Lists (4)
Starred repositories
Proof of Concepts for malicious maintainers: How to Tamper with Releases built with GitHub Actions Worfklows, presented at fwd:cloudsec Europe 2025
Threat feeds designed to extract adversarial TTPs and IOCs, using: ✨AI✨
A toolset to make a system look as if it was the victim of an APT attack
A 30-day hands-on SOC Analyst project simulating real-world cyber attacks using ELK Stack, Mythic C2, osTicket & Elastic Defend. Covers threat detection, log analysis, incident response, and cloud-…
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
tirreno - Open Source Security Analytics. Understand, monitor, and protect your application from cyber threats, account threats, and abuse. Get started — free.
Qtap: An eBPF agent that captures pre-encrypted network traffic, providing rich context about egress connections and their originating processes.
Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling
Active Directory data ingestor for BloodHound Legacy written in Rust. 🦀
Active Directory data ingestor for BloodHound Community Edition written in Rust. 🦀
Username enumeration and password spraying tool aimed at Microsoft O365.
RooCodeInc / Roo-Code
Forked from cline/clineRoo Code gives you a whole dev team of AI agents in your code editor.
eBPF-based Networking, Security, and Observability
Command line tool to search github repositories and users
A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.
Pen Test Report Generation and Assessment Collaboration
Malware samples, analysis exercises and other interesting resources.
FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (ext4, XFS) journals (not systemd-journald logs), generates timelines, and detects suspicious activities.
eBPF-based Security Observability and Runtime Enforcement
A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
ChatGPT Prompts for Bug Bounty & Pentesting
A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting
RSA attack tool (mainly for ctf) - retrieve private key from weak public key and/or uncipher data