A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools

Super vulnerable todo list application

OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST),…

Sample JavaScript application with ShiftLeft Inspect integration

OSCP Guide

A post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting

The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST…

Damn Vulnerable NodeJS Application

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

Scripts for offensive security

A curated list of awesome privilege escalation

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and re…

An archive of everything related to OSCP

Automation for internal Windows Penetrationtest / AD-Security

Privilege Escalation Enumeration Script for Windows

A curated list of awesome OSCP resources

BadBlood by Secframe fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is…

Open source pre-operation C2 server based on python and powershell

A curated list of tools for incident response

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Detection Engineering with YARA

A collection of CTF write-ups, pentesting topics, guides and notes. Notes compiled from multiple sources and my own lab research. Topics also support OSCP, Active Directory, CRTE, eJPT and eCPPT.

Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with lateral movement within Active Directory environments

Audit tool for Active Directory. Automates a lot of checks from a pentester perspective.

A PowerShell tool that takes strong inspiration from CrackMapExec.

Migrated OSCP Cheatsheet from Gdrive

NetworKit is a growing open-source toolkit for large-scale network analysis.

Meaningful outline of the knowledge you need in order to obtain the OSCP certification