Derrick is an advanced data leak scanning and CVE vulnerability analysis tool, designed for cybersecurity researchers and digital defense professionals.

PQC Transition Tools Index

Policy driven vetting of open source packages with malicious code analysis

Owasp Zap chart for Kubernetes

Terraform sandbox for experimenting with infra scenarios

FindGPPPasswords, A cross-platform tool to find and decrypt Group Policy Preferences passwords from the SYSVOL share using low-privileged domain accounts.

Internet Draft for the Automated Certificate Management Environment (ACME) Profiles Extension

This repository contains a collection of awesome tools and scripts for Developers and Engineers seeking to automate routine tasks on AWS Cloud.

Vulnerability impact analyzer that reduces false positives in SCA tools by performing intelligent code analysis. Uses agentic AI with open source models to understand CVEs and verify actual vulnera…

🐛 A list of writeups from the Google VRP Bug Bounty program

Assess the security of your Active Directory with few or all privileges.

Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics…

[Just for fun] Find exposed AWS keys (VALID KEYS ONLY) on github

Supply-chain Levels for Software Artifacts

Reverse Engineering: Decompiling Binary Code with Large Language Models

FOUR.MEME Sandwich Bot

Powerful LLM Query Framework with YAML Prompt Templates. Made for Automation

List of changes announced for AWS that may break existing code

OSS-Fuzz - continuous fuzzing for open source software.

A 10-Lesson course teaching everything you need to know about harnessing GitHub Copilot as an AI Paired Programming resource.

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

asnfuzzgen - ASN.1 Structure-Aware Fuzzing Compiler

🤖 𝗟𝗲𝗮𝗿𝗻 for 𝗳𝗿𝗲𝗲 how to 𝗯𝘂𝗶𝗹𝗱 an end-to-end 𝗽𝗿𝗼𝗱𝘂𝗰𝘁𝗶𝗼𝗻-𝗿𝗲𝗮𝗱𝘆 𝗟𝗟𝗠 & 𝗥𝗔𝗚 𝘀𝘆𝘀𝘁𝗲𝗺 using 𝗟𝗟𝗠𝗢𝗽𝘀 best practices: ~ 𝘴𝘰𝘶𝘳𝘤𝘦 𝘤𝘰𝘥𝘦 + 12 𝘩𝘢𝘯𝘥𝘴-𝘰𝘯 𝘭𝘦𝘴𝘴𝘰𝘯𝘴

One Conference 2024

A collection of Solidity security exercises and puzzles to test your knowledge of Solidity's more esoteric features. Some are easy, and some are exceptionally challenging.

A collection of Azure AD/Entra tools for offensive and defensive security purposes