This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License
Ce Repo est un ensemble de fichier sur différents thèmes remarquable
WARNING This bookmark list can contain suspicious links, so think before act ...
- Open source secret manager with sharing capability https://github.com/secretin/secretin-app
- http://thehappyhoodedhacker.tumblr.com/
- Decrypted content of eqgrp-auction-file.tar.xz https://github.com/x0rz/EQGRP/
- https://blogs.msdn.microsoft.com/ieinternals/2014/09/04/caveats-for-authenticode-code-signing/
- https://blogs.dropbox.com/tech/2014/08/tech-behind-dropboxs-new-user-experience-for-mobile/
- https://github.com/vcsjones/AuthenticodeLint
- https://technet.microsoft.com/en-us/itpro/powershell/windows/pkiclient/new-selfsignedcertificate
- https://vcsjones.com/2016/04/15/authenticode-stuffing-tricks/
- dtc2 - a terrible osx toolkit - Duct Tape Command and Control! This is just a compilation of scripts to help dig in a little bit and move around. It's designed to be used with tools like pupy, empire and metasploit, by adding functionality that those toolsets don't currently have, or is not easy to run in certain circumstances. https://github.com/phobosgroup/dtc2
- https://karpathy.github.io/neuralnets/ Hacker's guide to Neural Networks
- https://heap-exploitation.dhavalkapil.com/
- GitHub NSA : https://github.com/nationalsecurityagency
- GitHub Information Assurance by NSA : https://github.com/iadgov
- Stockage chiffré intégral sur serveur distant https://blog.imirhil.fr/2017/07/22/stockage-chiffre-serveur.html and https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Securing_the_unencrypted_boot_partition
- lscript - This script will make your life easier, and of course faster http://www.kitploit.com/2017/08/lscript-this-script-will-make-your-life.html https://github.com/arismelachroinos/lscript
- Check my DNS : https://cmdns.dev.dns-oarc.net/
- Linux systemcalls debugging with colors :
$ strace $CMD 2>&1 > /dev/null | vim -c ':set syntax=strace' - - https://github.com/corkami/pics Posters, drawings...
- shellcarver – Carve shellcode within the memory using restrictive character set. http://seclist.us/shellcarver-carve-shellcode-within-the-memory-using-restrictive-character-set.html https://github.com/breaktoprotect
- Explain YARA Rules to Me https://www.alienvault.com/blogs/security-essentials/explain-yara-rules-to-me
- An SDN penetration testing toolkit https://github.com/smythtech/sdnpwn - sdnpwn is a toolkit and framework for testing the security of Software-Defined Networks (SDNs). For more information check out this article: https://sdnpwn.net/2017/08/22/what-is-sdnpwn/
- BTA is an open-source Active Directory security audit framework. https://bitbucket.org/iwseclabs/bta
- ysoserial v0.0.6 – a POC tool for payload generator that exploits unsafe Java object deserialization. http://seclist.us/ysoserial-v0-0-6-a-poc-tool-for-payload-generator-that-exploits-unsafe-java-object-deserialization.html https://github.com/frohoff/ysoserial
- Hunter is a flexible code tracing toolkit. https://github.com/ionelmc/python-hunter
- PWN Lab is a collection of Vagrant scripts and boxes to create security training environments. Getting a running environment is as easy as cloning the repository and running vagrant up. https://github.com/ztgrace/pwn_lab
- Script to decrypt Juniper encrypted passwords and keys https://github.com/Synacktiv/stuffz/blob/master/juniper_decrypt.py
- Open Source Security Incident and Event Management: SIEMonster https://n0where.net/open-source-security-incident-and-event-management/ https://siemonster.com/downloads/
- Open source incident management and response platform. https://www.cyphon.io/ https://cyphon.readthedocs.io/en/latest/overview.html
- AWK https://posts.specterops.io/fawk-yeah-advanced-sed-and-awk-usage-parsing-for-pentesters-3-e5727e11a8ad
- A package for capturing and analyzing network flow data and intraflow data, for network research, forensics, and security monitoring. https://github.com/cisco/joy
- Auto-sync files or directories over SSH using rsync and fs.watch(). https://github.com/mateogianolio/sshync
from https://www.recordedfuture.com/prioritizing-cyber-threats/
- Small and highly portable detection tests mapped to the Mitre ATT&CK Framework. https://github.com/redcanaryco/atomic-red-team
- Encrypt Bash Script https://n0where.net/how-to-encrypt-bash-script/ / http://www.datsi.fi.upm.es/~frosal/
- Hack ATM ... https://embedi.com/files/white-papers/Hack-ATM-with-an-anti-hacking-feature-and-walk-away-with-1M-in-2-minutes.pdf
- Defeating Google's audio reCaptcha with 85% accuracy. http://uncaptcha.cs.umd.edu (https://github.com/ecthros/uncaptcha)
- Developing Open Source Voice Controlled Applications: Jasper https://n0where.net/developing-open-source-voice-controlled-applications-jasper/ https://github.com/jasperproject/jasperproject.github.io
- A Guide to Attacking Domain Trusts http://www.harmj0y.net/blog/redteaming/a-guide-to-attacking-domain-trusts/
- Web Application Firewall Server: Shadow Daemon https://shadowd.zecure.org/ https://github.com/zecure/shadowd
- Machine learning to enhance image to 4K https://letsenhance.io/
- Build your own BlockChain
- Part 1 https://bigishdata.com/2017/10/17/write-your-own-blockchain-part-1-creating-storing-syncing-displaying-mining-and-proving-work/
- Part 2 https://bigishdata.com/2017/10/27/build-your-own-blockchain-part-2-syncing-chains-from-different-nodes/
- Part 3 https://bigishdata.com/2017/11/02/build-your-own-blockchain-part-3-writing-nodes-that-mine/
- Récupération consommation électrique via sortie téléinformation compteur EDF https://www.jelora.fr/post/2017/11/05/Recuperation-consommation-electrique-via-sortie-teleinformation-compteur-EDF.html
- FPGA modules used together with the PCILeech Direct Memory Access (DMA) Attack Software https://github.com/ufrisk/pcileech-fpga
- AD Audit tool : https://www.pingcastle.com/download/
- Autonomous (self-hosted) BitTorrent DHT search engine suite. http://labs.boramalper.org/magnetico/ https://github.com/boramalper/magnetico
- Subjack is a Hostile Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked. With Go's speed and efficiency, this tool really stands out when it comes to mass-testing. Always double check the results manually to rule out false positives. https://github.com/haccer/subjack
- Python telnet honeypot for catching botnet binaries https://github.com/Phype/telnet-iot-honeypot
- It's a tool to manage vulnerables packages in your nix server, in a centralized way https://github.com/mthbernardes/heimdall_webserver
- Stream Movies like a Hacker :
- Step 1 - Install
- Peerflix - https://www.npmjs.com/package/peerflix130
- Pirate-get https://github.com/vikstrous/pirate-get142
- Mpv (Repos)
- Step 2 - Rejoice
pirate-get -C "peerflix %s --mpv" moviename
- Step 1 - Install
- PHP Secure Configuration Checker https://github.com/sektioneins/pcc
- Backup of Darkc0ded : http://rafale.org/~mattoufoutu/darkc0de.com/
- A simple shell script I run to keep my MacBook clean and patched. https://github.com/jgamblin/MacOS-Maid
- How to exploit BlueBorne (CVE-2017-0781) RCE on Android 6.0.1 https://jesux.es/exploiting/blueborne-android-6.0.1-english/
- A small library for mapping and unmapping PE files. https://github.com/hasherezade/libpeconv
- Bash script for renewing Let's Encrypt certificates including a staging period https://github.com/albocc/letsencrypt-smart-renewal-with-staging
- kernel privilege escalation enumeration and exploitation framework https://github.com/spencerdodd/kernelpop
- Parrot Security 3.9 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind https://www.parrotsec.org/download.fx
- DumpsterFire - "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequence… http://www.kitploit.com/2017/11/dumpsterfire-security-incidents-in-box.html https://github.com/TryCatchHCF/DumpsterFire
- Meterpreter over SSH http://www.effecthacking.com/2017/12/meterssh-meterpreter-over-ssh.html
- A lot of vuln for training : https://www.vulnhub.com/
- Replacement of TeamViewer :
- A mega grapher of system. Get control of your servers. Simple. Effective. Awesome! https://my-netdata.io/ GitHub
- Impacket is a collection of Python classes for working with network protocols. https://github.com/CoreSecurity/impacket/tree/relay-experimental
- https://gist.github.com/Neo23x0/9fe88c0c5979e017a389b90fd19ddfee Linux Auditd Best Practice Configuration
- A free Keylogger : http://www.spyrix.com/spyrix-free-keylogger.php
- Minimal Linux Live is a set of Linux shell scripts which automatically build minimal Live Linux OS based on Linux kernel and BusyBox. All necessary source codes are automatically downloaded and all build operations are fully encapsulated in the scripts.
- Windows 10 and Windows Server 2016 security auditing and monitoring reference https://download.microsoft.com/download/7/9/F/79F3E0B9-4A00-4D15-9953-045BC9BE9338/Windows%2010%20and%20Windows%20Server%202016%20Security%20Auditing%20and%20Monitoring%20Reference.docx
- Analyzing One Million robots.txt Files https://intoli.com/blog/analyzing-one-million-robots-txt-files/
- Securing Domain Admins Groups in Active Directory https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/appendix-f--securing-domain-admins-groups-in-active-directory
- SAMRi10 - Hardening SAM Remote Access in Windows 10/Server 2016 https://gallery.technet.microsoft.com/SAMRi10-Hardening-Remote-48d94b5b
- Net Cease - Hardening Net Session Enumeration https://gallery.technet.microsoft.com/Net-Cease-Blocking-Net-1e8dcb5b
- Classic MS Paint in ... JavaScript https://github.com/1j01/jspaint
