RTFM version 2 has been completely overhauled, with the addition of over 290 new commands and techniques and has been updated to work against modern operating systems. Pick up the RTFM v2 in a variety of formats including Notes Edition, Kindle, or the original field manual.

RTFM red team bible v2

Julien to Général
•
www.thertfm.com
•
8d
•

Julien

Julien to Outils
•
github.com
•
9d

scan4all: Vulnerabilities Scan: 15000+PoCs; 20 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty..

Julien to Outils
•
github.com
•
9d

Julien

Julien to Outils
•
github.com
•
9d

fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.

Julien to Outils
•
github.com
•
9d

Julien

Julien to Outils
•
github.com
•
9d

VulnLab: web vulnerability lab project

Julien to Outils
•
github.com
•
9d

Julien

Julien to Outils
•
github.com
•
9d

The vetting tool 🚀 behind our large-scale security analysis platform to detect malicious/risky open-source packages

Julien to Outils
•
github.com
•
9d

Julien

Julien to Outils
•
github.com
•
9d

Telepathy: Public release of Telepathy, an OSINT toolkit for investigating Telegram chats.

Julien to Outils
•
github.com
•
9d

Julien

Julien to Outils
•
github.com
•
14d
•

Azure Red Team Attack and Detect Workshop

This is a vulnerable-by-design Azure lab, containing 2 x attack paths with common misconfigurations. These vulnerabilities are intended to be as representative as possible to those found in live, production environments and the attack vectors are intended to be as realistic as possible to real Threat Actors TTPs. If you would like to see what detections and alerts these attack path vectors are causing, I recommend signing up for a Microsoft E5 trial which has Microsoft Defender for Cloud as well as Azure AD premium P2 plan. Links for signing up to an Azure Developer account can be found in the resources.txt file. Each kill-chain has in its folder the Terraform script (and other pre-reqs files needed for deployment) as well as the solutions to the challenges.

Azure Red Team Attack and Detect Workshop

Julien to Outils
•
github.com
•
14d
•

trivy: Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secretsplus-square

trivy: Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secretsplus-square

Dorks for Google, Shodan and BinaryEdgeplus-square

Dorks for Google, Shodan and BinaryEdgeplus-square

How to setup a honeypot with an IDS, ELK and TLS traffic inspectionplus-square

How to setup a honeypot with an IDS, ELK and TLS traffic inspectionplus-square

PersistenceSniper: Powershell script that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines.plus-square

PersistenceSniper: Powershell script that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines.plus-square

iCULeak.py: Tool to find and extract credentials from phone configuration files hosted on CUCMplus-square

iCULeak.py: Tool to find and extract credentials from phone configuration files hosted on CUCMplus-square

Jsubfinder searches webpages for javascript & analyzes them for hidden subdomains and secrets (wip).plus-square

Jsubfinder searches webpages for javascript & analyzes them for hidden subdomains and secrets (wip).plus-square

Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Azure Active Directory security configuratiplus-square

Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Azure Active Directory security configuratiplus-square

Archerysec: Centralize Vulnerability Assessment and Management for DevSecOps Team

Archerysec: Centralize Vulnerability Assessment and Management for DevSecOps Team

Kage is Graphical User Interface for Metasploit Meterpreter and Session Handlerplus-square

Kage is Graphical User Interface for Metasploit Meterpreter and Session Handlerplus-square

ApacheTomcatScanner: A python script to scan for Apache Tomcat server vulnerabilities.

ApacheTomcatScanner: A python script to scan for Apache Tomcat server vulnerabilities.

SilentHound: Quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc.plus-square

SilentHound: Quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc.plus-square

cloudsploit: Cloud Security Posture Management (CSPM)plus-square

cloudsploit: Cloud Security Posture Management (CSPM)plus-square

A Library of various cybersecurity resourcesplus-square

A Library of various cybersecurity resourcesplus-square

RTFM red team bible v2plus-square

RTFM red team bible v2plus-square

scan4all: Vulnerabilities Scan: 15000+PoCs; 20 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty..plus-square

scan4all: Vulnerabilities Scan: 15000+PoCs; 20 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty..plus-square

fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.plus-square

fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.plus-square

VulnLab: web vulnerability lab projectplus-square

VulnLab: web vulnerability lab projectplus-square

The vetting tool 🚀 behind our large-scale security analysis platform to detect malicious/risky open-source packagesplus-square

The vetting tool 🚀 behind our large-scale security analysis platform to detect malicious/risky open-source packagesplus-square

Telepathy: Public release of Telepathy, an OSINT toolkit for investigating Telegram chats.plus-square

Telepathy: Public release of Telepathy, an OSINT toolkit for investigating Telegram chats.plus-square

Azure Red Team Attack and Detect Workshopplus-square

Azure Red Team Attack and Detect Workshopplus-square

trivy: Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secrets

trivy: Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secrets

Dorks for Google, Shodan and BinaryEdge

Dorks for Google, Shodan and BinaryEdge

How to setup a honeypot with an IDS, ELK and TLS traffic inspection

How to setup a honeypot with an IDS, ELK and TLS traffic inspection

PersistenceSniper: Powershell script that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines.

PersistenceSniper: Powershell script that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines.

iCULeak.py: Tool to find and extract credentials from phone configuration files hosted on CUCM

iCULeak.py: Tool to find and extract credentials from phone configuration files hosted on CUCM

Jsubfinder searches webpages for javascript & analyzes them for hidden subdomains and secrets (wip).

Jsubfinder searches webpages for javascript & analyzes them for hidden subdomains and secrets (wip).

Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Azure Active Directory security configurati

Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Azure Active Directory security configurati

Kage is Graphical User Interface for Metasploit Meterpreter and Session Handler

Kage is Graphical User Interface for Metasploit Meterpreter and Session Handler

SilentHound: Quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc.

SilentHound: Quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc.

cloudsploit: Cloud Security Posture Management (CSPM)

cloudsploit: Cloud Security Posture Management (CSPM)

A Library of various cybersecurity resources

A Library of various cybersecurity resources

RTFM red team bible v2

RTFM red team bible v2

scan4all: Vulnerabilities Scan: 15000+PoCs; 20 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty..

scan4all: Vulnerabilities Scan: 15000+PoCs; 20 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty..

fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.

fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.

VulnLab: web vulnerability lab project

VulnLab: web vulnerability lab project

The vetting tool 🚀 behind our large-scale security analysis platform to detect malicious/risky open-source packages

The vetting tool 🚀 behind our large-scale security analysis platform to detect malicious/risky open-source packages

Telepathy: Public release of Telepathy, an OSINT toolkit for investigating Telegram chats.

Telepathy: Public release of Telepathy, an OSINT toolkit for investigating Telegram chats.

Azure Red Team Attack and Detect Workshop

Azure Red Team Attack and Detect Workshop