AdoT | None | 0 | GitHub |
C3 | Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits. | 1537 | GitHub |
CVE-2021-25374_Samsung-Account-Access | This script can be used to gain access to a victim's Samsung Account if they have a specific version of Samsung Members installed on their Samsung Device, and if the victim's device is from the US or Korea region. | 24 | GitHub |
Cue-COVID-Test_Research-Files | None | 0 | GitHub |
FixerUpper | A Burp extension to enable modification of FIX messages when relayed from MitM_Relay | 13 | GitHub |
IAMGraph | None | 38 | GitHub |
IAMSpy | None | 205 | GitHub |
IceKube | None | 170 | GitHub |
Jamf-Attack-Toolkit | Suite of tools to facilitate attacks against the Jamf macOS management platform. | 178 | GitHub |
Jandroid | None | 330 | GitHub |
android-keystore-audit | None | 408 | GitHub |
awspx | A graph-based tool for visualizing effective access and resource relationships in AWS environments. | 924 | GitHub |
azure-service-tag-abuse | Scripts and other content to go with Aled Mehta's talk "Tag You're Exposed" at DEF CON Cloud Village 2023 | 0 | GitHub |
bitlocker-spi-toolkit | Tools for decoding TPM SPI transaction and extracting the BitLocker key from them. | 288 | GitHub |
boops-boops-android-agent | None | 2 | GitHub |
boops-boops-docker-container | None | 0 | GitHub |
captcha22 | CAPTCHA22 is a toolset for building, and training, CAPTCHA cracking models using neural networks. | 327 | GitHub |
cloud-security-vm | Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessments | 126 | GitHub |
cloud-wiki | A public cloud security knowledgebase - https://www.secwiki.cloud/ | 50 | GitHub |
damn-vulnerable-llm-agent | None | 184 | GitHub |
drozer-agent | The Android Agent for the Drozer Security Assessment Framework. | 162 | GitHub |
drozer-modules | None | 150 | GitHub |
drozer | The Leading Security Assessment Framework for Android. | 3973 | GitHub |
encap-attack | Sniff and attack networks that use IP-in-IP or VXLAN encapsulation protocols. | 21 | GitHub |
fixit | None | 0 | GitHub |
freezer | Rust implementation of IceKube download functionality | 5 | GitHub |
jar-agent | None | 8 | GitHub |
keywe-tooling | Tools that can be used to interact with the KeyWe Smart Lock device. | 6 | GitHub |
leonidas | Automated Attack Simulation in the Cloud, complete with detection use cases. | 529 | GitHub |
llama-3-prompt-injection-fine-tuning | None | 1 | GitHub |
llm-vulnerable-recruitment-app | An example vulnerable app that integrates an LLM | 14 | GitHub |
lolcerts | A repository of code signing certificates known to have been leaked or stolen, then abused by threat actors | 335 | GitHub |
megafeis-palm | PoC Code for Vulnerabilities Found in MEGAFEIS-branded Smart Locks and their Mobile Companion App DBD+ | 1 | GitHub |
needle | The iOS Security Testing Framework | 1337 | GitHub |
peas | PEAS is a Python 2 library and command line application for running commands on an ActiveSync server e.g. Microsoft Exchange. | 171 | GitHub |
physmem2profit | Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely | 402 | GitHub |
rogue-agent | None | 5 | GitHub |
sieve | None | 5 | GitHub |
spikee | Spikee (Simple Prompt Injection Kit for Evaluation and Exploitation) can be used to assess the resilience of LLMs, guardrails, and application pipelines against known prompt injection and jailbreak patterns. | 34 | GitHub |
usb-consumer-control | None | 36 | GitHub |
workout-planner | None | 1 | GitHub |