A curated list of awesome resources about Electron.js (in)security

Open EDR public repository

A centralized resource for previously documented WDAC bypass techniques

Also known by Microsoft as Knifecoat 🌶️

Porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands

Comprehensive Python Cheatsheet

Powershell script to download and kick off Metasploit payloads. Relies on the exploit/multi/scripts/web_delivery metasploit module.

win32k use-after-free poc

HTML5 Training material for Attack and Secure training sessions.

Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.

A collection of Azure AD/Entra tools for offensive and defensive security purposes

Remote Desktop Protocol in RUST

Walking the PEB in VBA

Attack and defend active directory using modern post exploitation adversary tradecraft activity

A collection of links related to Linux kernel security and exploitation

An archive of low-level CTF challenges developed over the years

🔥 Web-application firewalls (WAFs) from security standpoint.

Top 100 Hacking & Security E-Books (Free Download)

List of Awesome Asset Discovery Resources

Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.

Exploits for getting local root on Linux, BSD, AIX, HP-UX, Solaris, RHEL, SUSE etc.

Exploits that are mostly ready to use. They either require no modification or have been modified and verified as functional.

Wipe and reinstall a running Linux system via SSH, without rebooting. You know you want to.

A hacky XSLT to convert nmap scan results into CherryTree format

📚 Freely available programming books

MS17-010

USB / CD / DVD autorun password stealer