Various updates

offensive-security/C2.md → C2.md

@@ -3,19 +3,18 @@ title: C2
 description: Command and control systems.
 ---
 
-# C2 (Command and Control)
-
-Command and control systems.
+![](/assets/headers/header-logo.png)
 
 ![](https://img.shields.io/badge/Tools%20%26%20Resources%20Available-9-757575?style=for-the-badge)
 
-## Frameworks
+### Frameworks
 
 * [C3](https://github.com/FSecureLABS/C3) - A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits. ![last-commit](https://img.shields.io/github/last-commit/FSecureLABS/C3?style=flat)
 * [Cobalt Strike](https://www.cobaltstrike.com/) - Software for Adversary Simulation and Red Team Operations. 
 * [Covenant](https://github.com/cobbr/Covenant) - Covenant is a collaborative .NET C2 framework for red teamers. ![last-commit](https://img.shields.io/github/last-commit/cobbr/Covenant?style=flat)
 * [Merlin](https://github.com/Ne0nd0g/merlin) - Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang. ![last-commit](https://img.shields.io/github/last-commit/Ne0nd0g/merlin?style=flat)
 * [NightHawk](https://www.mdsec.co.uk/nighthawk/) - Built with operational security in mind, Nighthawk is a highly malleable implant designed to circumvent and evade the modern security controls often seen in mature, highly monitored environments.
+* [OcraC2](https://github.com/Ptkatz/OrcaC2) - Multifunctional C&C framework for encrypted communication. ![last-commit](https://img.shields.io/github/last-commit/Ptkatz/OrcaC2?style=flat)
 * [phpsploit](https://github.com/nil0x42/phpsploit) - Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor. ![last-commit](https://img.shields.io/github/last-commit/nil0x42/phpsploit?style=flat)
 * [PoshC2](https://github.com/nettitude/PoshC2) - A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement. ![last-commit](https://img.shields.io/github/last-commit/nettitude/PoshC2?style=flat)
 * [Pupy](https://github.com/n1nj4sec/pupy/) - Cross-platform C2 and post-exploitation framework written in python and C. ![last-commit](https://img.shields.io/github/last-commit/n1nj4sec/pupy?style=flat)

README.md

@@ -5,98 +5,114 @@ meta:
   title: "Infosec House"
 ---
 
+![](/assets/headers/infosechouse-header.png)
+
 <p>
 <center>
-<img src="/assets/banner-logo.png"><br><br>
 <img src="https://img.shields.io/github/last-commit/InfosecHouse/InfosecHouse?style=for-the-badge"><br>
-<img src="https://img.shields.io/badge/Tools%20%26%20Resources%20Available-1,071-757575?style=for-the-badge"><br><br>
-
-<h4 align="center">
-Tools & Resources for Cyber Security Operations</h4>
-<br>
+<img src="https://img.shields.io/badge/Tools%20%26%20Resources%20Available-1,100-757575?style=for-the-badge"><br><br>
 
 Enhance your cyber security operations with a comprehensive range of tools and resources for both offensive and defensive strategies.
 
-Please visit [https://infosec.house](https://infosec.house) for our website version of this repo. 
+If visiting us on GitHub please visit [https://infosec.house](https://infosec.house) for our website version of this repo. Much more search friendly! 
 
 Found a resources that should be on here? Feel free to submit a [Pull Request](https://github.com/InfosecHouse/InfosecHouse/pulls)!
+
 Need to report a broken/incorrect link? Feel free to submit an [Issue](https://github.com/infosechouse/infosechouse/issues).
 </center>
 </p>
 
-## Defensive Security
-
-* [Asset Management](/defensive-security/assets-management.md) - Keep track of your inventory. You can't protect what you don't see. 
-* [Auditing](/defensive-security/auditing.md) - Stay in compliance. 
-* [Courses](/defensive-security/courses.md) - Training and courses to master your craft.
-* [Endpoint Protection](/defensive-security/endpoint-protection.md) - Protect your endpoints.
-* [Forensics](/defensive-security/forensics.md) - Uncover the dirty little secrets of a recovered HDD, Image, malware, and more.
-* [Honeypots](/defensive-security/honeypot.md) - Catch them with their hands/attacks sticky.
-* [IDS/IPS](/defensive-security/ids-ips.md) - Intrusion Detection and Prevention Systems.
-* [Incident Response](/defensive-security/ir.md) - Incident response tools, and resources when alarms pop off.
-* [IOC](/defensive-security/ioc.md) - Indicators of compromise. Discover if you've been compromised.
-* [Malware](/defensive-security/malware.md) - All the malware you can wish for to reverse engineer.
-* [Monitoring](/defensive-security/monitoring.md) - Monitor your network, e-mail, packets, and infrastructure.
-* [Operating Systems](/defensive-security/operating-systems.md) - Operating system's solely focused for defensive security teams.
-* [Phishing](/defensive-security/phishing.md) - Tools and resources for analyzing phishing attacks.
-* [Threat Intel](/defensive-security/threat-intel.md) - Discover where the threats begin.
-
-## Offensive Security
-
-* [API](/offensive-security/api.md) - Tools and resources for pentesting against API endpoints.
-* [Blogs](/offensive-security/blogs.md) - Reading material for offensive security researchers.
-* [Bug Bounty](/offensive-security/bug-bounty.md) - Test out your skills against other hackers. Get paid for finding vulnerabilities.
-* [Command & Control](/offensive-security/C2.md) - Command and Control tools and frameworks.
-* [Cheat Sheets](/offensive-security/cheat-sheets.md) - Offensive security cheat sheets.
-* [Cloud](docs//offensive-security/cloud.md) - Discover tools and resources dedicated to hacking cloud platforms.
-* [Collaboration](/offensive-security/collab.md) - Discover tools and frameworks for red team collaboration.
-* [Courses](/offensive-security/courses.md) - Training and courses to master your craft.
-* [Cracking](/offensive-security/cracking.md) - Everything you need to crack all the hashes.
-* [Cryptography](/offensive-security/cryptography.md) - How great is your cryptography.
-* [CTF Offensive](/offensive-security/ctf.md) - Compete your hacking skills against others.
-* [Data Exfiltration](/offensive-security/data-exfiltration.md) - Exfiltrate the data, and test your DLP.
-* [E-Mail](/offensive-security/e-mail.md) - E-Mail pentesting tools and resources.
-* [Evasion](/offensive-security/evasion.md) - Evade getting caught.
-* [Exploits](/offensive-security/exploits.md) - Gather all your exploits needed to pop that box.
-* [Firewalls](/offensive-security/firewalls.md) - Attack the castle doors.
-* [Hardware](/offensive-security/hardware.md) - Grab some of the most used hardware within the penetration testing industry.
-* [Linux](/offensive-security/linux.md) - Tools and resources for popping those linux boxes.
-* [Mobile](/offensive-security/mobile.md) - Tools and resources for pentesting on mobile applications.
-* [Network](/offensive-security/network.md) - Sniff the network. Modify the packets.
-* [Operating Systems](/offensive-security/operating-systems.md) - Operating system's solely focused for offensive security teams.
-* [Reconnaissance](/offensive-security/recon.md) - Understand your target. Perform in-depth research and discover new attack surfaces.
-* [Shells](/offensive-security/shells.md) - Generating pre-built webshells to customizing your own.
-* [Social Engineering](/offensive-security/social-engineering.md) - Manipulation techniques that exploits human error to gain private formation, access, or valuables.
-* [Vulnerability Scanners](/offensive-security/vuln-scanners.md) - Discover vulnerabilities fast, and automate some of the heavy loads.
-* [Web Application](/offensive-security/web-app.md) - Break that web application.
-* [Windows](/offensive-security/windows.md) - Mirosoft Windows pentesting tools and resources.
-* [Wireless](/offensive-security/wireless.md) - Discover tools and resources for exploiting Wi-Fi, bluetooth, RFID, and more.
-
-## Operation Security
-
-* [Anonymity](/operation-security/anonymity.md) - The quality or state of being anonymous. Seek out technologies and methods of remaining  anonymous in the day and age of mass surveillance.
-* [Anti-Forensics](/operation-security/antiforensic.md) - Destroy your data.
-* [Burners](/operation-security/burners.md) - Everything for your temporary needs.
-* [Communication](/operation-security/communication.md) - Protect your SMS messages, voice calls, and e-mails. Big brother is always watching.
-* [Operating Systems](/operation-security/operating-systems.md) - Hardening your operating system.
-* [Passwords & Authentication](/operation-security/pass-access-management.md) - Secure your passwords, secrets, and notes.
-* [Search Engines](/operation-security/search-engines.md) - Hardening your operating system.
-
-
-## Purple Security
-
-* [Analysis](/purple-security/analysis.md) - Tools and scripts for analyzing data.
-* [Courses](/purple-security/courses.md) - Training and courses to master your craft.
-* [Editors & Viewers](/purple-security/editor-viewer.md) - Tools for editing/viewing files.
-* [Emulation](/purple-security/emulation.md) - Emulate the adversary.
-* [Network](/purple-security/network.md) - Network tools both offensive and defensive operations can utilize.
-* [OSINT](/purple-security/osint.md) - Open-Source Intel. Get all the information needed for your target.
-* [Passwords](/purple-security/default-passwords.md) - 1,000+ default passwords.
-* [Reverse Engineering](/purple-security/re.md) - Reverse engineering tools both offensive and defensive operations can utilize.
-* [Write-Ups](/purple-security/write-ups.md) - Write-ups both offensive and defensive operataions can utilize.
-
-## Entertainment
-
-* [Music](/entertainment/music.md) - Kick back relax and enjoy some entertainment.
-* [Video](/entertainment/videos.md) - Talks, livestreams, and presentations.
+---
+
+* [API](api.md) - Tools and resources for pentesting against API endpoints.
+* [Asset Management](assets-management.md) - Keep track of your inventory. You can't protect what you don't see.
+
+---
+
+* [Blogs](blogs.md) - Reading material for offensive security researchers.
+* [Bug Bounty](bug-bounty.md) - Test out your skills against other hackers. Get paid for finding vulnerabilities.
+
+---
+
+* [C2](C2.md) - Command and Control tools and frameworks.
+* [Cheat Sheets](cheat-sheets.md) - Offensive security cheat sheets.
+* [Cloud & Containers](cloud-containers.md) - Discover tools and resources dedicated to hacking cloud platforms.
+* [Collaboration](collab.md) - Discover tools and frameworks for red team collaboration.
+* [Command & Control](C2.md) - Command and Control tools and frameworks.
+* [Cracking](cracking.md) - Everything you need to crack all the hashes.
+* [Cryptography](cryptography.md) - How great is your cryptography?
+* [CTF Offensive](ctf.md) - Compete your hacking skills against others.
+
+---
+
+* [Data Exfiltration](data-exfiltration.md) - Exfiltrate the data, and test your DLP.
+* [Default Passwords](default-passwords.md) - 1,000+ default passwords.
+
+---
+
+* [Editors & Viewers](editor-viewer.md) - Tools for editing/viewing files.
+* [Education](education.md) - Training and courses to master your craft.
+* [Emulation](emulation.md) - Emulate the adversary.
+* [Endpoint Protection](endpoint-protection.md) - Protect your endpoints.
+* [E-Mail](e-mail.md) - E-Mail pentesting tools and resources.
+* [Evasion](evasion.md) - Evade getting caught.
+* [Exploits](exploits.md) - Gather all your exploits needed to pop that box.
+
+---
+
+* [Firewalls](firewalls.md) - Attack the castle doors.
+* [Forensics](forensics.md) - Uncover the dirty little secrets of a recovered HDD, Image, malware, and more.
+
+---
+
+* [Hardware](hardware.md) - Grab some of the most used hardware within the penetration testing industry.
+* [Honeypots](honeypot.md) - Catch them with their hands/attacks sticky.
+
+---
+
+* [IDS/IPS](ids-ips.md) - Intrusion Detection and Prevention Systems.
+* [Incident Response](ir.md) - Incident response tools, and resources when alarms pop off.
+
+---
+
+* [Linux](linux.md) - Tools and resources for popping those Linux boxes.
+
+---
+
+* [Malware](malware.md) - All the malware you can wish for to reverse engineer.
+* [Mobile](mobile.md) - Tools and resources for pentesting on mobile applications.
+* [Music](music.md) - Kick back relax and enjoy some entertainment.
+
+---
+
+* [Network](network.md) - Sniff the network. Modify the packets.
+
+---
+
+* [Operation Security](opsec.md) - Seek out technologies and methods of remaining anonymous in the day and age of mass surveillance.
+* [Operating Systems](operating-systems.md) - Operating systems for whatever task at hand.
+* [OSINT](osint.md) - Open-Source Intel. Get all the information needed for your target.
+
+---
+
+* [Reconnaissance](recon.md) - Understand your target. Perform in-depth research and discover new attack surfaces.
+* [Reverse Engineering](re.md) - Reverse engineering tools both offensive and defensive operations can utilize.
+
+---
+
+* [Shells](shells.md) - Generating pre-built webshells to customizing your own.
+* [Social Engineering](social-engineering.md) - Manipulation techniques that exploit human error to gain private information, access, or valuables.
+
+---
+
+* [Threat Intel](threat-intel.md) - Discover where the threats begin.
+
+---
+
+* [Video](videos.md) - Talks, livestreams, and presentations.
+* [Vulnerability Scanners](vuln-scanners.md) - Discover vulnerabilities fast, and automate some of the heavy loads.
+
+---
 
+* [Web Application](web-app.md) - Break that web application.
+* [Windows](windows.md) - Microsoft Windows pentesting tools and resources.

offensive-security/api.md → api.md

@@ -3,13 +3,12 @@ title: API
 description: Tools and resources for pentesting against API endpoints.
 ---
 
-# API
+![](/assets/headers/header-logo.png)
 
-Tools and resources for pentesting against API endpoints
 ![](https://img.shields.io/badge/Tools%20%26%20Resources%20Available-31-757575?style=for-the-badge)
 
 
-## Cheetsheets/Checklists
+### Cheetsheets/Checklists
 
 * [API Security Checklist](https://github.com/shieldfy/API-Security-Checklist) - Checklist of the most important security countermeasures when designing, testing, and releasing your API. ![GitHub last commit](https://img.shields.io/github/last-commit/shieldfy/API-Security-Checklist?style=flat) 
 * [GraphQL OWASP](https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html) - OWASP GraphQL cheat sheet. 
@@ -20,12 +19,12 @@ Tools and resources for pentesting against API endpoints
 * [Web API Pentesting](https://book.hacktricks.xyz/pentesting/pentesting-web/web-api-pentesting) - Web API pentesting GitBook. 
 
 
-## Documentation
+### Documentation
 
 * [MindAPI](https://github.com/dsopas/MindAPI) - Organize your API security assessment by using MindAPI. ![GitHub last commit](https://img.shields.io/github/last-commit/dsopas/MindAPI?style=flat)
 
 
-## Manipulation & Testing
+### Manipulation & Testing
 
 * [Arjun](https://github.com/s0md3v/Arjun) - HTTP parameter discovery suite. ![GitHub last commit](https://img.shields.io/github/last-commit/s0md3v/Arjun?style=flat)
 * [Astra](https://github.com/flipkart-incubator/Astra) - Automated Security Testing For REST API's. ![GitHub last commit](https://img.shields.io/github/last-commit/flipkart-incubator/Astra?style=flat)
@@ -44,7 +43,7 @@ Tools and resources for pentesting against API endpoints
 * [Test Mace](https://testmace.com/) - A modern powerful crossplatform tool for working with an API and creating automated API tests. 
 * [vRESTng](https://vrest.io) - Automate API Requests as Runnable Test Cases, just by providing Request Details. Also, Validate API Responses using Test Case Assertions.
 
-## Training
+### Training
 
 * [crAPI](https://github.com/OWASP/crAPI) - Completely ridiculous API (crAPI). ![GitHub last commit](https://img.shields.io/github/last-commit/OWASP/crAPI?style=flat)
 * [Damn Vulnerable GraphQL App](https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application) - An intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security. ![GitHub last commit](https://img.shields.io/github/last-commit/dolevf/Damn-Vulnerable-GraphQL-Application?style=flat)

defensive-security/assets-management.md → assets-management.md

@@ -3,13 +3,11 @@ title: Assets Management
 description: Keep track of your inventory. You can't protect what you don't see.
 ---
 
-# Assets Management
-
-Keep track of your inventory. You can't protect what you don't see.
+![](/assets/headers/header-logo.png)
 
 ![](https://img.shields.io/badge/Tools%20%26%20Resources%20Available-6-757575?style=for-the-badge)
 
-## Endpoint Visibility
+### Endpoint Visibility
 
 * [GLPI](https://github.com/glpi-project/glpi) - Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. ![last-commit](https://img.shields.io/github/last-commit/glpi-project/glpi?style=flat)
 * [LANSweeper](https://www.lansweeper.com/) - Build centralized IT asset inventory. 

offensive-security/blogs.md → blogs.md

@@ -1,22 +1,21 @@
 ---
-title: Blogs
+title: Blogs & Zines
 description: Reading material for offensive security researchers.
 ---
 
-# Blogs
+![](/assets/headers/header-logo.png)
 
-Reading material for offensive security researchers.
+![](https://img.shields.io/badge/Tools%20%26%20Resources%20Available-34-757575?style=for-the-badge)
 
-![](https://img.shields.io/badge/Tools%20%26%20Resources%20Available-33-757575?style=for-the-badge)
+### Corporate Blogs 
 
-## Corporate 
 * [Not so Secure](https://notsosecure.com/blog/) - Mix of research.
 * [Orange Cyberdefense](https://sensepost.com/blog/) - Mix of research. 
 * [Security Weekly](https://securityweekly.com/blog/) - Mix of research. 
 * [Trustwave](https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/) - Mix of research. 
 
 
-## Personal
+### Personal Blogs
 
 * [0xSP](https://0xsp.com/) - Red Team Cheat Sheets. 
 * [Archangel Amael](http://archangelamael.blogspot.com/) - Mix of research. 
@@ -47,4 +46,4 @@ Reading material for offensive security researchers.
 * [Spy Logic](https://www.spylogic.net/) - Mix of research. 
 * [Strolling Infosec](https://9emin1.github.io/pages/) - Mix of research. 
 * [Weapons of Mass Analysis](http://wepma.blogspot.com/) - Mix of research. 
-* [Wirewatcher](https://wirewatcher.wordpress.com/) - Mix of research. 
+* [Wirewatcher](https://wirewatcher.wordpress.com/) - Mix of research.

offensive-security/bug-bounty.md → bug-bounty.md

@@ -3,30 +3,28 @@ title: Bug Bounty
 description: Test out your skills against other hackers. Get paid for finding vulnerabilities.
 ---
 
-# Bug Bounty
-
-Test out your skills against other hackers. Get paid for finding vulnerabilities.
+![](/assets/headers/header-logo.png)
 
 ![](https://img.shields.io/badge/Tools%20%26%20Resources%20Available-10-757575?style=for-the-badge)
 
-## Cheatsheets/Checklists
+### Cheatsheets/Checklists
 
 * [Bug bounty Roadmaps](https://github.com/1ndianl33t/Bug-Bounty-Roadmaps) - Bug Bounty Roadmaps ![GitHub last commit](https://img.shields.io/github/last-commit/1ndianl33t/Bug-Bounty-Roadmaps?style=flat)
 
-## Organization
+### Organization
 
 * [HackWithGoodFaith](https://github.com/brevityinmotion/goodfaith) - Stay within program scope. ![last commit](https://img.shields.io/github/last-commit/brevityinmotion/goodfaith?style=flat) 
 
-## Platforms
+### Platforms
 
 * [Bugscrowd](https://bugcrowd.com/programs) - #1 crowdsourced security company. 
 * [HackerOne](https://hackerone.com/directory/programs/) - The platform is the industry standard for hacker-powered security. 
 * [huntr](https://www.huntr.dev/) - Bug bounty board for securing open-source. 
-* [Integriti](https://www.intigriti.com/programs) - Europe's #1 ethical hacking and bug bounty platform. 
+* [Intigriti](https://www.intigriti.com/programs) - Europe's #1 ethical hacking and bug bounty platform. 
 * [Safe Hats](https://app.safehats.com/signup) - Managed Bug Bounty. 
 * [Synack](https://www.synack.com/) - Built by hackers for hackers. 
 * [Yes We Hack](https://yeswehack.com/auth/register#create-hunter) - Global bug bounty platform crowdsourced security & vulnerability disclosure. 
 
-## Services
+### Services
 
 * [Recon.Dev](https://recon.dev/) - Collects recon data on bounty targets and provides tools to help quickly find targets and discover bugs.