A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Deserialization payload generator for a variety of .NET formatters

materials we hand out

Every Security Engineer Interview Question From Glassdoor.com

This is a companion to the Security Engineer Questions

Security interview questions with possible explanation for roles in AppSec, Pentesting, Cloud Security, DevSecOps, Network Security and so on

Community curated list of templates for the nuclei engine to find security vulnerabilities.

High performance self-hosted photo and video management solution.

ThoughtLoom is a powerful tool designed to foster creativity and enhance productivity through the use of LLMs directly from the command line. It facilitates rapid development and integration of LLM…

CodeBERT

A vulnerability scanner for container images and filesystems

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

A static analyzer for Java, C, C++, and Objective-C

Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report.

Shopizer java e-commerce software

😱 A curated list of amazingly awesome OSINT

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

A sample Spring-based application

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

OSWE, OSEP, OSED, OSEE

Becoming the spider, crawling through the webs to catch the fly.

GitGoat is an open source tool that was built to enable DevOps and Engineering teams to design and implement a sustainable misconfiguration prevention strategy. It can be used to test products with…

Sample cloud-first application with 10 microservices showcasing Kubernetes, Istio, and gRPC.

This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by…

Resources related to GitHub Security Lab

A curated list for awesome cloud native tools, software and tutorials. - https://jimmysong.io/awesome-cloud-native/

The world’s fastest framework for building websites.

DevSkim is a set of IDE plugins, language analyzers, and rules that provide security "linting" capabilities.

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

Open Source Cloud Native Application Protection Platform (CNAPP)