A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

A collection of awesome security hardening guides, tools and other resources

Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.

Kubernetes Security Checklist and Requirements - All in One (authentication, authorization, logging, secrets, configuration, network, workloads, dockerfile)

A curated list for Awesome Kubernetes Security resources

Automate the creation of a lab environment complete with security tooling and logging best practices

This solution automatically deploys a single web access control list (web ACL) with a set of AWS WAF rules designed to filter common web-based attacks.

AzureGoat : A Damn Vulnerable Azure Infrastructure

A curated list of web3Security materials and resources For Pentesters and Bug Hunters.

Azure Data Exporter for BloodHound

A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities

GraphQL security hands-on workshop

GraphQL security workshop labs

Cybersecurity Resources

All the deals for InfoSec related software/tools this Black Friday

Install Magisk on Official Android Emulator

Welcome to the Very Vulnerable Lambda Application repository! This repository contains an intentionally vulnerable serverless application that serves as a testing environment for security professio…

Multi-Cloud Security Auditing Tool

WinRing0 is a hardware access library for Windows.

IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.

Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgr…

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

These are the labs for my Intro class. Yes, this is public. Yes, this is intentional.

SCADA StrangeLove Default/Hardcoded Passwords List

OWASP API Security Project