CyberBodega

A conglomeration of resources for any color of the rainbow

     _________       ______                  ________      _________                    
     __  ____/____  ____  /______________    ___  __ )___________  /___________ ______ _
     _  /    __  / / /_  __ \  _ \_  ___/    __  __  |  __ \  __  /_  _ \_  __ `/  __ `/
     / /___  _  /_/ /_  /_/ /  __/  /        _  /_/ // /_/ / /_/ / /  __/  /_/ // /_/ / 
     \____/  _\__, / /_.___/\___//_/         /_____/ \____/\__,_/  \___/_\__, / \__,_/  
             /____/                                                     /____/                                                                 

                                          Continuously Updated Since 16 July 2020

🏷️ Resource Tags

• - Open-source projects and tools
• - Free resources (may require registration)
• - Free tier available with paid options
• - Paid/commercial resources

Contents

• 🔗 Quick Links
• 📰 InfoSec News
• 📚 Interesting Articles & Videos
• 🔬 Research Resources
  • Write-ups
  • Research Sites
  • Cyber Threat Intelligence
• 🎓 Training Resources
• 🛡️ Blue Team Resources
  • Utility
  • Network Analysis
  • Host Analysis
  • Detection
  • Malware Analysis
  • Forensics
  • Audit & Vulnerability
    • Malware IOC Detection Data Dumps
  • Blue Bin
• ⚔️ Purple/Red Team Resources
  • Command & Control
  • Reconnaissance
  • Password Tools
  • Red Bin
• ☁️ Cloud Security
  • Tools
• 🤖 AI/ML Security
• ⭐ Awesome Lists
• 📦 Resource Dump

---

Quick Links

• RSS Feed Conglomeration of InfoSec RSS feeds

---

📰 InfoSec News

Stay updated with the latest security news and research

• All InfoSec News An InfoSec & Cyber news aggregator
• Security Soup Infosec news, commentary, and research
• Threatpost Supposedly the first stop for security news
• Week in 4N6 Your weekly roundup of Digital Forensics and Incident Response news
• r/blueteamsec Subreddit focused on technical intelligence, research and engineering
• Krebson Security In-depth security news and investigation
• SANS Webcast Free security training webcasts and presentations
• SANS Newsletter Weekly security newsletters covering the latest threats and vulnerabilities
• Cyber Scoop Cybersecurity news and analysis
• SecurityFocus Security news, vulnerabilities, and discussion forums
• Gibson Research Corporation Security research and freeware utilities by Steve Gibson
• Security News Wire Security industry news aggregator
• PortSwigger Web security news and research from the makers of Burp Suite
• Pentestmonkey Penetration testing tools and cheat sheets
• USCERT (CISA) Official US government cybersecurity alerts and advisories
• FIRST Forum of Incident Response and Security Teams - global incident response collaboration
• BleepingComputer Technology news and computer help with focus on security
• Schneier Security Bruce Schneier's blog covering security and privacy topics
• Opalsec Security newsletter and research insights
• CISA Cybersecurity Advisories Latest cybersecurity advisories and alerts from CISA

---

📚 Interesting Articles & Videos

Deep dives, research papers, and educational content

• vx-underground Really anything from here is pretty sweet
• Cyb3rWard0g's Lab⭐ Step by step guide on creating a lab enviorment in ESXi
• SANS Reading Room See what white papers are top of mind for the SANS community
• Black Hat Archives Archive of computer security presentations is provided free of charge as a service to the international computer security community
• If you've ever wanted to mess around with a SIEM
• Spin Up An AD Enviorment Quickly
• Lenny Zeltser - Learn Malware Analysis Comprehensive guide for beginners in malware analysis
• PST, Want a Shell? Mandiant's write-up for ProxyShell
• De-Fanging Strings with FLOSS Uncovering obfuscated strings with FLOSS
• Setting up Tripwire Detecting adversary activity via file changes (Honey Files)
• PowerShell Process Hunting Great review of ways to leverage PowerShell to do neat things
• Canary Tokens Painless way to help defenders discover they've been breached
• Kerboroasting Conversation about extracting service account credentials from Active Directory via kerb
• Honey Files Honey files are designed to detect attackers who are accessing and removing files
• CTI Self Study Plan Katie Nickels discusses ways you can learn more about CTI
• Start Learning Malware Analysis Comprehensive guide for beginners in malware analysis
• DFRWS Papers & Presentations Digital forensics research workshop papers and presentations
• Detecting Meterpreter HTTP module Network Traffic Didier Stevens discusses meterpreter network traffic
• Hunting Linux Persistence Part 1 Auditd, Sysmon, Osquery and Webshells
• Adventures in Dynamic Evasion SpecterOps research on advanced evasion techniques
• SSDs/The Challanges Presented to DFIR Academic paper on SSD forensics challenges
• Anti-Forensics Overview of anti-forensics techniques and countermeasures
• Windows Artifacts DFIR Guide to Windows registry artifacts for digital forensics
• Windows Forensics Windows forensics techniques and security analysis
• Linux Forensics Linux forensics guide for non-Linux users
• Black Hat Stego Brief Black Hat presentation on steganography techniques
• Unpacking Malware Personal notes and techniques on unpacking malware
• Malware Reports Collection of malware analysis reports and resources
• Journey Into Incident Response Incident response guides and analysis techniques
• Deploying T-Pot Framework in the Cloud Guide to deploying T-Pot honeypot in cloud environments
• Getting Started with RE/Malware Analysis Beginner's guide to reverse engineering and malware analysis
• OpBlueRaven Details about PRODAFT & INVICTUS Threat Intelligence (PTI) team's latest operation on different threat actors
• TrendMicro; Analyzing Common Pentesting Tools Gives a great insight into common abused tools
• Hunt & Hackett; Concealed code TTP's/Detection Covers common defense evasion techniques and how to detect them
• NCC Group; Detecting DNS Implants Interesting TTP's leveraging DNS as a pure means of C2
• Linux to ATT&CK Mapped markdown file listing common Linux malware TTP's mapped to ATT&CK
• Datadog; AWS Threat Detection Intro to Stratus Red Team, the Atmoic red team for cloud enviorments
• Nextron Systems; Writing YARA rules Part 1 of a 4 part series on writing effective YARA rules
• Tweaking macOS to detect App Bundles Adversaries commonly manipulate application bundles to subvert security controls
• IR/Detection when Cloud is your Data Center SANS Summit talk about Cloud data center IR/Detection capabilities
• Event logs and Elastic Security for IR Discussion about Elastic security and its use cases
• Bug bounty guide to IDOR Discusses IDOR and the feasibility surrounding Bug Bounties
• MalwareJake Presentation Covers a number of topics
• Degrading MS Defender Presentation about circumventing Microsoft Defender
• Actual MFA bypass techniques Discusses In-The-Wild MFA bypass methods
• Jupyter Notebooks from Sigma Rules to Query Elasticsearch Guide on converting Sigma rules to Elasticsearch queries using Jupyter notebooks
• Cloud DFIR: EKS Takeover Case Study Cloud digital forensics and incident response in Elastic Kubernetes Service environment
• The Rise of Malware Mainstream Acceptance Discussion on malware's evolution and government involvement
• Methodology for GenAI Workload IR AWS methodology for incident response on generative AI workloads
• Adversarial Machine Learning Paper Academic paper on adversarial machine learning and security implications
• Defenders Think in Lists, Attackers Think in Graphs Essential reading on the mindset gap between defenders and attackers
• Linux Forensics - Hal Pomeranz Comprehensive Linux forensics guide available on Internet Archive
• Windows Search Index Forensics Research on Windows Search Index as a valuable forensic artifact
• Elastic Security - Linux Persistence Finale Comprehensive guide on Linux persistence mechanisms
• More Fun with WMI - SpecterOps Advanced WMI techniques and abuse
• SCCM Hierarchy Takeover via NTLM Relay SCCM security vulnerability exploitation
• Cloudflare BGP Route Leak Analysis Analysis of BGP routing incidents
• Before Vegas: Cyberdefense Report ETH Zurich report on cyber defense strategies
• From Vegas to Chengdu: Hacking Contests and China's Offensive Cyber Ecosystem Analysis of China's cyber capabilities development
• FireEye Big Four: Spotlight on China FireEye analysis of Chinese threat groups
• 13Cubed - DFIR YouTube Digital forensics and incident response educational content
• ClickFix Social Engineering Wiki Documentation on ClickFix social engineering attacks
• ACM Digital Library - Cyber Research Academic research on cybersecurity topics

---

🔬 Research Resources

📝 Write-ups

• Unit 42 Palo Alto Networks threat intelligence and research
• Google Intel/Mandiant Latest news and insights from Google security team -- Really just Mandiant
• Trellix Blog Cybersecurity threat research and news from Trellix
• The DFIR Report Real-world intrusion analysis and incident response reports
• Sophos X-Ops Threat intelligence and research from Sophos security teams
• Intel471 Cyber threat intelligence focused on cybercrime
• WatchTowr Labs Goated writeups

🔍 Research Sites

• Exploit DB Archive of exploits and vulnerable software
• Shodan Search engine for Internet-connected devices
• National Vulnerability Database US government repository of standards-based vulnerability data
• CVE Proof of Concepts Collection of CVE proof-of-concept exploits
• OWASP Open Web Application Security Project - web security resources and tools
• OSINT Framework Collection of OSINT tools and resources organized by category
• OpenThreatResearch Open-source threat research and detection engineering
• BellingCat Independent investigative journalism using open source intelligence
• Zoomeye Cyberspace search engine for devices and services
• Spyse Internet assets search engine for cybersecurity professionals
• Web Check Insight into the inner-workings of a given website
• Juniverse Security knowledge base and research platform
• Attack Rule Map Interactive visualization of MITRE ATT&CK techniques mapped to detection rules
• POC||GTFO Archive Archive of Proof of Concept or Get The Fuck Out hacking journal
• Monocle Cam Portal Security camera analysis and OSINT tool
• MalOps Malware operations analysis and tracking
• The Evidence Locker Digital forensics evidence repository and resources
• Triage.zip Incident triage and analysis resources

🎯 Cyber Threat Intelligence

• Unit 42 Atom Threat group information
• CrowdStrike Adversary APT/Adversary group list
• SOC Radar APT IoC feeds from several public and private sources and sensors
• APT Campaigns Collection of APT and cybercriminals campaign
• Yet Another Google Doc.1 APT Groups and Operations
• Yet Another Google Doc.2 Raw intel dump into a word doc
• Cyber Campaigns List of multiple cyber-espionage and cyber-attack campaigns
• APT Secure List Targeted cyberattack logbook
• Dragos Threat Activity Dragos threat activity groups
• Google Threat Analysis Googles TAG (Threat analysis group)
• Microsoft Threat Intel Microsoft threat intel team
• APT Map Graphical map of known Advanced Persistent Threats
• MITRE APT Groups MITRE attack groups
• APT Netlify Yet another threat actor map
• Alienvault OTX Groups AlienVault open threat exchange
• Unit 42 Playbooks Playbooks for certain threat groups

---

🎓 Training Resources

Free courses, labs, and hands-on learning platforms

• CyberDefenders BlueYard - BlueTeam Challenges
• Malware Traffic Analysis Infected PCAP's for review
• EVTX/PCAP Attack Samples Infected PCAP's and EVTX logs for review
• Open Security Training Free training for a variety of computer security classes
• TryHackMe Hands-on cyber security training
• HackSplaining Number of free training lessons for free
• Codewars Programming challanges
• MalwareUnicorn Free reverse engineering workshops
• Free Ivy Leauge Courses List of Ivy league courses you can take online for free (CS50)
• LetsDefend Free-ish training simulating the SOC life. Great for people interested in journying into a IR/SOC enviorment
• DC540 Reversing Course Free reverse engineering course
• Low Level Programming Low level programming course
• FreeCodeCamp Free and online, self paced courses to prepare you for a role in programming
• SocVel Free live DFIR challenges
• DFIRArtifactMuseum Community-driven archive of DFIR-related artifacts
• AwesomeDFIR Website DFIR resources
• ForensicMethods Archive of computer forensic information
• IMFSecurity Good resources to dig through
• Azure Training A collection of materials related to "JohntheBrit" certification videos
• LogHub Large collection of system log datasets for AI-driven log analytics research
• CSI Linux Academy Free OSINT, DFIR, and cybersecurity training courses
• ICS PCAP Collection Collection of Industrial Control Systems (ICS) packet captures for analysis and research
• John Hammond YouTube Comprehensive playlist of cybersecurity tutorials and walkthroughs
• AWS Certified Security Specialty Course Free AWS security certification training course
• Hugging Face LLM Course Comprehensive course on Large Language Models

---

🛡️ Blue Team Resources

Defensive security tools and resources

Quick Navigation: Utility | Network Analysis | Host Analysis | Detection | Malware Analysis | Forensics

• EricZimmerman Collection of forensics and incident response tools

🔧 Utility

• Cyber Chef Web app for analysing and decoding data
• Cyber Chef Recipes A list of cyber-chef recipes and curated links
• LOLBAS Windows LOLBins and how they are abused
• GTFOBins Unix LOLBins and how they are abused
• MITRE ATT&CK Globally-accessible knowledge base of adversary tactics and techniques
• MITRE D3FEND Knowledge graph of countermeasures to ATT&CK TTP's
• Wazuh Open source unified XDR and SIEM protection for endpoints and cloud workloads
• MozDef Enterprise defense platform
• Stronghold A way to securely configure your Mac
• ChopShop Framework to aid analysts in the creation and execution of pynids based decoders and detectors of APT tradecraft
• RockNSM An open source Network Security Monitoring platform
• HELK Open source hunt platforms with advanced analytics
• AlienVault OSSIM Feature-rich open source SIEM w/ collection, normalization and correlation
• Prelude Universal SIEM
• TheHive Open source and free Security Incident Response Platform
• OpenEDR Free and open source EDR
• OpenSOC Open source big data technologies in order to offer a centralized tool for security monitoring and analysis
• Munin Online Hash Checker for Virustotal and Other Services
• Threat Hunt Mind Maps Mindmaps for cloud security, threat hunting and incident response
• Hybrid-Analysis Free malware analysis service
• Manalyzer Free service which performs static analysis on PE executables to detect undesirable behavior
• URLScan Free URL/website scanner
• Intezer Analyze Free IOC/malware scanner
• AnyRun Interactive malware analysis
• JoeSandbox Malware anaylsis
• IRIS-H Online automated static analysis of files stored in a directory-based or strictly structured formats
• Yoroi Free file analyzer
• Har-Sai Lookup things related to a specific CVE
• Rastrea2r Multi-platform open source tool that allows incident responders and SOC analysts to triage suspect systems and hunt for Indicators of Compromise (IOCs) across thousands of endpoints in minutes
• HijackLibs Aims to keep a record of publicly disclosed DLL Hijacking opportunities
• Diaphore Program diffing tool working as an IDA plugin
• MalAPI List of Windows APIs to common techniques used by malware
• Sentinel Queries List of Azure Sentinel queries
• EchoTrail Windows Process Insights
• PulledPork PulledPork for Snort and Suricata rule management
• Microsoft Threat Modeling Microsoft tool related to threat modeling
• DocIntel DocIntel is an open-source context-centric threat intelligence platform
• Multi Router Traffic Grapher (MRTG) Monitor SNMP network devices and draw pretty pictures showing how much traffic has passed through each interface
• GHOSTS Realistic user simulation framework for cyber simulation, training, and exercise
• DiscØvery Security analysis tool for IoT and 5G systems
• LogonTracer Investigate malicious Windows logon by visualizing and analyzing Windows event log
• Exmaple Pentest Reports Sample penetration testing reports
• EC2 IR General walkthrough of IR capes in AWS
• Linux Audit Data Sources Comprehensive list of Linux audit data sources
• Splunk Security Content Open-source security content for Splunk
• Splunk Attack Range Tool to build lab environments for testing detection and response
• Splunk Research Splunk security research and threat hunting content
• Splunk CI/CD Detection Engineering Guide to implementing CI/CD for detection engineering
• Package Inferno PowerShell package analysis and security tool

🌐 Network Analysis

• Arkime Open source full packet capturing, indexing and database system. It rebuilds sessions automatically!
• Wireshark Tride and true network protocol analyzer
• Zeek An Open Source Network Security Monitoring Tool
• Google Stenographer Stenographer is a full-packet-capture utility for buffering packets to disk. Allows you to rip out
• PcapXray A tool to visualize Packet Capture offline as a Network Diagram
• RITA Open-source framework for detecting command and control communication through network traffic analysis
• Whats that C2/Exfil? Github repo full of known c2 and exfil traffic keywords
• Incubating Open source software for leveraging insights from flow and packet analysis
• Network Miner Open source Network Forensic Analysis Tool
• VAST Network telemetry engine for data-driven security investigations
• NetSniff Free Linux networking toolkit
• SpoofSpotter A tool to catch spoofed NBNS responses
• Grass Marlin🦅 Network situational awareness of ICS and SCADA networks
• SELKS Open source Debian-based IDS/IPS/Network Security Monitoring platform
• SiLK Collection of traffic analysis tools

💻 Host Analysis

• Velociraptor Tool for collecting host based state information using The Velociraptor Query Language (VQL) queries
• Hayabusa Windows event log fast forensics timeline generator and threat hunting tool (Sigma compatible)
• Osquery Tool that provides performant endpoint visibility
• Sysinternalsuite Suite of tools providing a multitude of capabiltiies for defenders or attackers
• Sticky Keys Slayer Scans for accessibility tools backdoors via RDP
• CimSweep Suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely
• Seatbelt Security oriented host-survey tool performing "safety checks" relevant from both offensive and defensive security perspectives
• Live-Forensicator Assist's responders in carrying out live forensic investigations
• DeepBlueCLI PowerShell Module for Threat Hunting via Windows Event Logs
• Chainsaw Powerful 'first-response' capability to quickly identify threats within Windows event logs
• Google Rapid Response Python agent that is installed on target systems, and python server infrastructure that can manage and talk to clients
• PSHunt Powershell Threat Hunting Module designed to scan remote endpoints
• PSRecon Gathers data from a remote Windows host using PowerShell
• Redline Free EDR, thats pretty cool
• Power Forensics Inclusive framework for hard drive forensic analysis
• Block Parse PowerShell script block parser
• Sysmon4Linux The sysmon you love for a flavor of nix
• Dissect Digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats

🔍 Detection

• Sigma Sigma is a generic and open signature format that allows you to describe relevant log events in a straightforward manner
• Yara Tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples
• Snort Open source intrusion prevention and detection system
• Suricata High performance Network IDS, IPS and Network Security Monitoring engine
• BlockBlock Monitors common persistence locations and alerts whenever a persistent component is added
• Santa Binary authorization system for macOS
• MalTrail Malicious traffic detection system
• DetectIQ Open-source threat detection validation framework that enables continuous validation of detection rules
• Galah LLM-powered web honeypot designed to mimic various web applications and dynamically respond to arbitrary HTTP requests
• Detections.ai Community-driven detection rules and threat hunting queries

🦠 Malware Analysis

• Remnux Linux toolkit for reverse-engineering and analyzing malicious software
• Tools by hasherezade Linux toolkit for reverse-engineering and analyzing malicious software
• IDA Binary code analysis tool
• FLARE Floss Automatically deobfuscate strings from malware binaries
• BinaryNinja Interactive disassembler, decompiler, and binary analysis platform
• BinaryPig Malware Processing and Analytics
• Ghidra🦅 Software reverse engineering suite of tools
• HxD Carefully designed and fast hex editor
• Redare2 Set of libraries, tools and plugins to ease reverse engineering tasks
• TheMatrix Project created to ease the malware analysis process
• OllyDbg 32-bit assembler level analysing debugger
• oletools Package of python tools to analyze files
• The Sleuth Kit/Autopsy Open Source Digital Forensics
• Cuckoo Sandbox Leading open source automated malware analysis system
• Malcat Feature-rich hexadecimal editor / disassembler for Windows and Linux
• malwoverview First response tool used for threat hunting and offers intel information from OSINT sites
• unblob Extract files from any kind of container formats, filesystems, and firmware

🔬 Forensics

• CyLR Cold disk file collector
• Dissect Digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats
• Volatility Python tool used for the extraction of digital artifacts from volatile memory (RAM) samples

🔐 Audit & Vulnerability

• nuclei Fast and customisable vulnerability scanner based on simple YAML based DSL
• Clair Open source project for the static analysis of vulnerabilities in application containers
• Chef InSpec Audit and automated testing framework
• Lynis Security auditing tool for *nix and macOS
• VulnWhisperer Vulnerability management tool and report aggregator
• OpenVAS Full-featured vulnerability scanner

📊 Malware IOC Detection Data Dumps

• vx-underground samples The largest collection of malware source code, samples, and papers on the internet
• jstrosch Samples Repository intended to provide access to a wide variety of malicious files and other artifacts
• DigitalSide Threat-Intel Repo Repository that contains a set of Open Source Cyber Threat Intellegence information
• MalwareBazar Project from abuse.ch with the goal of sharing malware samples
• DailyIOC Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups
• Valhalla Yara Rules Professional YARA rules database for malware detection
• Yara Rules Project Community-driven collection of YARA rules for malware detection
• Virustotal Yara VirusTotal's YARA rule repository
• Florian Roth Signature base for YARA, Sigma and IOC scanners

🧰 Blue Bin

Miscellaneous blue team tools and scripts

• Zeek to Cuckoo Automating file extraction submission and analysis to Cuckoo Sandbox from Zeek
• Ox4Shell De-obfuscate Log4Shell payloads

---

⚔️ Purple/Red Team Resources

Offensive security tools and adversary simulation

Quick Navigation: Command & Control | Reconnaissance | Password Tools

• Metasploit Framework An exploit framework
• APTSimulator A Windows Batch script that creates files to make a system look as if it was compromised
• Atomic Red Team Library of tests mapped to the MITRE ATT&CK® framework
• Metta Adversary simulation tool
• Network Flight Simulator Lightweight utility used to generate malicious network traffic
• Cladera Framework Platform designed to easily automate adversary emulation, assist manual red-teams, and automate incident response
• PowerSploit Collection of Microsoft PowerShell module's to aid in multiple phases of an assessment
• Impacket Impacket is a collection of Python classes for working with network protocols
• sqlmap Open source tool that automates the process of detecting and exploiting SQL injection flaws
• Silver Open source cross-platform adversary emulation/red team framework
• Gobuster Gobuster is a tool used to brute-force subdomains, website URI's, open S3 buckets and more
• Exegol Exegol is a community-driven hacking environment, powerful and yet simple enough to be used by anyone in day to day engagements
• EmpireProject Empire is a post-exploitation framework, which is sadly not maintained anymore
• Reubeus Rubeus is a C# toolset for raw Kerberos interaction and abuses
• Responder Responder is an LLMNR, NBT-NS and MDNS poisoner
• Inveigh Inveigh is a cross-platform .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
• ExploitDB Archive of public exploits and corresponding vulnerable software
• DumpsterFire Tool used for building repeatable, time-delayed, and distributed security events
• Stratus Red Team Essentially Atmoic red team, but focused on cloud
• RTA Framework of scripts designed to allow blue teams to test their detection capabilities against malicious tradecraft
• Infection Monkey Open source security tool for testing resiliency on perimeter breaches and internal server infection
• Invoke-Powershell PowerShell script that helps you to evaluate security products and monitoring solutions
• DSInternals Active directory PowerShell Module and Framework

🎮 Command & Control

• C2 Matrix Find the best C2 framework for your needs based on your target environment
• Cobalt Strike Post-exploitation agent and covert channels to emulate a quiet long-term embedded actor in your customer's network
• Brute Ratel C4 Customized Command and Control Center for Red Team and Adversary Simulation
• PoshC2 Proxy aware C2 framework

🔭 Reconnaissance

• Photon Crawler Incredibly fast crawler designed for OSINT
• Subcrawl Developed to find, scan and analyze open directories
• subfinder Fast passive subdomain enumeration tool
• MASSCAN An Internet-scale port scanner
• Nmap Open source utility for network discovery and security auditing
• Angry IP Scanner Fast and friendly network scanner
• Google Dorking Technique that uses Google Search and other Google applications to find security holes
• Github Dorking Technique that uses Github to find interesting things
• Shoder PoC leveraging shodan's pythons library
• naabu Port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner
• uncover Quickly discover exposed hosts on the internet using multiple search engines
• wtfis Passive hostname, domain and IP lookup tool for non-robots
• OsintUI OSINT from your favorite services in a friendly terminal user interface
• ExchangeFinder Find Microsoft Exchange instance for a given domain and identify the exact version

🔑 Password Tools

• Cain & Abel Password recovery tool for Microsoft Operating Systems
• Hashcat Advanced password recovery tool for most operating systems
• John Open Source password security auditing and password recovery tool
• Mimikatz Extract plaintexts passwords, hashs, PIN codes and kerberos tickets from memory
• LaZange Credentials recovery project

🧰 Red Bin

Miscellaneous red team tools and payloads

• NYAN-x-CAT Repo All of your RAT needs
• Sulealothman Repo Legacy penetration tools
• Matterpreter Repo Payload gen
• Evil WinRM Ultimate WinRM shell for hacking/pentesting
• COMProxy A COM client and server for testing COM hijack proxying
• ysoserial PoC tool for generating payloads that exploit unsafe Java object deserialization

---

☁️ Cloud Security

Cloud-specific security tools and resources

• Azure AD IR Guide Azure Active Directory incident response lifecycle and tools
• O365 Attack Toolkit Office 365 security testing toolkit

🛠️ Tools

• Basic Blob Finder POC tool to hunt for public Azure storage containers and enumerate the blobs
• TeamFiltration Framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts
• cloudlist Multi-cloud tool for getting Assets from Cloud Providers

---

🤖 AI/ML Security

AI-powered security tools and machine learning resources

• ChatGPT AI language model for various tasks including code generation and analysis
• SlidesAI Create Presentation Slides with AI in seconds
• Replit Build software collaboratively with the power of AI

---

⭐ Awesome Lists

Curated collections of security resources

• Master List of all Awesome Distros Curated list of awesome lists on GitHub
• Awesome Threat Detection and Hunting Collection of threat detection and hunting resources
• Awesome Threat Intelligence Curated list of threat intelligence resources
• Awesome Malware Analysis Curated list of malware analysis tools and resources
• Awesome PCAP Tools Collection of packet capture tools and utilities
• Awesome Threat Modeling Resources for threat modeling and risk assessment
• Awesome CTF Curated list of Capture The Flag resources
• Awesome Cyber Skills Resources for building cybersecurity skills
• Awesome Personal Security Comprehensive personal security and privacy checklist
• Awesome Hacking Collection of hacking tools, resources and tutorials
• Awesome Honeypots List of honeypot resources for intrusion detection
• Awesome Pentest Tools Collection of penetration testing resources and tools
• Awesome Pentest Cheat Sheets Useful penetration testing cheat sheets
• Awesome Incident Response Curated list of incident response resources
• Awesome Web Hacking List of web application security resources
• Awesome Industrial Control System Security Resources for ICS/SCADA security
• Awesome YARA Curated list of YARA rules, tools, and resources
• Awesome Container Security Resources for container and Kubernetes security
• Awesome Crypto Papers Curated list of cryptography papers for non-cryptographers
• Awesome Shodan Search Queries Interesting Shodan search queries
• Awesome Anti Forensics Tools and techniques for anti-forensics
• Awesome Security Talks and Videos Curated list of security conference talks

---

📦 Resource Dump

Miscellaneous tools and resources

• Pexpect Python module for spawning child applications; controlling them; and responding to expected patterns in their output
• Unofficial OSCP Tool Distro List of approved tools for OSCP exam preparation
• Florian Roth's BlueLedger A list of some interesting community support projects
• CIS CAT CIS Configuration Assessment Tool guide
• ProjectDiscovery Security Through Intelligent Automation
• HashR HashR allows you to build your own hash sets based on your data sources
• ATT&CK Pyton Client Python module to access up-to-date ATT&CK content
• SilkETW Collects, filters and processes Windows Event Tracing (ETW) data
• Ransomwatch Latest news on ransomware related posts