| AdoT | None | 0 | Github |
| C3 | Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits. | 1537 | Github |
| CVE-2021-25374_Samsung-Account-Access | This script can be used to gain access to a victim's Samsung Account if they have a specific version of Samsung Members installed on their Samsung Device, and if the victim's device is from the US or Korea region. | 24 | Github |
| Cue-COVID-Test_Research-Files | None | 0 | Github |
| FixerUpper | A Burp extension to enable modification of FIX messages when relayed from MitM_Relay | 13 | Github |
| IAMGraph | None | 38 | Github |
| IAMSpy | None | 205 | Github |
| IceKube | None | 170 | Github |
| Jamf-Attack-Toolkit | Suite of tools to facilitate attacks against the Jamf macOS management platform. | 178 | Github |
| Jandroid | None | 330 | Github |
| android-keystore-audit | None | 408 | Github |
| awspx | A graph-based tool for visualizing effective access and resource relationships in AWS environments. | 924 | Github |
| azure-service-tag-abuse | Scripts and other content to go with Aled Mehta's talk "Tag You're Exposed" at DEF CON Cloud Village 2023 | 0 | Github |
| bitlocker-spi-toolkit | Tools for decoding TPM SPI transaction and extracting the BitLocker key from them. | 288 | Github |
| boops-boops-android-agent | None | 2 | Github |
| boops-boops-docker-container | None | 0 | Github |
| captcha22 | CAPTCHA22 is a toolset for building, and training, CAPTCHA cracking models using neural networks. | 327 | Github |
| cloud-security-vm | Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessments | 126 | Github |
| cloud-wiki | A public cloud security knowledgebase - https://www.secwiki.cloud/ | 50 | Github |
| damn-vulnerable-llm-agent | None | 184 | Github |
| drozer-agent | The Android Agent for the Drozer Security Assessment Framework. | 162 | Github |
| drozer-modules | None | 150 | Github |
| drozer | The Leading Security Assessment Framework for Android. | 3973 | Github |
| encap-attack | Sniff and attack networks that use IP-in-IP or VXLAN encapsulation protocols. | 21 | Github |
| fixit | None | 0 | Github |
| freezer | Rust implementation of IceKube download functionality | 5 | Github |
| iam-hunter | Identify IAM misconfigurations at scale across large AWS estates | 0 | Github |
| jar-agent | None | 8 | Github |
| jdiesel | jdiesel fuels the drozer | 9 | Github |
| keywe-tooling | Tools that can be used to interact with the KeyWe Smart Lock device. | 6 | Github |
| leonidas | Automated Attack Simulation in the Cloud, complete with detection use cases. | 529 | Github |
| llama-3-prompt-injection-fine-tuning | None | 1 | Github |
| llm-vulnerable-recruitment-app | An example vulnerable app that integrates an LLM | 14 | Github |
| lolcerts | A repository of code signing certificates known to have been leaked or stolen, then abused by threat actors | 335 | Github |
| megafeis-palm | PoC Code for Vulnerabilities Found in MEGAFEIS-branded Smart Locks & their Mobile Companion App: DBD+ | 1 | Github |
| mercury-common | This repository contains Mercury components that are shared between the Agent and the Server/Console. | 0 | Github |
| needle | The iOS Security Testing Framework | 1337 | Github |
| peas | PEAS is a Python 2 library and command line application for running commands on an ActiveSync server e.g. Microsoft Exchange. | 171 | Github |
| physmem2profit | Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely | 402 | Github |
| prototype-pollution | None | 0 | Github |
| rogue-agent | None | 5 | Github |
| sieve | None | 5 | Github |
| slide-decks | None | 3 | Github |
| spike | None | 0 | Github |
| usb-consumer-control | None | 36 | Github |
| weasel | None | 20 | Github |
| workout-planner | None | 1 | Github |