A completely free, open source and online course about Reverse Engineering iOS Applications.

PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.

This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by…

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR

This project contains several exercises about injection using ptrace on Android platform

Some example source code for fixed IE11 sandbox escapes.

An updated collection of resources targeting browser-exploitation.

Wiki to collect Red Team infrastructure hardening resources

Process Injection

A collaborative, multi-platform, red teaming framework

windows kernel security development

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

An open-source post-exploitation framework for students, researchers and developers.

Chaos iOS < 12.1.2 PoC by @S0rryMyBad since he posted it as a photo rather than a source code. Also cleaned up.

Covenant is a collaborative .NET C2 framework for red teamers.

A collection of resources for OSX/iOS reverse engineering.

A free but powerful Windows kernel research tool.

Hide your Powershell script in plain sight. Bypass all Powershell security features

A POC C2 server and agent to explore just if/how the Ethereum blockchain can be used for C2

awesome list of browser exploitation tutorials

SharpGen is a .NET Core console application that utilizes the Rosyln C# compiler to quickly cross-compile .NET Framework console applications or libraries.

The Rogue Access Point Framework

Attack and defend active directory using modern post exploitation adversary tradecraft activity

Teaching old shellcode new tricks

A little toolbox to play with Microsoft Kerberos in C

📱 objection - runtime mobile exploration