vxunderground/MalwareSourceCode: Collection of malware source code for a variety of platforms in an array of different programming languages.

tarcisio-marinho/GonnaCry: A Linux Ransomware

EgeBalci/EGESPLOIT: EGESPLOIT is a golang library for malware development

cobbr/SharpSploit: SharpSploit is a .NET post-exploitation library written in C#

not-sekiun/PyIris: PyIris is a modular remote access trojan toolkit written in python targeting Windows and Linux systems.

dmdhrumilmistry/pyhtools: A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.

cdong1012/Rust-Ransomware: Ransomware written in Rust

cocomelonc/peekaboo: Simple undetectable shellcode and code injector launcher example. Inspired by RTO malware development course.

safesploit/PythonRAT: Command and Control (C2) server with backdoor acting as Remote Administration Trojan (RAT) written in Python3

MrTuxx/OffensiveGolang: A collection of offensive Go packages inspired by different Go repositories.

EddieIvan01/memexec: A library for loading and executing PE (Portable Executable) from memory without ever touching the disk

Mahmoud7Osman/CVenom: CVenom is An Ultra Easy-To-Use Cross-Platform Malware Development Framework For Advanced Malware Development

alichtman/malware-techniques: A collection of techniques commonly used in malware to accomplish core tasks.

MalDev101/Loveware: Community driven computer worm

LordNoteworthy/al-khaser: Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

rootkit-io/awesome-malware-development: Organized list of my malware development resources

sevagas/macro_pack: macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.

outflanknl/EvilClippy: A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.

Mr-Un1k0d3r/UniByAv

govolution/avet: AntiVirus Evasion Tool

gentilkiwi/mimikatz: A little tool to play with Windows security

huntergregal/mimipenguin: A tool to dump the login password from the current linux user

skelsec/pypykatz: Mimikatz implementation in pure Python

mkaring/ConfuserEx: An open-source, free protector for .NET applications

tkmru/awesome-linux-rootkits: a summary of linux rootkits published on GitHub

CheckPointSW/Evasions: Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into categories for ease of searching and understanding. Also provided are code samples, signature recommendations and countermeasures within each category for the described techniques.

3intermute/linux_syscall_hook: system call hooking on arm64 linux via a variety of methods

packing-box/awesome-executable-packing: A curated list of awesome resources related to executable packing

ElliotAlderson51/Fsociety-RAT: Fsociety RAT, The Open Source C++ Remote Administration Tool (RAT)

s9rA16Bf4/go-evil: Customizing evil has never been so easy

S3cur3Th1sSh1t/OffensiveVBA: This repo covers some code execution and AV Evasion methods for Macros in Office documents

S3cur3Th1sSh1t/Amsi-Bypass-Powershell: This repo contains some Amsi Bypass methods i found on different Blog Posts.

hfiref0x/UACME: Defeating Windows User Account Control

blogs

TheXcellerator

vx-underground

0xPat blog – Red/purple teamer

The Wover – Red Teaming, .NET, and random computing topics

cocomelonc

Malware Development – Welcome to the Dark Side: Part 1 - Checkmate

TMZ Lair - Underground Coding

The Art of Malware

Evasion techniques

https://smarinovic.github.io/

Capt. Meelo

How to Build Obfuscated Macros for your Next Social Engineering Campaign

Malicious Macros for Script Kiddies - TrustedSec

XIT – Medium

Linux.Midrashim: Assembly x64 ELF virus | TMZ Lair - Underground Coding

Creating a Rootkit to Learn C - The Human Machine Interface

(nearly) Complete Linux Loadable Kernel Modules

Engineering antivirus evasion – Sec Team Blog

Hidden in PEB Sight: Hiding Windows API Imports With a Custom Loader

A Brief Survey of Code Obfuscation Techniques

100% evasion - Write a crypter in any language to bypass AV – Sam's Hacking Wonderland

youtube

(6) TheSphinx - YouTube

(6) Joey Abrams - YouTube

(6) w3w3w3 - YouTube

(6) Cosmodium CyberSecurity - YouTube

(6) crow - YouTube

(6) ActiveXSploit - YouTube

AMSI.fail

malware analysis

tools

matterpreter/DefenderCheck: Identifies the bytes that Microsoft Defender flags on.

rasta-mouse/ThreatCheck: Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.

Feodo Tracker

SSLBL | Detecting malicious SSL connections

URLhaus | Malware URL exchange

ThreatFox | Share Indicators Of Compromise (IOCs)

Sysinternals Utilities - Sysinternals | Microsoft Learn

sandboxes

ANY.RUN - Interactive Online Malware Sandbox

Free Automated Malware Analysis Service - powered by Falcon Sandbox

VirusTotal - Home

resources

ytisf/theZoo: A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

Malpedia (Fraunhofer FKIE)

MalwareBazaar | Malware sample exchange

Vitali Kremez | Ethical Hacker | Reverse Engineer

zerosum0x0

MalwareTech

albertzsigovits/malware-writeups: Personal research and publication on malware families

kh4sh3i/Ransomware-Samples: Small collection of Ransomware organized by family.

MalShare

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence

shells

Online - Reverse Shell Generator

php-reverse-shell/php-reverse-shell.php at master · pentestmonkey/php-reverse-shell

miscellaneous

CyberChef

WeTransfer - Send Large Files & Share Photos Online - Up to 2GB Free

4shared.com - free file sharing and storage

Transfer Big Files Free - Email or Send Large Files

Pastebin.com - #1 paste tool since 2002!

Barcode Reader. Free Online Web Application

rot13.com

Vigenere Cipher - Online Decoder, Encoder, Solver, Translator

Brainfuck Language - Online Decoder, Translator, Interpreter

Online JavaScript beautifier

iLovePDF | Online PDF tools for PDF lovers

Compress JPEG Images Online

Compress images online - Reduce your image size online and for free

blogs & resources

blogs

Hacking Articles - Raj Chandel's Blog

Web Security Blog - PortSwigger

The DigiNinja Blog - DigiNinja

Blog | hackers-arise

Home | S3cur3Th1sSh1t

TECH BLOG — Improsec | improving security

Ethical hacking and penetration testing - InfoSec, IT, Kali Linux, BlackArch

Shell is Only the Beginning

ihazomgsecurityskillz

Become a bug bounty hunter - Learn about web application vulnerabilities and how to find them on bug bounty programs | BugBountyHunter.com

Help Net Security - Cybersecurity News

NCC Group Research Blog | Making the world safer and more secure

Research | Trellix Stories

Andrey Konovalov | Andrey Konovalov

The Journey to Try Harder: TJnull’s Preparation Guide for PEN-200 PWK/OSCP 2.0 | NetSec Focus

Guide To Using Reverse Image Search For Investigations - bellingcat

youtube

(6) Marcus Hutchins - YouTube

(6) Black Hat - YouTube

(6) DEFCONConference - YouTube

(6) IppSec - YouTube

(6) John Hammond - YouTube

(6) NetworkChuck - YouTube

(6) The Cyber Mentor - YouTube

(6) HackerSploit - YouTube

(6) David Bombal - YouTube

(6) InsiderPhD - YouTube

(6) jhaddix - YouTube

(6) Tom Hudson - YouTube

(6) STÖK - YouTube

(6) Hak5 - YouTube

(6) Null Byte - YouTube

(6) LiveOverflow - YouTube

(6) NahamSec - YouTube

(6) zSecurity - YouTube

MITRE ATT&CK®

forums

0x00sec - The Home of the Hacker

obfuscation

command prompt

danielbohannon/Invoke-DOSfuscation: Cmd.exe Command Obfuscation Generator & Detection Test Harness

python

Oxyry Python Obfuscator - The most reliable python obfuscator in the world

pyarmor · PyPI

PyObfx/PyObfx: Python Obfuscator & Packer

php

PHP Obfuscator

powershell

danielbohannon/Invoke-Obfuscation: PowerShell Obfuscator

JoelGMSec/Invoke-Stealth: Simple & Powerful PowerShell Script Obfuscator

tokyoneon/Chimera: Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

javascript

JS Obfuscator

C/C++

C/C++ Obfuscator - Obfuscate your C/C++ source code for free and online

.NET

yck1509/ConfuserEx: An open-source, free protector for .NET applications

privilege escalation

windows

PEASS-ng/winPEAS at master · carlospolop/PEASS-ng · GitHub

itm4n/PrivescCheck: Privilege Escalation Enumeration Script for Windows

bitsadmin/wesng: Windows Exploit Suggester - Next Generation

GhostPack/Seatbelt: Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

linux

PEASS-ng/linPEAS at master · carlospolop/PEASS-ng · GitHub

rebootuser/LinEnum: Scripted Local Linux Enumeration & Privilege Escalation Checks

The-Z-Labs/linux-exploit-suggester: Linux privilege escalation auditing tool

diego-treitos/linux-smart-enumeration: Linux enumeration tool for pentesting and CTFs with verbosity levels

linted/linuxprivchecker: linuxprivchecker.py -- a Linux Privilege Escalation Check Script

passwords, hashes & wordlists

default passwords

Default Passwords | CIRT.net

List of Router Default Passwords For All Brands [Tried & Tested]

wordlists

Mebus/cupp: Common User Passwords Profiler (CUPP)

danielmiessler/SecLists: SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

Assetnote Wordlists

digininja/CeWL: CeWL is a Custom Word List Generator

cracking

Hashkiller.io - List Manager

CrackStation - Online Password Hash Cracking - MD5, SHA1, Linux, Rainbow Tables, etc.

SHAttered

Online Password Hash Crack - MD5 NTLM Wordpress Joomla WPA PMKID, Office, iTunes, Archive, ..

RsaCtfTool/RsaCtfTool: RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data

example_hashes [hashcat wiki]

Cmd5 - MD5 Online ,MD5 Decryption, MD5 Hash Decoder

GPUHASH.me - online WPA/WPA2 PMKID cracker and MD5,SHA1,SHA256,MD5CRYPT,NTLM,bcrypt,vBulletin,IPB,BTC/LTC wallet password recovery

Recovery of Password from Office documents (XLSX / DOCX), ZIP files and Hashes (Cisco, SHA1, MD5)

Md5 Online Decrypt & Encrypt - Compare your hash with our Database

Decrypt MD5, SHA1, MySQL, NTLM, SHA256, SHA512, Wordpress, Bcrypt hashes for free online

practice

TryHackMe | Cyber Security Training

Hack The Box: Hacking Training For The Best | Individuals & Companies

Vulnerable By Design ~ VulnHub

Web Security Academy: Free Online Training from PortSwigger

OverTheWire: Wargames

Command Challenge!

Proving Grounds: Virtual Pentesting Labs | Offensive Security

Virtual Hacking Labs | Penetration Testing Training Labs & Courses

Hack This Site

PentesterLab: Our exercises

HBH: Learn how hackers break in, and how to keep them out.

Free Cybersecurity Training and Career Development | Cybrary

https://amanhardikar.com/mindmaps/Practice.html

Bookmarks Toolbar

offensive-bookmarks

OSINT

individuals

PimEyes: Face Recognition Search Engine and Reverse Image Search

Username Search - Social Media Profile Lookup - IDCrawl

CheckUsernames - Social Media Username Search by KnowEm

FaceCheck - Reverse Image Search - Face Recognition Search Engine

NameCheckup - Find Available Username

WhatsMyName Web

pictriev, face search engine

companies

crt.sh | Certificate Search

DNSdumpster.com - dns recon and research, find and lookup dns records

28 Online Vulnerability Scanners & Network Tools | HackerTarget.com

Phonebook.cz - Intelligence X

WHOIS Search, Domain Name, Website, and IP Tools - Who.is

intoDNS: checks DNS and mail servers health

URL and website scanner - urlscan.io

Webpage archive

Internet Archive: Digital Library of Free & Borrowable Books, Movies, Music & Wayback Machine

BuiltWith Technology Lookup

Hurricane Electric BGP Toolkit

WordPress Recon and Security Testing | wprecon.com – Online WordPress Testing Tool to discover security related information and configuration issues.

PageSpeed Insights

Entrust Certificate Search - Entrust, Inc.

Analyse your HTTP response headers

IP and Domain Reputation Center || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence

Crunchbase: Discover innovative companies and the people behind them

OSINT.SH - All in one Information Gathering Tools

MAC Address Vendor Lookup | MAC Address Lookup

Home | MAC Vendor Lookup Tool & API | MACVendors.com

emails

Have I Been Pwned: Check if your email has been compromised in a data breach

Temp Mail – The Best Temp Email Inbox

Temp Mail - Temporary Email

Find email addresses in seconds • Hunter (Email Hunter)

Epieos, the ultimate OSINT tool

Email Reputation Check, Email Risk Score Check | APIVoid

Email Finder • Free email search for B2B sales | Snov.io

search engines

Shodan Search Engine

Exposure Management and Threat Hunting Solutions | Censys

Google

Yandex

Yahoo Search - Web Search

DuckDuckGo — Privacy, simplified.

Home - ZoomEye really mapping,global leader of cyberspace mapping

GreyNoise Visualizer

SerpApi: Google Search API

Google Hacking Database (GHDB) - Google Dorks, OSINT, Recon

geolocation

Locate IP Address Lookup

Online photo metadata and EXIF data viewer | Jimpl

Photo Location & Online EXIF Data Viewer - Pic 2 Map

cameras

Insecam - World biggest online cameras directory

EarthCam - Webcam Network

wireless

WiGLE: Wireless Network Mapping

OSINT Framework

jivoi/awesome-osint: A curated list of amazingly awesome OSINT

smicallef/spiderfoot: SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

cheat sheets

web

payloadbox/xss-payload-list: 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

https://security.love/CSRF-PoC-Genorator/

Bug Bounty Cheatsheet

swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF

dwisiswant0/awesome-oneliner-bugbounty: A collection of awesome one-liner scripts especially for bug bounty tips.

daffainfo/AllAboutBugBounty: All about bug bounty (bypasses, payloads, and etc)

GTFOBins

LOLBAS

HackTricks - HackTricks

blackc03r/OSCP-Cheatsheets: OSCP Cheatsheets

Nmap Cheat Sheet 2023: All the Commands, Flags & Switches

infosecn1nja/AD-Attack-Defense: Attack and defend active directory using modern post exploitation adversary tradecraft activity

File Signatures

explainshell.com - match command-line arguments to their help text

Cheat Sheets | pentestmonkey

Red Teaming Toolkit Collection -

malware development

code repos

adamyaxley/Obfuscate: Guaranteed compile-time string literal obfuscation header-only library for C++14

JustasMasiulis/inline_syscall: Inline syscalls made easy for windows on clang

cinzinga/Evasion-Practice: A variety of AV evasion techniques written in C# for practice.

jthuraisamy/SysWhispers: AV/EDR evasion via direct system calls.

vxunderground/MalwareSourceCode: Collection of malware source code for a variety of platforms in an array of different programming languages.

tarcisio-marinho/GonnaCry: A Linux Ransomware

EgeBalci/EGESPLOIT: EGESPLOIT is a golang library for malware development

cobbr/SharpSploit: SharpSploit is a .NET post-exploitation library written in C#

not-sekiun/PyIris: PyIris is a modular remote access trojan toolkit written in python targeting Windows and Linux systems.

dmdhrumilmistry/pyhtools: A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.

cdong1012/Rust-Ransomware: Ransomware written in Rust

cocomelonc/peekaboo: Simple undetectable shellcode and code injector launcher example. Inspired by RTO malware development course.

safesploit/PythonRAT: Command and Control (C2) server with backdoor acting as Remote Administration Trojan (RAT) written in Python3

MrTuxx/OffensiveGolang: A collection of offensive Go packages inspired by different Go repositories.

EddieIvan01/memexec: A library for loading and executing PE (Portable Executable) from memory without ever touching the disk

Mahmoud7Osman/CVenom: CVenom is An Ultra Easy-To-Use Cross-Platform Malware Development Framework For Advanced Malware Development

alichtman/malware-techniques: A collection of techniques commonly used in malware to accomplish core tasks.

MalDev101/Loveware: Community driven computer worm

LordNoteworthy/al-khaser: Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

rootkit-io/awesome-malware-development: Organized list of my malware development resources

sevagas/macro_pack: macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.

outflanknl/EvilClippy: A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.

Mr-Un1k0d3r/UniByAv

govolution/avet: AntiVirus Evasion Tool

gentilkiwi/mimikatz: A little tool to play with Windows security

huntergregal/mimipenguin: A tool to dump the login password from the current linux user

skelsec/pypykatz: Mimikatz implementation in pure Python

mkaring/ConfuserEx: An open-source, free protector for .NET applications

tkmru/awesome-linux-rootkits: a summary of linux rootkits published on GitHub

CheckPointSW/Evasions: Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into categories for ease of searching and understanding. Also provided are code samples, signature recommendations and countermeasures within each category for the described techniques.

3intermute/linux_syscall_hook: system call hooking on arm64 linux via a variety of methods

packing-box/awesome-executable-packing: A curated list of awesome resources related to executable packing

ElliotAlderson51/Fsociety-RAT: Fsociety RAT, The Open Source C++ Remote Administration Tool (RAT)

s9rA16Bf4/go-evil: Customizing evil has never been so easy

S3cur3Th1sSh1t/OffensiveVBA: This repo covers some code execution and AV Evasion methods for Macros in Office documents

S3cur3Th1sSh1t/Amsi-Bypass-Powershell: This repo contains some Amsi Bypass methods i found on different Blog Posts.

hfiref0x/UACME: Defeating Windows User Account Control

blogs

TheXcellerator

vx-underground

0xPat blog – Red/purple teamer

The Wover – Red Teaming, .NET, and random computing topics

cocomelonc

Malware Development – Welcome to the Dark Side: Part 1 - Checkmate

TMZ Lair - Underground Coding

The Art of Malware

Evasion techniques

https://smarinovic.github.io/

Capt. Meelo

How to Build Obfuscated Macros for your Next Social Engineering Campaign

Malicious Macros for Script Kiddies - TrustedSec

XIT – Medium

Linux.Midrashim: Assembly x64 ELF virus | TMZ Lair - Underground Coding

Creating a Rootkit to Learn C - The Human Machine Interface

(nearly) Complete Linux Loadable Kernel Modules

Engineering antivirus evasion – Sec Team Blog

Hidden in PEB Sight: Hiding Windows API Imports With a Custom Loader

A Brief Survey of Code Obfuscation Techniques

100% evasion - Write a crypter in any language to bypass AV – Sam's Hacking Wonderland

youtube

(6) TheSphinx - YouTube

(6) Joey Abrams - YouTube

(6) w3w3w3 - YouTube

(6) Cosmodium CyberSecurity - YouTube

(6) crow - YouTube

(6) ActiveXSploit - YouTube

AMSI.fail

malware analysis

tools

matterpreter/DefenderCheck: Identifies the bytes that Microsoft Defender flags on.

rasta-mouse/ThreatCheck: Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.

Feodo Tracker

SSLBL | Detecting malicious SSL connections

URLhaus | Malware URL exchange

ThreatFox | Share Indicators Of Compromise (IOCs)

Sysinternals Utilities - Sysinternals | Microsoft Learn

sandboxes

ANY.RUN - Interactive Online Malware Sandbox

Free Automated Malware Analysis Service - powered by Falcon Sandbox

VirusTotal - Home

resources

ytisf/theZoo: A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

Malpedia (Fraunhofer FKIE)

MalwareBazaar | Malware sample exchange

Vitali Kremez | Ethical Hacker | Reverse Engineer

zerosum0x0

MalwareTech

albertzsigovits/malware-writeups: Personal research and publication on malware families

kh4sh3i/Ransomware-Samples: Small collection of Ransomware organized by family.

MalShare

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence

shells

Online - Reverse Shell Generator

php-reverse-shell/php-reverse-shell.php at master · pentestmonkey/php-reverse-shell

miscellaneous

CyberChef

WeTransfer - Send Large Files & Share Photos Online - Up to 2GB Free

4shared.com - free file sharing and storage

Transfer Big Files Free - Email or Send Large Files

Pastebin.com - #1 paste tool since 2002!

Barcode Reader. Free Online Web Application

rot13.com

Vigenere Cipher - Online Decoder, Encoder, Solver, Translator

Brainfuck Language - Online Decoder, Translator, Interpreter

Online JavaScript beautifier

iLovePDF | Online PDF tools for PDF lovers

Compress JPEG Images Online

Compress images online - Reduce your image size online and for free

blogs & resources

blogs

Hacking Articles - Raj Chandel's Blog

Web Security Blog - PortSwigger

The DigiNinja Blog - DigiNinja

Blog | hackers-arise

Home | S3cur3Th1sSh1t

TECH BLOG — Improsec | improving security

Ethical hacking and penetration testing - InfoSec, IT, Kali Linux, BlackArch

Shell is Only the Beginning

ihazomgsecurityskillz

Become a bug bounty hunter - Learn about web application vulnerabilities and how to find them on bug bounty programs | BugBountyHunter.com

Help Net Security - Cybersecurity News

NCC Group Research Blog | Making the world safer and more secure

Research | Trellix Stories

Andrey Konovalov | Andrey Konovalov

The Journey to Try Harder: TJnull’s Preparation Guide for PEN-200 PWK/OSCP 2.0 | NetSec Focus

Guide To Using Reverse Image Search For Investigations - bellingcat

youtube

(6) Marcus Hutchins - YouTube

(6) Black Hat - YouTube

(6) DEFCONConference - YouTube

(6) IppSec - YouTube

(6) John Hammond - YouTube

(6) NetworkChuck - YouTube

(6) The Cyber Mentor - YouTube

(6) HackerSploit - YouTube

(6) David Bombal - YouTube

(6) InsiderPhD - YouTube

(6) jhaddix - YouTube

(6) Tom Hudson - YouTube

(6) STÖK - YouTube

(6) Hak5 - YouTube

(6) Null Byte - YouTube

(6) LiveOverflow - YouTube

(6) NahamSec - YouTube

(6) zSecurity - YouTube

MITRE ATT&CK®

forums

0x00sec - The Home of the Hacker

obfuscation

command prompt

danielbohannon/Invoke-DOSfuscation: Cmd.exe Command Obfuscation Generator & Detection Test Harness

python

Oxyry Python Obfuscator - The most reliable python obfuscator in the world

pyarmor · PyPI

PyObfx/PyObfx: Python Obfuscator & Packer

php

PHP Obfuscator

powershell

danielbohannon/Invoke-Obfuscation: PowerShell Obfuscator

JoelGMSec/Invoke-Stealth: Simple & Powerful PowerShell Script Obfuscator

tokyoneon/Chimera: Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

javascript

JS Obfuscator

C/C++

C/C++ Obfuscator - Obfuscate your C/C++ source code for free and online

.NET

yck1509/ConfuserEx: An open-source, free protector for .NET applications

privilege escalation

windows

PEASS-ng/winPEAS at master · carlospolop/PEASS-ng · GitHub

itm4n/PrivescCheck: Privilege Escalation Enumeration Script for Windows

bitsadmin/wesng: Windows Exploit Suggester - Next Generation

GhostPack/Seatbelt: Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

linux

PEASS-ng/linPEAS at master · carlospolop/PEASS-ng · GitHub

rebootuser/LinEnum: Scripted Local Linux Enumeration & Privilege Escalation Checks

The-Z-Labs/linux-exploit-suggester: Linux privilege escalation auditing tool

diego-treitos/linux-smart-enumeration: Linux enumeration tool for pentesting and CTFs with verbosity levels

linted/linuxprivchecker: linuxprivchecker.py -- a Linux Privilege Escalation Check Script

passwords, hashes & wordlists

default passwords

Default Passwords | CIRT.net

List of Router Default Passwords For All Brands [Tried & Tested]

wordlists

Mebus/cupp: Common User Passwords Profiler (CUPP)

danielmiessler/SecLists: SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

Assetnote Wordlists

digininja/CeWL: CeWL is a Custom Word List Generator

cracking

Hashkiller.io - List Manager

CrackStation - Online Password Hash Cracking - MD5, SHA1, Linux, Rainbow Tables, etc.

SHAttered

Online Password Hash Crack - MD5 NTLM Wordpress Joomla WPA PMKID, Office, iTunes, Archive, ..

RsaCtfTool/RsaCtfTool: RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data

example_hashes [hashcat wiki]

Cmd5 - MD5 Online ,MD5 Decryption, MD5 Hash Decoder

GPUHASH.me - online WPA/WPA2 PMKID cracker and MD5,SHA1,SHA256,MD5CRYPT,NTLM,bcrypt,vBulletin,IPB,BTC/LTC wallet password recovery

Recovery of Password from Office documents (XLSX / DOCX), ZIP files and Hashes (Cisco, SHA1, MD5)

Md5 Online Decrypt & Encrypt - Compare your hash with our Database

Decrypt MD5, SHA1, MySQL, NTLM, SHA256, SHA512, Wordpress, Bcrypt hashes for free online

practice

TryHackMe | Cyber Security Training

Hack The Box: Hacking Training For The Best | Individuals & Companies

Vulnerable By Design ~ VulnHub

Web Security Academy: Free Online Training from PortSwigger

OverTheWire: Wargames

Command Challenge!

Proving Grounds: Virtual Pentesting Labs | Offensive Security

Virtual Hacking Labs | Penetration Testing Training Labs & Courses

Hack This Site

PentesterLab: Our exercises

HBH: Learn how hackers break in, and how to keep them out.

Free Cybersecurity Training and Career Development | Cybrary

https://amanhardikar.com/mindmaps/Practice.html