A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A collection of hacking / penetration testing resources to make you better!

An Information Security Reference That Doesn't Suck

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

A collection of links related to Linux kernel exploitation

This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.

Linux enumeration tool for pentesting and CTFs with verbosity levels

My proof-of-concept exploits for the Linux kernel

A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.

Full-featured C2 framework which silently persists on webserver via evil PHP oneliner 😈

ODAT: Oracle Database Attacking Tool

Automation for internal Windows Penetrationtest / AD-Security

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Collection of things made during my OSCP journey

Privilege Escalation Enumeration Script for Windows

MSDAT: Microsoft SQL Database Attacking Tool

Linux privilege escalation exploit via snapd (CVE-2019-7304)

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

A Bash script that downloads and unzips scripts that will aid with privilege escalation on a Linux system.

a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.

Windows 权限提升 BadPotato

A curated list of awesome privilege escalation

A curated list of awesome Windows frameworks, libraries, software and resources for Red Teams

Linux privilege escalation checks (systemd, dbus, socket fun, etc)

ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication

This tool is used to map out the network data flow to help penetration testers identify potentially valuable targets.

[Draft]Awesome Cyber Security Resource Collection. Currently contains 8000+ open source repositories, and not very well classified. For each repository, extra info included: star count, commit count, last update time. This is the DRAFT version.

CVE-2020-0796 Local Privilege Escalation POC

Local Privilege Escalation