Warning: array_key_exists() expects parameter 2 to be array, null given in /daux/templates/layout/00_layout.php on line 6 Warning: array_key_exists() expects parameter 2 to be array, null given in /daux/templates/layout/00_layout.php on line 11 Warning: array_key_exists() expects parameter 2 to be array, null given in /daux/templates/layout/00_layout.php on line 14


Basic Info

BIOS/UEFI/Firmware/Low Level Attacks

Building a Lab

  • CyRIS: Cyber Range Instantiation System
    • CyRIS is a tool for facilitating cybersecurity training by automating the creation and management of the corresponding training environments (a.k.a, cyber ranges) based on a description in YAML format. CyRIS is being developed by the Cyber Range Organization and Design (CROND) NEC-endowed chair at the Japan Advanced Institute of Science and Technology (JAIST).
  • Invoke-ADLabDeployer
    • Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.
  • ADImporter
    • When you need to simulate a real Active Directory with thousands of users you quickly find that creating realistic test accounts is not trivial. Sure enough, you can whip up a quick PowerShell one-liner that creates any number of accounts, but what if you need real first and last names? Real (existing) addresses? Postal codes matching phone area codes? I could go on. The point is that you need two things: input files with names, addresses etc. And script logic that creates user accounts from that data. This blog post provides both.

Car Hacking

Cheat Sheets



Cryptography & Timing Attacks (& CryptoCurrencies)


  • RSACtfTool
    • RSA tool for ctf - uncipher data from weak public key and try to recover private key Automatic selection of best attack for the given public key


Data Analysis/Visualization




Disclosure/Documentation/Technical Writing


Embedded Devices/Hardware (Including Printers & PoS & IoS)


Exploit Dev

Fuzzing/Bug Hunting

Game Hacking

Honeypots(Now in Malware)


Interesting Things/Miscellaneous

  • Pulling Back the Curtain on Airport Security: Can a Weapon Get Past TSA? - Billy Rios - BHUSA 2014
    • Every day, millions of people go through airport security. While it is an inconvenience that could take a while, most are willing to follow the necessary procedures if it can guarantee their safety. Modern airport security checkpoints use sophisticated technology to help the security screeners identify potential threats and suspicious baggage. Have you ever wondered how these devices work? Have you ever wondered why an airport security checkpoint was set up in a particular configuration? Join us as we present the details on how a variety of airport security systems actually work, and reveal their weaknesses. We’ll present what we have learned about modern airport security procedures, dive deep into the devices used to detect threats, and we’ll present some the bugs we discovered along the way.
  • The Shirky Principle - Technium
    • “Institutions will try to preserve the problem to which they are the solution.” — Clay Shirky
  • So you want to be a pentester? - Hans-Michael Varbaek
    • This presentation gives the viewer an idea of what it is to be a pentester full-time, what a pentester typically works with, how to learn ethical hacking, and improving your chances of getting a full-time job.
  • The Google Cemetery
  • Law #8: The Law of Duality - ericsink.com



Network Scanning and Attacks

Network/Endpoint Monitoring & Logging & Threat Hunting


  • Infoga
    • Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source (search engines, pgp key servers and shodan) and check if emails was leaked using haveibeenpwned.com API. Is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company in the Internet.
  • linkedin2username
  • hostintel
    • This tool is used to collect various intelligence sources for hosts. Hostintel is written in a modular fashion so new intelligence sources can be easily added. Hosts are identified by FQDN host name, Domain, or IP address. This tool only supports IPv4 at the moment. The output is in CSV format and sent to STDOUT so the data can be saved or piped into another program. Since the output is in CSV format, spreadsheets such as Excel or database systems will easily be able to import the data.
  • Twint
    • Formerly known as Tweep, Twint is an advanced Twitter scraping tool written in Python that allows for scraping Tweets from Twitter profiles without using Twitter's API. Twint utilizes Twitter's search operators to let you scrape Tweets from specific users, scrape Tweets relating to certain topics, hashtags & trends, or sort out sensitive information from Tweets like e-mail and phone numbers. I find this very useful, and you can get really creative with it too. Twint also makes special queries to Twitter allowing you to also scrape a Twitter user's followers, Tweets a user has liked, and who they follow without any authentication, API, Selenium, or browser emulation.
  • Waybackpack
    • Waybackpack is a command-line tool that lets you download the entire Wayback Machine archive for a given URL.
  • The most complete guide to finding anyone’s email - Timur Daudpota
  • domain - jhaddix
    • Recon-ng and Alt-DNS are awesome. This script combines the power of these tools with the ability to run multiple domains within the same session. TLDR; I just want to do my subdomain discovery via ONE command and be done with it. Only 1 module needs an api key (/api/google_site) find instructions for that on the recon-ng wiki. Script to enumerate subdomains, leveraging recon-ng. Uses google scraping, bing scraping, baidu scraping, yahoo scraping, netcraft, and bruteforces to find subdomains. Plus resolves to IP.
  • check0365
    • checkO365 is a tool to check if a target domain is using O365
  • How to Find (Almost) Anything on Google - Barbara Davidson
  • Hunting with ꓘamerka 2.0 aka FIST (Flickr, Instagram, Shodan, Twitter)](https://hackernoon.com/hunting-with-%EA%93%98amerka-2-0-aka-fist-flickr-instagram-shodan-twitter-ca363f12562a)
  • ꓘamerka 2.0 aka FIST (Flickr, Instagram, Shodan, Twitter)
    • Build interactive map of cameras, printers, tweets and photos. The script creates a map of cameras, printers, tweets and photos based on your coordinates. Everything is clearly presented in form of interactive map with icons and popups.
  • The OSINT Connection: Intelligence In Executive Protection - protectioncircle.com
  • “Rapportive” without Gmail or Chrome
    • Here is a way to uncover all that that extension does – even without the need for Chrome or Gmail. This link works in any browser – Chrome, Firefox, Opera, or any other.
  • How to Find the Twitter ID from an Email Address - booleanstrings.com
  • Find FB profiles by Email
  • twint
    • An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.
  • GooHak
    • Automatically launch google hacking queries against a target domain to find vulnerabilities and enumerate a target.



Physical Security

Policy & Compliance

Post Exploitation/Privilege Escalation/Pivoting

<\coming next update>


Red Team/Adversary Simulation/Pentesting

Reverse Engineering

  • PyREBox
    • PyREBox is a Python scriptable Reverse Engineering sandbox. It is based on QEMU, and its goal is to aid reverse engineering by providing dynamic analysis and debugging capabilities from a different perspective. PyREBox allows to inspect a running QEMU VM, modify its memory or registers, and to instrument its execution, by creating simple scripts in python to automate any kind of analysis. QEMU (when working as a whole-system-emulator) emulates a complete system (CPU, memory, devices...). By using VMI techniques, it does not require to perform any modification into the guest operating system, as it transparently retrieves information from its memory at run-time.
  • HexRaysPyTools
    • The plugin assists in the creation of classes/structures and detection of virtual tables. It also facilitates transforming decompiler output faster and allows to do some stuff which is otherwise impossible.
  • Dynamic Binary Instrumentation Primer - rui - deniable.org
    • "Dynamic Binary Instrumentation (DBI) is a method of analyzing the behavior of a binary application at runtime through the injection of instrumentation code" - Uninformed 2007


SCADA / Heavy Machinery

Social Engineering

System Internals

Threat Modeling & Analysis

UI/UX Design


<\coming after PostEx>

Wireless Stuff

  • Ghostbuster: Detecting the Presence of Hidden Eavesdroppershttps://synrg.csl.illinois.edu/papers/ghostbuster-mobicom18.pdf)] https://github.com/SigPloiter/SigPloit

  • TumbleRF

    • TumbleRF is a framework that orchestrates the application of fuzzing techniques to RF systems. While fuzzing has always been a powerful mechanism for fingerprinting and enumerating bugs within software systems, the application of these techniques to wireless and hardware systems has historically been nontrivial due to fragmented and siloed tools. TumbleRF aims to enable RF fuzzing by providing an API to unify these techniques across protocols, radios, and drivers. https://www.youtube.com/watch?v=sfV_O_dZycE