diff --git a/Draft/Anonymity Opsec Privacy -.md b/Draft/Anonymity Opsec Privacy -.md
index d52a152..83ea5e2 100755
--- a/Draft/Anonymity Opsec Privacy -.md	
+++ b/Draft/Anonymity Opsec Privacy -.md	
@@ -18,8 +18,6 @@
 * Maybe the real state secret is that spies aren't very good at their jobs and don't know much about the world
 
 #### Cull
-| Title | Link
-| -------- | --------- |
 https://github.com/NullHypothesis/exitmap/issues/37
 
 #### end cull
@@ -43,7 +41,9 @@ https://github.com/NullHypothesis/exitmap/issues/37
 
 [CIA Vault7 Development Tradecraft DOs and DON'Ts](https://wikileaks.org/ciav7p1/cms/page_14587109.html)
 
+[Dutch-Russian cyber crime case reveals how police tap the internet - ElectroSpaces](http://electrospaces.blogspot.de/2017/06/dutch-russian-cyber-crime-case-reveals.html?m=1)
 
+[Deanonymizing Windows users and capturing Microsoft and VPN accounts](https://medium.com/@ValdikSS/deanonymizing-windows-users-and-capturing-microsoft-and-vpn-accounts-f7e53fe73834)
 
 
 
diff --git a/Draft/Attacking Defending iOS -.md b/Draft/Attacking Defending iOS -.md
index 823dd44..0b0ddac 100755
--- a/Draft/Attacking Defending iOS -.md	
+++ b/Draft/Attacking Defending iOS -.md	
@@ -25,9 +25,6 @@
 | **Mobile self-defense - Karsten Nohl** | https://www.youtube.com/watch?v=GeCkO0fWWqc
 | **Pentesting iOS Applications - Pentester Academy - Paid Course** - This course focuses on the iOS platform and application security and is ideal for pentesters, researchers and the casual iOS enthusiast who would like to dive deep and understand how to analyze and systematically audit applications on this platform using a variety of bleeding edge tools and techniques. | http://www.pentesteracademy.com/course?id=2
 
-
-
-
 #### End Cull
 
 ### General
diff --git a/Draft/Basic Security Information.md b/Draft/Basic Security Information.md
index 3d692fc..9f895bf 100755
--- a/Draft/Basic Security Information.md	
+++ b/Draft/Basic Security Information.md	
@@ -28,7 +28,7 @@ These are links to basic technically  links or things I feel might help someone
 ### Metasploit
 | Title | Link
 | -------- | --------- |
-|  Introduction To Metasploit – The Basics |  http://www.elithecomputerguy.com/2013/02/08/introduction-to-metasploit-the-basics/  |
+|  Introduction To Metasploit – The Basics |  http://www.elithecomputerguy.com/2013/02/08/introduction-to-metasploit-the-basics/  |
 
 
 
@@ -38,3 +38,18 @@ These are links to basic technically  links or things I feel might help someone
 |  Shodan Man page  |  http://www.shodanhq.com/help  |
 |  Shodan Filter Reference  |  http://www.shodanhq.com/help/filters  |
 |  Shodan FAQ  |  http://www.shodanhq.com/help/faq  |
+
+
+### I'll sort later
+
+
+[304 Hold my Red Bull Undergraduate Red Teaming Jonathan Gaines](https://www.youtube.com/watch?v=9vgpqRzuvLk)
+
+[100 OWASP Top 10 Hacking Web Applications with Burp Suite Chad Furman](https://www.youtube.com/watch?v=2p6twRRXK_o)
+
+[213 How not to Infosec Dan Tentler](https://www.youtube.com/watch?v=S5O47gemMNQ)
+
+
+[So You Want To Be A H6x0r Getting Started in Cybersecurity Doug White and Russ Beauchemin ](https://www.youtube.com/watch?v=rRJKghTTics)
+
+[How to become a pentester - Corelan](https://www.corelan.be/index.php/2015/10/13/how-to-become-a-pentester/)
diff --git a/Draft/Building A Pentest Lab.md b/Draft/Building A Pentest Lab.md
index 8cf59c6..2ec30f6 100755
--- a/Draft/Building A Pentest Lab.md	
+++ b/Draft/Building A Pentest Lab.md	
@@ -12,16 +12,12 @@
 
 
 
-
-
-
-
-
 ### General
 
 [Install AD DS using Powerhsell](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/install-active-directory-domain-services--level-100-#BKMK_PS)
 
-
+[Pentest Environment Deployer](https://github.com/Sliim/pentest-env)
+* This repo provides an easy way to deploy a clean and customized pentesting environment with Kali linux using vagrant and virtualbox.
 
 
 
@@ -70,6 +66,22 @@
 * I wanted to build a virtual lab environment at home that would emulate an office environment.  My requirements were to have separate network segments for Clients & Servers, and two DMZ networks.  I also wanted my home network, which is external to the virtual lab environment, to emulate the Internet, even though it really isn’t. The following is how I created multiple “named” LAN segments within VMware Workstation, and routed between them using a VM running pfSense, which is an open source firewall.
 
 
+[Setting Up a Pentest/Hacking Lab with Hyper-V](http://cyberthreathunt.com/2017/04/01/setting-up-a-pentest-lab-with-hyper-v/)
+
+[Windows Server 2016: Build a Windows Domain Lab at Home for Free](https://social.technet.microsoft.com/wiki/contents/articles/36438.windows-server-2016-build-a-windows-domain-lab-at-home-for-free.aspx#Download)
+* Microsoft Technet tutorial
+
+[Pentest Home Lab - 0x2 - Building Your AD Lab on Premises-SethSec](https://sethsec.blogspot.com/2017/06/pentest-home-lab-0x2-building-your-ad.html)
+
+[Building A Lab on AWS - 0x1 SethSec](https://sethsec.blogspot.com/2017/05/pentest-home-lab-0x1-building-your-ad.html)
+
+[Building an Effective Active Directory Lab Environment for Testing](https://adsecurity.org/?p=2653)
+
+[Hack Yourself: Building a Test Lab - David Boyd](https://www.youtube.com/watch?v=rgdX-hn0xXU)
+
+[Hack-Yourself: Building a pentesting lab for fun & profit](https://www.slideshare.net/DavidBoydCISSP/hack-yourself-building-a-pentesting-lab-for-fun-and-profit)
+
+[Setting up a Windows Lab Environment](http://thehackerplaybook.com/Windows_Domain.htm)
 
 http://blog.netinfiltration.com/2013/12/03/setting-up-a-pentest-lab-for-beginners/
 
diff --git a/Draft/CTFs & Wargames -.md b/Draft/CTFs & Wargames -.md
index 494041a..1be80b8 100755
--- a/Draft/CTFs & Wargames -.md	
+++ b/Draft/CTFs & Wargames -.md	
@@ -1,6 +1,6 @@
-##CTFs & Wargames
+## CTFs & Wargames
 
-#####TOC
+##### TOC
 [General](#general(
 [Wargames](#wargames)
 [Vulnerable VMs](#vulnvm)
@@ -28,7 +28,7 @@ root-me
 
 
 
-###<a name="general">General</a>
+### <a name="general">General</a>
 [ctf-time](https://ctftime.org/)
 
 [Suggestions on Running a CTF](https://github.com/pwning/docs/blob/master/suggestions-for-running-a-ctf.markdown)
@@ -49,7 +49,7 @@ root-me
 
 
 
-###<a name="wargames">Wargames</a>
+### <a name="wargames">Wargames</a>
 
 [Ringzer0 team CTF](http://ringzer0team.com/)
 Description: RingZer0 Team's online CTF offers you tons of challenges designed to test and improve your hacking skills thru hacking challenge. Register and get a flag for every challenges. 
@@ -76,7 +76,7 @@ Making/Hosting your own CTF
 
 
 
-###<a name="vulnvm">Vulnerable Virtual Machines</a>
+### <a name="vulnvm">Vulnerable Virtual Machines</a>
 
 [Vulnhub](Https://www.Vulnhub.com)
 
@@ -88,7 +88,7 @@ Making/Hosting your own CTF
 * Generates a 'vulnerable' machine using the end users own setup files & product keys. 
 
 
-###<a name="challenge">Challenge Sites</a>
+### <a name="challenge">Challenge Sites</a>
 
 Wechall
 * An amazing site. Tracks, lists, scores, various challenge sites. If you’re looking for a challenge or two, and not a wargame, this is the site you want to hit up first.
@@ -115,7 +115,7 @@ Wechall
 
 
 
-###<a name="puzzle">One-off Challenges and Puzzles</a>
+### <a name="puzzle">One-off Challenges and Puzzles</a>
 
 
 [Forensics Contest](http://forensicscontest.com/)
diff --git a/Draft/Car Hacking.md b/Draft/Car Hacking.md
index 3e52c02..8f0c33a 100755
--- a/Draft/Car Hacking.md	
+++ b/Draft/Car Hacking.md	
@@ -15,12 +15,14 @@
 http://dn5.ljuska.org/cyber-attacks-on-vehicles-2.html 
 
 
+
+
 ### End cull
 
 
 ## General
 
-[Awesome Vehicle Security List(github awesome lists)](https://github.com/jaredthecoder/awesome-vehicle-security)
+Seriously check this first ---> [Awesome Vehicle Security List(github awesome lists)](https://github.com/jaredthecoder/awesome-vehicle-security)
 
 [Introduction to Hacking in Car Systems - Craig Smith - Troopers15](https://www.youtube.com/watch?v=WHDkf6kpE58)
 
diff --git a/Draft/Courses & Training -.md b/Draft/Courses & Training -.md
index aabcef8..2337485 100755
--- a/Draft/Courses & Training -.md	
+++ b/Draft/Courses & Training -.md	
@@ -58,7 +58,7 @@ These classes are all focused on computer/information security. If you're lookin
 
 [Learning How to Learn](https://www.coursera.org/learn/learning-how-to-learn)
 * Free Coursera Course
-* About this course: This course gives you easy access to the invaluable learning techniques used by experts in art, music, literature, math, science, sports, and many other disciplines. We’ll learn about the how the brain uses two very different learning modes and how it encapsulates (“chunks”) information. We’ll also cover illusions of learning, memory techniques, dealing with procrastination, and best practices shown by research to be most effective in helping you master tough subjects. 
+* About this course: This course gives you easy access to the invaluable learning techniques used by experts in art, music, literature, math, science, sports, and many other disciplines. We’ll learn about the how the brain uses two very different learning modes and how it encapsulates (“chunks”) information. We’ll also cover illusions of learning, memory techniques, dealing with procrastination, and best practices shown by research to be most effective in helping you master tough subjects. 
 
 
 
@@ -91,10 +91,18 @@ These classes are all focused on computer/information security. If you're lookin
 
 
 
-### Incident Response/Forensics Training
+### Incident Response/Forensics/NSM Training
 
 [Android Forensics & Security Testing - OpenSecurityTraining.info](http://opensecuritytraining.info/AndroidForensics.html)
 
+[CS 259D Data Mining for Cyber Security Autumn 2014](http://web.stanford.edu/class/cs259d/)
+
+
+
+
+
+
+
 
 
 ### Penetration Testing
@@ -107,6 +115,8 @@ These classes are all focused on computer/information security. If you're lookin
 [FSU Offensive Security 2013](http://www.cs.fsu.edu/~redwood/OffensiveSecurity/)
 * Florida State University Offensive Security 2013 Class materials
 
+[HackSplaining](https://www.hacksplaining.com/faq)
+* Security training aimed towards developers. Free.
 
 
 
@@ -146,7 +156,7 @@ These classes are all focused on computer/information security. If you're lookin
 *	Linking object files together to create a well-formed binary.  
 *	Detailed descriptions of the high level similarities and low level differences between the Windows PE and Linux ELF binary formats. (NOTE: we didn't get to this in the class where the video was recorded, but the materials are in the slides)
 *	How an OS loads a binary into memory and links it on the fly before executing it.   
-*Along the way we discuss the relevance of security at different stages of a binary’s life, from the tricks that can be played by a malicious compiler, to how viruses really work, to the way which malware “packers” duplicate OS process execution functionality, to the benefit of a security-enhanced OS loader which implements address space layout randomization (ASLR).
+*Along the way we discuss the relevance of security at different stages of a binary’s life, from the tricks that can be played by a malicious compiler, to how viruses really work, to the way which malware “packers” duplicate OS process execution functionality, to the benefit of a security-enhanced OS loader which implements address space layout randomization (ASLR).
 
 [Introduction to Reverse Engineering Software - Dartmouth](http://althing.cs.dartmouth.edu/local/www.acm.uiuc.edu/sigmil/RevEng/)
 
@@ -190,6 +200,9 @@ These classes are all focused on computer/information security. If you're lookin
 [Google Gruyere -  Web Application Exploits and Defenses ](http://google-gruyere.appspot.com/)
 
 
+### Data Science
+
+[CS 259D Data Mining for Cyber Security Autumn 2014](http://web.stanford.edu/class/cs259d/)
 
 
 
@@ -205,7 +218,7 @@ These classes are all focused on computer/information security. If you're lookin
 
 [Teaching Evil - Chris Niemira](https://www.irongeek.com/i.php?page=videos/bsidescharm2017/bsidescharm-2017-t200-teaching-evil-chris-niemira)
 
-[The Distribution of Users’ Computer Skills: Worse Than You Think](https://www.nngroup.com/articles/computer-skill-levels/)
+[The Distribution of Users’ Computer Skills: Worse Than You Think](https://www.nngroup.com/articles/computer-skill-levels/)
 
 
 
diff --git a/Draft/CryptoCurrencies.md b/Draft/CryptoCurrencies.md
index 102f8e1..f073fa9 100755
--- a/Draft/CryptoCurrencies.md
+++ b/Draft/CryptoCurrencies.md
@@ -14,7 +14,7 @@ Bitcointalk
 
 
 
-
+[The Ether Thief](https://www.bloomberg.com/features/2017-the-ether-thief/)
 
 [Deanonymisation of Clients in Bitcoin P2P Network](http://orbilu.uni.lu/bitstream/10993/18679/1/Ccsfp614s-biryukovATS.pdf)
 * We present an effcient method to deanonymize Bitcoin users, which allows to link user pseudonyms to the IP addresses where the transactions are generated. Our techniques work for the most common and the most challenging scenario when users are behind NATs or rewalls of their ISPs. They allow to link transactions of a user behind a NAT and to distinguish connections and transactions of different users behind the same NAT. We also show that a natural countermeasure of using Tor or other anonymity services can be cut-o by abusing anti-DoS countermeasures of the Bitcoin network. Our attacks require only a few machines and have been experimentally verifed. The estimated success rate is between 11% and 60% depending on how stealthy an attacker wants to be. We propose several countermeasures to mitigate these new attacks.
\ No newline at end of file
diff --git a/Draft/Data AnalysisVisualization.md b/Draft/Data AnalysisVisualization.md
index 7cd12b3..2af5566 100755
--- a/Draft/Data AnalysisVisualization.md	
+++ b/Draft/Data AnalysisVisualization.md	
@@ -48,19 +48,20 @@ http://www.pentaho.com/
 
 Applied Security Visualization: http://www.secviz.org/content/applied-security-visualization
 
+
 #### End Cull
 
 ### Tools
 
 [d3js(Data Driven Documents)](http://d3js.org/)
-* D3.js is a JavaScript library for manipulating documents based on data. D3 helps you bring data to life using HTML, SVG, and CSS. D3’s emphasis on web standards gives you the full capabilities of modern browsers without tying yourself to a proprietary framework, combining powerful visualization components and a data-driven approach to DOM manipulation. 
+* D3.js is a JavaScript library for manipulating documents based on data. D3 helps you bring data to life using HTML, SVG, and CSS. D3’s emphasis on web standards gives you the full capabilities of modern browsers without tying yourself to a proprietary framework, combining powerful visualization components and a data-driven approach to DOM manipulation. 
 
 [Data Science Toolkit](https://github.com/petewarden/dstk)
 * A collection of the best open data sets and open-source tools for data science, wrapped in an easy-to-use REST/JSON API with command line, Python and Javascript interfaces. Available as a self-contained VM or EC2 AMI that you can deploy yourself.
 * [Documentation](http://www.datasciencetoolkit.org/developerdocs)
 
 [*ORA](http://www.casos.cs.cmu.edu/projects/ora/)
-* ORA is a dynamic meta-network assessment and analysis tool developed by CASOS at Carnegie Mellon.  It contains hundreds of social network, dynamic network metrics, trail metrics, procedures for grouping nodes, identifying local patterns, comparing and contrasting networks, groups, and individuals from a dynamic meta-network perspective. *ORA has been used to examine how networks change through space and time,  contains procedures for moving back and forth between trail data (e.g. who was where when) and network data (who is connected to whom,  who is connected to where …),  and has a variety of geo-spatial network metrics, and change detection techniques.  *ORA can handle multi-mode, multi-plex, multi-level networks.  It can identify key players, groups and vulnerabilities, model network changes over time, and perform COA analysis.  It has been tested with large networks (106 nodes per 5 entity classes).Distance based, algorithmic, and statistical procedures for comparing and contrasting networks are part of this toolkit.  Based on network theory, social psychology, operations research, and management theory a series of measures of “criticality” have been developed at CMU.  Just as critical path algorithms can be used to locate those tasks that are critical from a project management perspective, the *ORA algorithms can find those people, types of skills or knowledge and tasks that are critical from a performance and information security perspective. 
+* ORA is a dynamic meta-network assessment and analysis tool developed by CASOS at Carnegie Mellon.  It contains hundreds of social network, dynamic network metrics, trail metrics, procedures for grouping nodes, identifying local patterns, comparing and contrasting networks, groups, and individuals from a dynamic meta-network perspective. *ORA has been used to examine how networks change through space and time,  contains procedures for moving back and forth between trail data (e.g. who was where when) and network data (who is connected to whom,  who is connected to where …),  and has a variety of geo-spatial network metrics, and change detection techniques.  *ORA can handle multi-mode, multi-plex, multi-level networks.  It can identify key players, groups and vulnerabilities, model network changes over time, and perform COA analysis.  It has been tested with large networks (106 nodes per 5 entity classes).Distance based, algorithmic, and statistical procedures for comparing and contrasting networks are part of this toolkit.  Based on network theory, social psychology, operations research, and management theory a series of measures of “criticality” have been developed at CMU.  Just as critical path algorithms can be used to locate those tasks that are critical from a project management perspective, the *ORA algorithms can find those people, types of skills or knowledge and tasks that are critical from a performance and information security perspective. 
 
 [pewpew](https://github.com/hrbrmstr/pewpew)
 * In all seriousness, IPew provides a simple framework - based on Datamaps - for displaying cartographic attack data in a (mostly) responsive way and shows how to use dynamic data via javascript event timers and data queues (in case you're here to learn vs have fun - or both!). You can customize the display through a myriad of query string options, including sounds.
@@ -89,14 +90,18 @@ Applied Security Visualization: http://www.secviz.org/content/applied-security-v
 * The Kismet Log Viewer (KLV) takes Kismet .xml log files and produces a nicely formatted html interface to browse the logs with. KLV has the ability to utilize available GPS information to create links for external maps via the net, and provides the ability for those with Snort to generate a page of Snort output for each specific bssid that has data available. KLV also comes with my Kismet Log Combiner script to help users consolidate multiple .xml and .dump log files.
 
 [plaso](https://github.com/log2timeline/plaso)
-* plaso (Plaso Langar Ađ Safna Öllu) is a Python-based backend engine for the tool log2timeline. 
+* plaso (Plaso Langar AĂ° Safna Ă–llu) is a Python-based backend engine for the tool log2timeline. 
 
 [huginn](https://github.com/huginn/huginn)
 * Create agents that monitor and act on your behalf. Your agents are standing by!
 * Huginn is a system for building agents that perform automated tasks for you online. They can read the web, watch for events, and take actions on your behalf. Huginn's Agents create and consume events, propagating them along a directed graph. Think of it as a hackable version of IFTTT or Zapier on your own server. You always know who has your data. You do.
 
 
+[Norikra](http://norikra.github.io/)
+* Norikra is a open source server software provides "Stream Processing" with SQL, written in JRuby, runs on JVM, licensed under GPLv2.
 
+[Fluentd](https://www.fluentd.org/architecture)
+* Fluentd is an open source data collector, which lets you unify the data collection and consumption for a better use and understanding of data.
 
 
 
diff --git a/Draft/Defense b/Draft/Defense.md
similarity index 67%
rename from Draft/Defense
rename to Draft/Defense.md
index f32174a..9a801b6 100644
--- a/Draft/Defense
+++ b/Draft/Defense.md
@@ -31,8 +31,8 @@ Defense:
 
 [Linux workstation security checklist](https://github.com/lfit/itpol/blob/master/linux-workstation-security.md)
 
-
-
+[Uproot](https://github.com/Invoke-IR/Uproot)
+* Uproot is a Host Based Intrusion Detection System (HIDS) that leverages Permanent Windows Management Instrumentation (WMI) Event Susbcriptions to detect malicious activity on a network. For more details on WMI Event Subscriptions please see the WMIEventing Module
 
 
 [What would a real hacker do to your Active Directory](https://www.youtube.com/watch?v=DH3v8bO-NCs)
@@ -46,4 +46,40 @@ Use Invoke-HoneyCreds to distribute fake cred throughout environment as "legit"
 [SMB Packet Signing](https://technet.microsoft.com/en-us/library/cc180803.aspx)
 
 
-[Public:Windows Event Log Zero 2 Hero Slides](https://docs.google.com/presentation/d/1dkrldTTlN3La-OjWtkWJBb4hVk6vfsSMBFBERs6R8zA/edit#slide=id.g21acf94f3f_2_27)
\ No newline at end of file
+[Public:Windows Event Log Zero 2 Hero Slides](https://docs.google.com/presentation/d/1dkrldTTlN3La-OjWtkWJBb4hVk6vfsSMBFBERs6R8zA/edit#slide=id.g21acf94f3f_2_27)
+
+
+
+[Blocking Remote Use of Local Accounts](https://blogs.technet.microsoft.com/secguide/2014/09/02/blocking-remote-use-of-local-accounts/)
+
+
+http://www.leeholmes.com/blog/2016/10/22/more-detecting-obfuscated-powershell/
+
+
+
+
+[Securi-Tay 2017 - Advanced Attack Detection](https://www.youtube.com/watch?v=ihElrBBJQo8)
+* 
+
+
+[Securing Windows Workstations: Developing a Secure Baseline](https://adsecurity.org/?p=3299)
+
+
+[Assimilator](https://github.com/videlanicolas/assimilator)
+* Automatic firewall rule orchestator.
+
+[Uproot](https://github.com/Invoke-IR/Uproot)
+* Uproot is a Host Based Intrusion Detection System (HIDS) that leverages Permanent Windows Management Instrumentation (WMI) Event Susbcriptions to detect malicious activity on a network. For more details on WMI Event Subscriptions please see the WMIEventing Module
+
+[WMIEvent](https://github.com/Invoke-IR/WMIEvent)
+* A PowerShell module to abstract the complexities of Permanent WMI Event Subscriptions
+
+
+[LUNAR](https://github.com/lateralblast/lunar)
+* A UNIX security auditing tool based on several security frameworks
+
+
+
+
+
+
diff --git a/Draft/Disclosure -.md b/Draft/Disclosure -.md
index 9de7c14..ebb3fcc 100755
--- a/Draft/Disclosure -.md	
+++ b/Draft/Disclosure -.md	
@@ -20,6 +20,11 @@ https://adamcaudill.com/2015/11/19/responsible-disclosure-is-wrong/
 * Recommended reading.
 
 
+[Request a CVE ID](http://cve.mitre.org/cve/request_id.html#cna_coverage)
+
+[My first CVE-2016-1000329 in BlogPHP](https://www.stevencampbell.info/2016/12/my-first-cve-2016-1000329-in-blogphp/)
+
+
 ###Dealing with the press/journalists:
 
 [Hacking the media for fame/profit talk](http://www.irongeek.com/i.php?page=videos/derbycon4/Hacking-The-Media-For-Fame-And-Profit-Jenn-Ellis-Steven-Reganh)
diff --git a/Draft/Documentation & Reports -.md b/Draft/Documentation & Reports -.md
index fbacf46..4ef5979 100755
--- a/Draft/Documentation & Reports -.md	
+++ b/Draft/Documentation & Reports -.md	
@@ -22,6 +22,7 @@
 
 
 
+
 ### <a name="writing">Writing</a>
 
 Start with the first two links, and go from there. They’re both great resources to writing technical documentation, the first being a beginners guide and the second being a general guide that beginners can understand.
@@ -99,6 +100,9 @@ Three parter from jacobian.org:
 
 [Mastering Markdown](https://guides.github.com/features/mastering-markdown/)
 
+[vim-wordy](https://github.com/reedes/vim-wordy/blob/master/README.markdown)
+* wordy is not a grammar checker. Nor is it a guide to proper word usage. Rather, wordy is a lightweight tool to assist you in identifying those words and phrases known for their history of misuse, abuse, and overuse, at least according to usage experts.
+
 
 
 ### <a name="collab">Penetration Testing &/ Collaboration Tools</a>
diff --git a/Draft/Embedded Device & Hardware Hacking -.md b/Draft/Embedded Device & Hardware Hacking -.md
index 4eac28f..a6d7a5d 100755
--- a/Draft/Embedded Device & Hardware Hacking -.md	
+++ b/Draft/Embedded Device & Hardware Hacking -.md	
@@ -37,7 +37,21 @@ http://www.sp3ctr3.me/hardware-security-resources/
 
 http://greatscottgadgets.com/infiltrate2013/
 
+[ThunderGate](http://thundergate.io/)
+* ThunderGate is a collection of tools for the manipulation of Tigon3 Gigabit Ethernet controllers, with special emphasis on the Broadcom NetLink 57762, such as is found in Apple Thunderbolt Gigabit Ethernet adapters.
+
+[ISO/IEC 7816](https://en.wikipedia.org/wiki/ISO/IEC_7816)
+[ISO/IEC 15693](https://en.wikipedia.org/wiki/ISO/IEC_15693)
+[ISO/IEC 14443](https://en.wikipedia.org/wiki/ISO/IEC_14443)
+
+[Attacks via physical access to USB (DMA…?)](https://security.stackexchange.com/questions/118854/attacks-via-physical-access-to-usb-dma)
+
+[Can a connected USB device read all data from the USB bus?](https://security.stackexchange.com/questions/37927/can-a-connected-usb-device-read-all-data-from-the-usb-bus?rq=1)
+
+[Hacking Printers Wiki](http://hacking-printers.net/wiki/index.php/Main_Page)
 
+[Ian Douglas - Creating an Internet of Private Things](https://www.youtube.com/watch?v=4W8SkujOXi4&list=PLuUtcRxSUZUpv2An-RNhjuZSJ5fjY7ghe&index=8)
+* The next big market push is to have the cool IoT device that’s connected to the internet. As we’ve seen from the Mirai and Switcher hacks, it’s important to embed the appropriate safeguards so that devices are not open to attack. When selecting device components there are things that should be checked for, and when you’re doing the coding and workflows, there are other things that need to be taken in to account. Although security and privacy are close cousins, they’re also different. This talk will be centered around some best security and privacy practices as well as some common errors that should be avoided.
 
 
 
diff --git a/Draft/Exploit Development.md b/Draft/Exploit Development.md
index 50a2961..6e2b6e9 100755
--- a/Draft/Exploit Development.md	
+++ b/Draft/Exploit Development.md	
@@ -93,6 +93,31 @@ Corelan Exploit Series
 [MS17-010](https://github.com/worawit/MS17-010)
 
 
+* Add use-after-free section
+
+[ShellcodeStdio](https://github.com/jackullrich/ShellcodeStdio)
+* An extensible framework for easily writing debuggable, compiler optimized, position independent, x86 shellcode for windows platforms.
+
+[gdbgui](https://github.com/cs01/gdbgui)
+* A modern, browser-based frontend to gdb (gnu debugger). Add breakpoints, view stack traces, and more in C, C++, Go, and Rust. Simply run gdbgui from the terminal and a new tab will open in your browser.
+
+[I-know-where-your-page-lives](https://github.com/IOActive/I-know-where-your-page-lives)
+* I Know Where Your Page Lives: Derandomizing the latest Windows 10 Kernel - ZeroNights 2016
+
+[Crashing phones with Wi-Fi: Exploiting nitayart's Broadpwn bug (CVE-2017-9417)](http://boosterok.com/blog/broadpwn2/)
+
+[Sigreturn Oriented Programming is a real Threat](https://subs.emis.de/LNI/Proceedings/Proceedings259/2077.pdf)
+* Abstract: This paper shows that Sigreturn Oriented Programming (SROP), which consists of using calls to sigreturn to execute arbitrary code, is a pow erful method for the de velopment of exploits. This is demonstrated by developing two different kinds of SROP based exploits, one asterisk exploit which was already portrayed in the paper presenting SROP, and one novel exploit for a recently disclosed bug inthe DNS address resolution of the default GNUC library. Taking advantage of the fact, that these exploits have very few dependencies on the program being exploited, a library is implemented to automate wide parts of SROP exploit creation. This highlights the potential of SROP in respect to reusable and portable exploit code which strongly supports the conclusion of the original paper: SROP is areal threat!
+
+[Playing with signals : An overview on Sigreturn Oriented Programming](https://thisissecurity.net/2015/01/03/playing-with-signals-an-overview-on-sigreturn-oriented-programming/)
+
+[SROP | Signals, you say?](https://0x00sec.org/t/srop-signals-you-say/2890)
+
+[EnglishmansDentist Exploit Analysis](https://blogs.technet.microsoft.com/srd/2017/07/20/englishmansdentist-exploit-analysis/)
+
+[Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom’s Wi-Fi Chipsets](https://blog.exodusintel.com/2017/07/26/broadpwn/)
+
+
 #### end sort
 
 
diff --git a/Draft/Forensics Incident Response.md b/Draft/Forensics Incident Response.md
index 491a549..325df79 100755
--- a/Draft/Forensics Incident Response.md	
+++ b/Draft/Forensics Incident Response.md	
@@ -31,11 +31,10 @@ Forensics wiki
 Yelp/Github - OSX Collector - Mass style forensics/management
 
 
-[Know your Windows' Processes](https://sysforensics.org/2014/01/know-your-windows-processes.html)
+hackingexposedcomputerforensicsblog.blogspot.com/2015/02/automating-dfir-how-to-series-on_21.html)
 
-[Santoku Linux How-Tos'](https://santoku-linux.com/howtos)
 
-hackingexposedcomputerforensicsblog.blogspot.com/2015/02/automating-dfir-how-to-series-on_21.html)
+[THE CIDER PRESS:EXTRACTING FORENSIC ARTIFACTS FROM APPLE CONTINUITY](https://www.sans.org/summit-archives/file/summit-archive-1498146226.pdf)
 
 #### End Cull
 
@@ -67,6 +66,9 @@ http://windowsir.blogspot.com/2013/11/sniper-forensics-memory-analysis-and.html
 
 ### General
 
+[IRM (Incident Response Methodologies)](https://github.com/certsocietegenerale/IRM)
+* CERT Societe Generale provides easy to use operational incident best practices. These cheat sheets are dedicated to incident handling and cover multiple fields in which a CERT team can be involved. One IRM exists for each security incident we're used to dealing with.
+
 [Introduction to DFIR](https://sroberts.github.io/2016/01/11/introduction-to-dfir-the-beginning/)
 
 [File Signature Table](http://www.garykessler.net/library/file_sigs.html)
@@ -334,10 +336,7 @@ Ghiro
 
 ### <a name="linux">Linux Forensics</a>
 
-
-
-
-
+[Santoku Linux How-Tos'](https://santoku-linux.com/howtos)
 
 
 ### <a name="windows">Windows Forensics</a>
@@ -346,6 +345,9 @@ Ghiro
 
 [How to parse Windows Eventlog](http://dfir-blog.com/2016/03/13/how-to-parse-windows-eventlog/)
 
+[Know your Windows' Processes](https://sysforensics.org/2014/01/know-your-windows-processes.html)
+
+
 
 
 
@@ -358,6 +360,8 @@ database of Microsoft Active Directory (NTDS.DIT).
 [Did it Execute? - Mandiant](https://www.mandiant.com/blog/execute/)
 * You found a malicious executable! Now you’ve got a crucial question to answer: did the file execute? We’ll discuss a few sources of evidence you can use to answer this question. In this post, we will focus on static or “dead drive” forensics on Windows systems. We will cover four main sources of evidence: Windows Prefetch, Registry, Log Files, and File Information.
 
+[Get-InjectedThread.ps1](https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2)
+* Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
 
 [HowTo: Determine Program Execution](http://windowsir.blogspot.com/2013/07/howto-determine-program-execution.html)
 
@@ -405,7 +409,8 @@ What are the changes done on an AD between two points in time ?
 [Event Tracing for Windows and Network Monitor](http://blogs.technet.com/b/netmon/archive/2009/05/13/event-tracing-for-windows-and-network-monitor.aspx)
 * "Event Tracing for Windows, (ETW), has been around for quite a while now as it was introduced in Windows 2000. It's basically instrumented logging that describes what a component is doing. Conceptually, it’s something like the proverbial printf("here1") concept used by programmers, but it is present in retail builds. When you enable logging in a component the result is an ETL (Event Trace Log) file. What’s new is that that Network Monitor can read any ETL file. And with the supplied parsers many network oriented ETW providers can be decoded."
 
-
+[PowerForensics - PowerShell Digital Forensics](https://github.com/Invoke-IR/PowerForensics)
+* The purpose of PowerForensics is to provide an all inclusive framework for hard drive forensic analysis. PowerForensics currently supports NTFS and FAT file systems, and work has begun on Extended File System and HFS+ support.
 
 
 ### <a name="osx">OS X Forensics Tools</a>
diff --git a/Draft/Game Hacking.md b/Draft/Game Hacking.md
index 0bb5001..d341576 100755
--- a/Draft/Game Hacking.md	
+++ b/Draft/Game Hacking.md	
@@ -12,6 +12,16 @@
 
 
 
+
+
+
+
+#### Sort
+
+http://douevenknow.us/post/151129092928/throwback-k9lhax-by-bruteforce
+
+#### End Sort
+
 #### Writeups
 
 
@@ -19,6 +29,8 @@
 
 [Reverse Engineering Strike Commander](http://fabiensanglard.net/reverse_engineering_strike_commander/index.php)
 
+[Remote Code Execution In Source Games](https://oneupsecurity.com/research/remote-code-execution-in-source-games?t=r)
+
 
 
 ### Console Hacking
diff --git a/Draft/Honeypots -.md b/Draft/Honeypots -.md
index 72305c7..906d777 100755
--- a/Draft/Honeypots -.md	
+++ b/Draft/Honeypots -.md	
@@ -21,6 +21,11 @@ http://www.cuckoosandbox.org/
 http://highaltitudehacks.com/2013/06/15/ghost-usb-honeypot-part-2-installing-and-running-the-honeypot/
 
 
+[honeyLambda](https://github.com/0x4D31/honeyLambda)
+* a simple, serverless application designed to create and monitor URL {honey}tokens, on top of AWS Lambda and Amazon API Gateway
+
+[Masarah Paquet-Clouston & Olivier Bilodeau - Attacking Linux Moose Unraveled an Ego Market](https://www.youtube.com/watch?v=8c8C5cHbRU0&list=PLuUtcRxSUZUpv2An-RNhjuZSJ5fjY7ghe&index=2)
+
 #### End Cull
 
 
diff --git a/Draft/Interesting Things Useful stuff.md b/Draft/Interesting Things Useful stuff.md
index 47b3b54..25f29bc 100755
--- a/Draft/Interesting Things Useful stuff.md	
+++ b/Draft/Interesting Things Useful stuff.md	
@@ -40,6 +40,27 @@ http://spth.virii.lu/articles.htm
 
 
 
+[303 Hacks Lies Nation States Mario DiNatale](https://www.youtube.com/watch?v=nyh_ORq1Qwk)
+
+[Richard Thieme - The Impact of Dark Knowledge and Secrets on Security and Intelligence Professionals](https://www.youtube.com/watch?v=0MzcPBAj88A&list=PLuUtcRxSUZUpv2An-RNhjuZSJ5fjY7ghe)
+* Dismissing or laughing off concerns about what it does to a person to know critical secrets does not lessen the impact on life, work, and relationships of building a different map of reality than “normal people” use. One has to calibrate narratives to what another believes. One has to live defensively, warily. This causes at the least cognitive dissonance which some manage by denial. But refusing to feel the pain does not make it go away. It just intensifies the consequences when they erupt.
+Philip K. Dick said, reality is that which, when you no longer believe in it, does not go away. When cognitive dissonance evolves into symptoms of traumatic stress, one ignores those symptoms at one’s peril. But the very constraints of one’s work often make it impossible to speak aloud about those symptoms, because that might threaten one’s clearances, work, and career. And whistle blower protection is often non-existent.
+
+[recap](https://github.com/rackerlabs/recap)
+* recap is a reporting script that generates reports of various information about the server.
+
+[Paul Rascagneres - Modern Reconnaissance Phase by APT – Protection Layer](https://www.youtube.com/watch?v=4JVrK7bRKb0&index=10&list=PLuUtcRxSUZUpv2An-RNhjuZSJ5fjY7ghe)
+
+[BE YOUR OWN VPN PROVIDER WITH OPENBSD (v2)](https://networkfilter.blogspot.com/2017/04/be-your-own-vpn-provider-with-openbsd-v2.html)
+
+[New cache architecture on Intel I9 and Skylake server: An initial assessment](https://cyber.wtf/2017/07/18/new-cache-architecture-on-intel-i9-and-skylake-server-an-initial-assessment/)
+
+[301 The Road to Hiring is Paved in Good Intentions Tim OBrien](https://www.youtube.com/watch?v=sdkf8SIj1rU)
+
+[Ermahgerd: Lawrs - Robert Heverly - Anycon17](http://www.irongeek.com/i.php?page=videos/anycon2017/305-ermahgerd-lawrs-prof-robert-heverly)
+* When do you ? and other coders, hackers, developers, and tinkerers ? think or worry about the law? If your answer is, ?Not very often,? then this talk is for you. We all need to think about the law. And it?s not just privacy, or computer fraud, or even anti-circumvention law, that we should think about. We need to think about law as a whole and how it can help us do or stop us from doing what we want to do. This talk will start with a broad overview of the ways in which we implicate law when we do what we do, and then will focus on what that means for us and the broader implications that can arise from our various activities. Do you think the law would stop you from doing what you want to do or punish you for doing it? It might, but it also might not. If you think it does, do you think you should be able to do what you want to do? If you do, then we need to hack the law, and to do that we?ll need to talk to the legal coders, those writers of our cultural software. This talk will tackle not only law and working with code, but also why it matters for us to be aware of the law and engaged in improving it.
+
+
 
 [QR Code interesting](http://datagenetics.com/blog/november12013/index.html)
 
@@ -49,28 +70,24 @@ http://spth.virii.lu/articles.htm
 
 [IA Guidance - NSA](https://www.iad.gov/iad/library/ia-guidance/index.cfm)
 
-[Paste-Scraper](https://github.com/KernelEquinox/Paste-Scraper)
 
-[Wayback scraper](https://github.com/abrenaut/waybackscraper)
 
 [LeakedSource.ru](https://leakedsource.ru/)
 
-[Red Team Infrastructure Wiki](https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki)
-* Wiki to collect Red Team infrastructure hardening resources
-* Accompanying Presentation: [Doomsday Preppers: Fortifying Your Red Team Infrastructure](https://speakerdeck.com/rvrsh3ll/doomsday-preppers-fortifying-your-red-team-infrastructure)
 
-[How to Build a 404 page not found C2](https://www.blackhillsinfosec.com/?p=5134)
 
-[404 File not found C2 PoC](https://github.com/theG3ist/404)
 
-[Hiding Malicious Traffic Under the HTTP 404 Error](https://blog.fortinet.com/2015/04/09/hiding-malicious-traffic-under-the-http-404-error)
 
 #### End Sort
 
 
 
 
-## Attribution
+
+
+
+
+### Attribution
 
 [Cyber Attack Attribution Report](http://whohackedus.com/)
 
@@ -122,6 +139,11 @@ http://www.securitywizardry.com/radar.htm
 [The S stands for Simple](http://harmful.cat-v.org/software/xml/soap/simple)
 * Satire(Only it's not) of a conversation about SOAP
 
+[List of disposable email domains](https://github.com/martenson/disposable-email-domains)
+
+
+
+
 
 
 #### Tamper Evidence
@@ -179,36 +201,6 @@ http://www.securitywizardry.com/radar.htm
 
 
 
-
-
-
-
-
-### Pentesting Talks/Stuff
-
-[Penetration Testing considered Harmful Today](http://blog.thinkst.com/p/penetration-testing-considered-harmful.html)
-
-[Make It Count   Progressing through Pentesting - Bálint Varga-Perke -Silent Signal](https://silentsignal.hu/docs/Make_It_Count_-_Progressing_through_Pentesting_Balint_Varga-Perke_Silent_Signal.pdf)
-
-
-[stupid_malware](https://github.com/andrew-morris/stupid_malware)
-* Python malware for pentesters that bypasses most antivirus (signature and heuristics) and IPS using sheer stupidity
-
-[Fools of Golden Gate](https://blog.silentsignal.eu/2017/05/08/fools-of-golden-gate/)
-* How major vulnerabilities/large amounts of publicly vulnerable systems can exist without public recognition for long periods of time. (i.e. CVEs(10.0) exist, but no mapping in nessus/metasploit/etc)
-
-[Looping Surveillance Cameras through Live Editing - Van Albert and Banks - Defcon23](https://www.youtube.com/watch?v=RoOqznZUClI)
-* This project consists of the hardware and software necessary to hijack wired network communications. The hardware allows an attacker to splice into live network cabling without ever breaking the physical connection. This allows the traffic on the line to be passively tapped and examined. Once the attacker has gained enough knowledge about the data being sent, the device switches to an active tap topology, where data in both directions can be modified on the fly. Through our custom implementation of the network stack, we can accurately mimic the two devices across almost all OSI layers.
-* We have developed several applications for this technology. Most notable is the editing of live video streams to produce a “camera loop,” that is, hijacking the feed from an Ethernet surveillance camera so that the same footage repeats over and over again. More advanced video transformations can be applied if necessary. This attack can be executed and activated with practically no interruption in service, and when deactivated, is completely transparent.
-
-[#OLEOutlook - bypass almost every Corporate security control with a point’n’click GUI](https://doublepulsar.com/oleoutlook-bypass-almost-every-corporate-security-control-with-a-point-n-click-gui-37f4cbc107d0)
-
-
-
-
-
-
-
 ### Interesting Talks/Videos
 
 [Kim Jong-il and Me: How to Build a Cyber Army to Defeat the U.S. - Charlie MIller](https://www.youtube.com/watch?v=4up0yTGlpaU)
@@ -358,9 +350,12 @@ http://www.securitywizardry.com/radar.htm
 [SniffJoke](https://github.com/vecna/sniffjoke)
 * SniffJoke is an application for Linux that handle transparently your TCP connection, delaying, modifyng and inject fake packets inside your transmission, make them almost impossible to be correctly readed by a passive wiretapping technology (IDS or sniffer)
 
+[wikiteam](https://github.com/WikiTeam/wikiteam)
+* Tools for downloading and preserving wikis 
 
+[Paste-Scraper](https://github.com/KernelEquinox/Paste-Scraper)
 
-
+[Wayback scraper](https://github.com/abrenaut/waybackscraper)
 
 
 
@@ -438,9 +433,9 @@ Underhanded C
 
 [Docker: Not Even a Linker](http://adamierymenko.com/docker-not-even-a-linker/)
 
+[VBScript Injection via GNOME Thumbnailer - On Linux](http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html)
 
-
-
+[Locking Your Registry Keys for Fun and, Well, Just Fun I Guess](https://tyranidslair.blogspot.co.uk/2017/07/locking-your-registry-keys-for-fun-and.html)
 
 
 
@@ -512,6 +507,8 @@ Underhanded C
 
 
 
+### Interesting Articles
+
 
 
 ### sites
diff --git a/Draft/Lockpicking -.md b/Draft/Lockpicking -.md
index 967b2f7..3a369b9 100755
--- a/Draft/Lockpicking -.md	
+++ b/Draft/Lockpicking -.md	
@@ -12,6 +12,7 @@ http://www.keypicking.com/
 
 
 
+
 ###Introduction
 
 [Wikipedia on Lockpicking](https://en.wikipedia.org/wiki/Lock_picking)
@@ -42,6 +43,7 @@ http://www.keypicking.com/
 
 [CIA Lock Picking [Field Operative Training Manual]](https://archive.org/details/pdfy-eGBVTYko5TUI5P_B)
 
+[Lock Picking Course - LockLab](https://lock-lab.com/locklab-university/lock-picking-course-2/)
 
 
 ###Videos/Talks
diff --git a/Draft/Malware.md b/Draft/Malware.md
index 93c692a..a279c82 100755
--- a/Draft/Malware.md
+++ b/Draft/Malware.md
@@ -28,12 +28,24 @@ https://motherboard.vice.com/read/preserving-the-ancient-art-of-getting-pwned
 http://www.exposedbotnets.com/?m=0
 
 [malboxes](https://github.com/GoSecure/malboxes)
-* Builds malware analysis Windows VMs so that you don't have to.
+f* Builds malware analysis Windows VMs so that you don't have to.
 
 
 [PlugBot-C2C](https://github.com/redteamsecurity/PlugBot-C2C)
 * This is the Command & Control component of the PlugBot project
 
+[hiddentear](https://github.com/goliate/hidden-tear)
+* It's a ransomware-like file crypter sample which can be modified for specific purposes.
+
+https://brycampbell.co.uk/new-blog/
+https://archive.is/Nol3S
+
+[Hiding in Plain Sight: Advances in malware covert communication channels - BH2015 Pierre-Marc Bureau, Christian Dietrich](https://www.blackhat.com/docs/eu-15/materials/eu-15-Bureau-Hiding-In-Plain-Sight-Advances-In-Malware-Covert-Communication-Channels-wp.pdf)
+
+[rVMI - A New Paradigm For Full System Analysis](https://github.com/fireeye/rvmi)
+* rVMI is a debugger on steroids. It leverages Virtual Machine Introspection (VMI) and memory forensics to provide full system analysis. This means that an analyst can inspect userspace processes, kernel drivers, and preboot environments in a single tool.  It was specifially designed for interactive dynamic malware analysis. rVMI isolates itself from the malware by placing its interactive debugging environment out of the virtual machine (VM) onto the hypervisor-level. Through the use of VMI the analyst still has full control of the VM, which allows her to pause the VM at any point in time and to use typical debugging features such as breakpoints and watchpoints. In addtion, rVMI provides access to the entire Rekall feature set, which enables an analyst to inspect the kernel and its data structures with ease.
+
+
 ##### END Sort
 
 
diff --git a/Draft/Network Attacks & Defenses.md b/Draft/Network Attacks & Defenses.md
index 7cbb8ff..2d10965 100755
--- a/Draft/Network Attacks & Defenses.md	
+++ b/Draft/Network Attacks & Defenses.md	
@@ -31,8 +31,12 @@ http://www.pentest-standard.org/index.php/Intelligence_Gathering
 
 [RFC 2827 -  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing](https://tools.ietf.org/html/rfc2827)
 
-[gateway-finder](https://github.com/pentestmonkey/gateway-finder)
-* Gateway-finder is a scapy script that will help you determine which of the systems on the local LAN has IP forwarding enabled and which can reach the Internet.
+
+[bluebox-ng](https://github.com/jesusprubio/bluebox-ng)
+* Pentesting framework using Node.js powers, focused in VoIP.
+
+[SIMPLYEMAIL](https://github.com/killswitch-GUI/SimplyEmail)
+* What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.
 
 ##### sort end
 
@@ -234,6 +238,7 @@ when directory browsing is turned off.
 
 
 
+
 ### MitM Tools
 [Ettercap](https://ettercap.github.io/ettercap/)
 Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.
@@ -349,9 +354,14 @@ EIGRP and OSPF).
 [a](https://github.com/fmtn/a)
 * ActiveMQ CLI testing and message management
 
+[dns-parallel-prober](https://github.com/lorenzog/dns-parallel-prober)
+* This script is a proof of concept for a parallelised domain name prober. It creates a queue of threads and tasks each one to probe a sub-domain of the given root domain. At every iteration step each dead thread is removed and the queue is replenished as necessary.
 
+[gateway-finder](https://github.com/pentestmonkey/gateway-finder)
+* Gateway-finder is a scapy script that will help you determine which of the systems on the local LAN has IP forwarding enabled and which can reach the Internet.
 
-
+[enumall](https://github.com/Dhayalan96/enumall)
+* Script to enumerate subdomains, leveraging recon-ng. Uses google scraping, bing scraping, baidu scraping, yahoo scarping, netcraft, and bruteforces to find subdomains. Plus resolves to IP.
 
 
 
diff --git a/Draft/Network Security Monitoring & Logging.md b/Draft/Network Security Monitoring & Logging.md
index 350aa14..bb8d9da 100755
--- a/Draft/Network Security Monitoring & Logging.md	
+++ b/Draft/Network Security Monitoring & Logging.md	
@@ -32,6 +32,9 @@ http://www.netfort.com/wp-content/uploads/PDF/WhitePapers/NetFlow-Vs-Packet-Anal
 
 
 
+
+
+
 #### End Cull
 
 
@@ -277,7 +280,36 @@ losing the essense in the DNS answer.
 
 [Spotting the Adversary with Windows Event Log Monitoring - NSA](https://www.nsa.gov/ia/_files/app/Spotting_the_Adversary_with_Windows_Event_Log_Monitoring.pdf)
 
+[Uncovering Indicators of Compromise (IoC) Using   PowerShell, Event Logs, and  a Traditional Monitoring Tool](https://www.sans.org/reading-room/whitepapers/critical/uncovering-indicators-compromise-ioc-powershell-event-logs-traditional-monitoring-tool-36352)
+
+[Advanced Security Audit Policy Settings](https://technet.microsoft.com/en-us/library/dn319056(v=ws.11).aspx)
+
+[Sysinternals Sysmon unleashed](https://blogs.technet.microsoft.com/motiba/2016/10/18/sysinternals-sysmon-unleashed/)
+
+[Advanced Security Audit Policy Settings(Windows)](https://technet.microsoft.com/en-us/library/dn319056(v=ws.11).aspx)
+
+[SysInternals: SysMon Unleashed](https://blogs.technet.microsoft.com/motiba/2016/10/18/sysinternals-sysmon-unleashed/)
+
+[Windows Event Collector(For centralizing windows domain logging with no local agent, windows actually has built-in logging freely available)](https://msdn.microsoft.com/en-us/library/bb427443(v=vs.85).aspx)
+
+[Windows event Collector - Setting up source initiated Subscriptions](https://msdn.microsoft.com/en-us/library/bb870973(v=vs.85).aspx)
+
+[Use Windows Event Forwarding to help with intrusion detection](https://docs.microsoft.com/en-us/windows/threat-protection/use-windows-event-forwarding-to-assist-in-instrusion-detection)
+
+[GetInjectedThreads.ps1](https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2)
+* Looks for threads that were created as a result of code injection.
+
+[Sysmon - The Best Free Windows Monitoring Tool You Aren't Using](http://909research.com/sysmon-the-best-free-windows-monitoring-tool-you-arent-using/)
+
+[check_ioc](https://github.com/oneoffdallas/check_ioc)
+* Check_ioc is a script to check for various, selectable indicators of compromise on Windows systems via PowerShell and Event Logs. It was primarily written to be run on a schedule from a monitoring engine such as Nagios, however, it may also be run from a command-line (for incident response).
+
+[Greater Visibility Through PowerShell Logging](https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html)
+
+[block-parser](https://github.com/matthewdunwoody/block-parser)
+* Parser for Windows PowerShell script block logs
 
+[Revoke -­ Obfuscation: PowerShell Obfuscation Detection Using Science](https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/revoke-obfuscation-report.pdf)
 
 
 
diff --git a/Draft/Open Source Intelligence.md b/Draft/Open Source Intelligence.md
index e70361d..df54ddd 100755
--- a/Draft/Open Source Intelligence.md	
+++ b/Draft/Open Source Intelligence.md	
@@ -16,39 +16,17 @@ http://computercrimeinfo.com/cleaningid.html
 
 [OSINT - onstrat](http://www.onstrat.com/osint/)
 
-[Fantastic OSINT and where to find it - blindseeker/malware focused](http://archive.is/sYzcP#selection-62.0-62.1)
-
 http://toddington.com/resources/
 
 www.osintinsight.com/shared.php?user=Mediaquest&folderid=0\
 
 
-[PowerMeta](https://github.com/dafthack/PowerMeta)
-* PowerMeta searches for publicly available files hosted on various websites for a particular domain by using specially crafted Google, and Bing searches. It then allows for the download of those files from the target domain. After retrieving the files, the metadata associated with them can be analyzed by PowerMeta. Some interesting things commonly found in metadata are usernames, domains, software titles, and computer names.
-
-[Fantastic OSINT and where to find it - blindseeker/malware focused](http://archive.is/sYzcP#selection-62.0-62.1)
-
-[Corporate Espionage without the Hassle of Committing Felonies](https://www.slideshare.net/JohnCABambenek/corporate-espionage-without-the-hassle-of-committing-felonies)
-
-[How to Use Python to Spy on Your Friends: Web APIs, Recon ng, & OSINT](https://www.youtube.com/watch?v=BOjz7NfsLpA)
-
-
 #### End cull
 
 
 
 
 
-
-
-
-
-
-
-
-
-
-
 ### General
 
 [Open Source Intelligence](http://en.wikipedia.org/wiki/Open-source_intelligence)
@@ -61,16 +39,11 @@ www.osintinsight.com/shared.php?user=Mediaquest&folderid=0\
 
 [Email Reconnaissance and Phishing Template Generation Made Simple](https://cybersyndicates.com/2016/05/email-reconnaissance-phishing-template-generation-made-simple/)
 
-
 [OSINT Resources - greynetwork2](https://sites.google.com/site/greynetwork2/home/osint-resources)
 
+[Fantastic OSINT and where to find it - blindseeker/malware focused](http://archive.is/sYzcP#selection-62.0-62.1)
 
-
-
-
-
-
-
+[Corporate Espionage without the Hassle of Committing Felonies](https://www.slideshare.net/JohnCABambenek/corporate-espionage-without-the-hassle-of-committing-felonies)
 
 
 
@@ -93,15 +66,6 @@ www.osintinsight.com/shared.php?user=Mediaquest&folderid=0\
 
 
 
-
-
-
-
-
-
-
-
-
 ### Presentations & Talks
 
 [Pwning People Personally - Josh Schwartz](https://www.youtube.com/watch?v=T2Ha-ZLZTz0)
@@ -118,7 +82,7 @@ www.osintinsight.com/shared.php?user=Mediaquest&folderid=0\
 [You're Leaking Trade Secrets - Defcon22 Michael Schrenk](https://www.youtube.com/watch?v=JTd5TL6_zgY)
 * Networks don't need to be hacked for information to be compromised. This is particularly true for organizations that are trying to keep trade secrets. While we hear a lot about personal privacy, little is said in regard to organizational privacy. Organizations, in fact, leak information at a much greater rate than individuals, and usually do so with little fanfare. There are greater consequences for organizations when information is leaked because the secrets often fall into the hands of competitors. This talk uses a variety of real world examples to show how trade secrets are leaked online, and how organizational privacy is compromised by seemingly innocent use of The Internet.
 
-
+[How to Use Python to Spy on Your Friends: Web APIs, Recon ng, & OSINT](https://www.youtube.com/watch?v=BOjz7NfsLpA)
 
 
 
@@ -208,8 +172,34 @@ A tool to perform various OSINT techniques, aggregate all the raw data, and give
 
 [OSINT Mantra](http://www.getmantra.com/hackery/osint.html)
 
+[XRAY](https://github.com/evilsocket/xray)
+* XRay is a tool for recon, mapping and OSINT gathering from public networks.
+
+[PowerMeta](https://github.com/dafthack/PowerMeta)
+* PowerMeta searches for publicly available files hosted on various websites for a particular domain by using specially crafted Google, and Bing searches. It then allows for the download of those files from the target domain. After retrieving the files, the metadata associated with them can be analyzed by PowerMeta. Some interesting things commonly found in metadata are usernames, domains, software titles, and computer names.
+
+[tweets_analyzer](https://github.com/x0rz/tweets_analyzer)
+* Tweets metadata scraper & activity analyzer
+
+[Truffle Hog](https://github.com/dxa4481/truffleHog)
+* Searches through git repositories for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed that contain high entropy.
 
+[SimplyEmail](https://github.com/killswitch-GUI/SimplyEmail)
+* Email recon made fast and easy, with a framework to build on
 
+[GitPrey](https://github.com/repoog/GitPrey)
+* GitPrey is a tool for searching sensitive information or data according to company name or key word something.The design mind is from searching sensitive data leakling in Github:
+
+[linkedin](https://github.com/eracle/linkedin)
+* Linkedin Scraper using Selenium Web Driver, Firefox 45, Ubuntu and Scrapy
+
+[repo-supervisor](https://github.com/auth0/repo-supervisor)
+
+[git-all-secrets](https://github.com/anshumanbh/git-all-secrets)
+* A tool to capture all the git secrets by leveraging multiple open source git searching tools
+
+[PowerMeta](https://github.com/dafthack/PowerMeta)
+* PowerMeta searches for publicly available files hosted on various websites for a particular domain by using specially crafted Google, and Bing searches. It then allows for the download of those files from the target domain. After retrieving the files, the metadata associated with them can be analyzed by PowerMeta. Some interesting things commonly found in metadata are usernames, domains, software titles, and computer names.
 
 
 
diff --git a/Draft/Password Bruting and Hashcracking.md b/Draft/Password Bruting and Hashcracking.md
index 26b8406..6d8a5dc 100755
--- a/Draft/Password Bruting and Hashcracking.md	
+++ b/Draft/Password Bruting and Hashcracking.md	
@@ -27,7 +27,6 @@ http://arstechnica.com/security/2013/03/how-i-became-a-password-cracker/
 
 * Wordlists sorted by popularity originally created for password generation and testing
 
-
 ### End cull
 
 
@@ -162,6 +161,11 @@ Hashcat attacks
 
 [Firefox password cracker](https://github.com/pradeep1288/ffpasscracker)
 
+[Cracklord](https://github.com/jmmcatee/cracklord)
+* CrackLord is a system designed to provide a scalable, pluggable, and distributed system for both password cracking as well as any other jobs needing lots of computing resources. Better said, CrackLord is a way to load balance the resources, such as CPU, GPU, Network, etc. from multiple hardware systems into a single queueing service across two primary services: the Resource and Queue. It won't make these tasks faster, but it will make it easier to manage them.
+
+[Dagon](https://github.com/Ekultek/Dagon)
+* Named after the prince of Hell, Dagon (day-gone) is an advanced hash cracking and manipulation system, capable of bruteforcing multiple hash types, creating bruteforce dictionaries, automatic hashing algorithm verification, random salt generation from Unicode to ASCII, and much more.
 
 
 
diff --git a/Draft/Phishing.md b/Draft/Phishing.md
index ed906b7..c408615 100755
--- a/Draft/Phishing.md
+++ b/Draft/Phishing.md
@@ -15,6 +15,7 @@ TOC
 
 ###Cull
 
+
 #### End cull
 
 
@@ -48,6 +49,11 @@ TOC
 [sptoolkit-rebirth](https://github.com/simplephishingtoolkit/sptoolkit-rebirth)
 * sptoolkit hasn't been actively developed for two years. As it stands, it's a brilliant peice of software, and the original developers are pretty damn awesome for creating it. But we'd like to go further, and bring sptoolkit up to date. We've tried contacting the developers, but to no avail. We're taking matters into our own hands now.
 
+[KingPhisher](https://github.com/securestate/king-phisher)
+* King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.
+
+
+
 
 ### Tools
 
@@ -58,7 +64,8 @@ TOC
 * Tools for harvesting email addresses for phishing attacks
 * [Email Address Harvesting for Phishing](http://www.shortbus.ninja/email-address-harvesting-for-phishing-attacks/)
 
-
+[SimplyTemplate](https://github.com/killswitch-GUI/SimplyTemplate)
+* Phishing Template Generation Made Easy. The goal of this project was to hopefully speed up Phishing Template Gen as well as an easy way to ensure accuracy of your templates. Currently my standard Method of delivering emails is the Spear Phish in Cobalt strike so you will see proper settings for that by default.
 
 
 
diff --git a/Draft/Phyiscal Security.md b/Draft/Phyiscal Security.md
index fa877d6..2938d14 100755
--- a/Draft/Phyiscal Security.md	
+++ b/Draft/Phyiscal Security.md	
@@ -1,4 +1,36 @@
-##Physical Security
+# Physical Security
+
+### ToC
+
+
+#### Sort
+http://www.irongeek.com/i.php?page=videos/derbycon4/t540-physical-security-from-locks-to-dox-jess-hires 
+
+
+#### End Sort
+
+
+
+
+### General
+
+
+
+
+### Articles/Blogposts
+
+[Physical Security - Centre for the Protection of National Infrastructure - UK](https://www.cpni.gov.uk/physical-security)
+
+
+### Videos/Talks
+
+[Physical Penetration Testing You Keep a Knockin But You Cant Come In Phil Grime](https://www.youtube.com/watch?v=_0gz_iWoMT0)
+
+### Tools
+
+
+### Papers
+
 
 
 
@@ -11,7 +43,7 @@
 
 
 
-http://www.irongeek.com/i.php?page=videos/derbycon4/t540-physical-security-from-locks-to-dox-jess-hires 
+
 
 
 
diff --git a/Draft/Privilege Escalation & Post-Exploitation.md b/Draft/Privilege Escalation & Post-Exploitation.md
index ec99924..b9fc78f 100755
--- a/Draft/Privilege Escalation & Post-Exploitation.md	
+++ b/Draft/Privilege Escalation & Post-Exploitation.md	
@@ -41,6 +41,69 @@ https://github.com/mubix/post-exploitation/wiki/Linux-Post-Exploitation-Command-
 
 [Mimikatz Logs and Netcat](http://blackpentesters.blogspot.com/2013/12/mimikatz-logs-and-netcat.html?m=1)
 
+[Invoke-ProcessScan](https://github.com/vysec/Invoke-ProcessScan)
+* Gives context to a system. Uses EQGRP shadow broker leaked list to give some descriptions to processes.
+
+[ElevateKit](https://github.com/rsmudge/ElevateKit)
+* The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.
+
+[WMIcmd](https://github.com/nccgroup/WMIcmd)
+* A command shell wrapper using only WMI for Microsoft Windows
+
+[mimipenguin](https://github.com/huntergregal/mimipenguin)
+* A tool to dump the login password from the current linux user
+
+[BrowserGatherer](https://github.com/sekirkity/BrowserGather)
+* Fileless Extraction of Sensitive Browser Information with PowerShell
+
+[wePWNise](https://github.com/mwrlabs/wePWNise)
+* WePWNise generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software
+
+[rattler](https://github.com/sensepost/rattler)
+* Rattler is a tool that automates the identification of DLL's which can be used for DLL preloading attacks.
+
+[Brosec](https://github.com/gabemarshall/Brosec)
+* Brosec is a terminal based reference utility designed to help us infosec bros and broettes with useful (yet sometimes complex) payloads and commands that are often used during work as infosec practitioners. An example of one of Brosec's most popular use cases is the ability to generate on the fly reverse shells (python, perl, powershell, etc) that get copied to the clipboard.
+
+[Application Whitelist Bypass Techniques](https://github.com/subTee/ApplicationWhitelistBypassTechniques)
+* A Catalog of Application Whitelisting Bypass Techniques - SubTee
+
+[injectAllTheThings](https://github.com/fdiskyou/injectAllTheThings)
+* Single Visual Studio project implementing multiple DLL injection techniques (actually 7 different techniques) that work both for 32 and 64 bits. Each technique has its own source code file to make it easy way to read and understand.
+
+[Find AD users with empty password using PowerShell](https://4sysops.com/archives/find-ad-users-with-empty-password-passwd_notreqd-flag-using-powershell/)
+
+[PSReflect](https://github.com/mattifestation/PSReflect)
+* Easily define in-memory enums, structs, and Win32 functions in PowerShell
+
+[Pulling Back the Curtains on EncodedCommand PowerShell Attacks](https://researchcenter.paloaltonetworks.com/2017/03/unit42-pulling-back-the-curtains-on-encodedcommand-powershell-attacks/)
+
+[quarkspwdump](https://github.com/quarkslab/quarkspwdump)
+* Dump various types of Windows credentials without injecting in any process.
+
+[Bypassing UAC using App Paths](https://enigma0x3.net/2017/03/14/bypassing-uac-using-app-paths/)
+
+[Invoke-DCOM.ps1](https://github.com/rvrsh3ll/Misc-Powershell-Scripts/blob/master/Invoke-DCOM.ps1)
+
+[katz.xml](https://gist.github.com/subTee/c98f7d005683e616560bda3286b6a0d8)
+* Downloads Mimikatz From GitHub, Executes Inside of MsBuild.exe
+
+[nps_payload](https://github.com/trustedsec/nps_payload)
+* This script will generate payloads for basic intrusion detection avoidance. It utilizes publicly demonstrated techniques from several different sources. 
+
+
+[Ruler Pivoting Through Exchange - Etienne Stalmans - TR17](https://www.youtube.com/watch?v=tuc8cwOAAcA)
+
+
+[Pen Testing Active Directory Series](https://blog.varonis.com/binge-read-pen-testing-active-directory-series/)
+
+[Offensive Active Directory with Powershell](https://www.youtube.com/watch?v=cXWtu-qalSs)
+
+[Hacking SQL Server on Scale with PowerShell - Secure360 2017](https://www.slideshare.net/nullbind/2017-secure360-hacking-sql-server-on-scale-with-powershell)
+
+[EvilAbigail](https://github.com/GDSSecurity/EvilAbigail/blob/master/README.md)
+* Initrd encrypted root fs attack
+
 ##### end sort
 
 
@@ -747,7 +810,7 @@ Startup folder on Win8
 
 [Don't Kill My Cat (DKMC)](https://github.com/Mr-Un1k0d3r/DKMC)
 * Don't kill my cat is a tool that generates obfuscated shellcode that is stored inside of polyglot images. The image is 100% valid and also 100% valid shellcode. The idea is to avoid sandbox analysis since it's a simple "legit" image. For now the tool rely on PowerShell the execute the final shellcode payload.
-
+* [Presentation - Northsec2017](https://www.youtube.com/watch?v=7kNwbXgWdX0&list=PLuUtcRxSUZUpv2An-RNhjuZSJ5fjY7ghe&index=9)
 
 
 
diff --git a/Draft/Programming - Languages Libs Courses References.md b/Draft/Programming - Languages Libs Courses References.md
index 22f4157..d856502 100755
--- a/Draft/Programming - Languages Libs Courses References.md	
+++ b/Draft/Programming - Languages Libs Courses References.md	
@@ -23,6 +23,35 @@ Cull
 ###Cull
 http://www.irongeek.com/i.php?page=videos/derbycon4/t205-code-insecurity-or-code-in-security-mano-dash4rk-paul
 http://en.cppreference.com/w/c	
+
+[Mostly Adequate Guide](https://drboolean.gitbooks.io/mostly-adequate-guide/)
+* This is a book on the functional paradigm in general. We'll use the world's most popular functional programming language: JavaScript. Some may feel this is a poor choice as it's against the grain of the current culture which, at the moment, feels predominately imperative. 
+
+[PHP: a fractal of bad design](https://eev.ee/blog/2012/04/09/php-a-fractal-of-bad-design/)
+
+[x86 Assembly Crash Course](https://www.youtube.com/watch?v=75gBFiFtAb8)
+
+[Protect Your Java Code - Through Obfuscators and Beyond](https://www.excelsior-usa.com/articles/java-obfuscators.html)
+
+[aslrepl](https://github.com/enferex/asrepl)
+* asrepl is an assembly based REPL. The REPL processes each line of user input, the output can be witnessed by issuing the command 'regs' and looking at the register state.
+
+[Perl & Linguistics](http://world.std.com/~swmcd/steven/perl/linguistics.html)
+
+[What makes lisp macros so special - StackOverflow](https://stackoverflow.com/questions/267862/what-makes-lisp-macros-so-special)
+
+[Big picture software testing unit testing, Lean Startup, and everything in between PyCon 2017](https://www.youtube.com/watch?v=Vaq_e7qUA-4&feature=youtu.be&t=63s)
+
+[RailsConf 2015 - Nothing is Something](https://www.youtube.com/watch?v=OMPfEXIlTVE)
+
+[Boundaries - By Gary Bernhardt from SCNA 2012](https://www.destroyallsoftware.com/talks/boundaries)
+* This talk is about using simple values (as opposed to complex objects) not just for holding data, but also as the boundaries between components and subsystems. It moves through many topics: functional programming; mutability's relationship to OO; isolated unit testing with and without test doubles; and concurrency, to name some bar. The "Functional Core, Imperative Shell" screencast mentioned at the end is available as part of season 4 of the DAS catalog. 
+
+[Big picture software testing unit testing, Lean Startup, and everything in between PyCon 2017](https://www.youtube.com/watch?v=Vaq_e7qUA-4&feature=youtu.be&t=63s)
+* There are many ways you can test your software: unit testing, manual testing, end-to-end testing, and so forth. Take a step back and you'll discover even more form of testing, many of them very different in their goals: A/B testing, say, where you see which of two versions of your website results in more signups or ad clicks. How do these forms of testing differ, how do they relate to each other? How do you choose which kind of testing to pursue, given limited time and resources? How do you deal with strongly held yet opposite views arguing either that a particular kind of testing is essential or that it's a waste time? This talk will provide you with a model, a way to organize all forms of testing and understand what exactly they provide, and why. Once you understand the model you will be able to choose the right form of testing for *your* situation and goals.
+
+
+
 #### End Cull
 
 
diff --git a/Draft/Red-Teaming.md b/Draft/Red-Teaming.md
new file mode 100644
index 0000000..2a3ddfb
--- /dev/null
+++ b/Draft/Red-Teaming.md
@@ -0,0 +1,130 @@
+# Red Teaming & Explicitly Pen testing stuff
+
+
+
+#### ToC
+* Sort
+* Talks/Videos
+* Articles/Blogposts
+* Papers
+* Tools
+
+### Sort
+
+
+#### End sort
+
+
+
+### General
+
+[Common Ground Part 1: Red Team History & Overview](https://www.sixdub.net/?p=705)
+
+[Red Teaming Tips - Vincent Yiu](https://threatintel.eu/2017/06/03/red-teaming-tips-by-vincent-yiu/)
+
+[Red Team Tips as posted by @vysecurity on Twitter](https://github.com/vysec/RedTips)
+
+[Red Team Infrastructure Wiki](https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki)
+* Wiki to collect Red Team infrastructure hardening resources
+* Accompanying Presentation: [Doomsday Preppers: Fortifying Your Red Team Infrastructure](https://speakerdeck.com/rvrsh3ll/doomsday-preppers-fortifying-your-red-team-infrastructure)
+
+
+
+
+### Talks/Videos
+
+[Laurent Desaulniers - Stupid RedTeamer Tricks](https://www.youtube.com/watch?v=2g_8oHM0nwA&list=PLuUtcRxSUZUpv2An-RNhjuZSJ5fjY7ghe&index=11)
+
+[Dimitry Snezhkov - Abusing Webhooks for Command and Control](https://www.youtube.com/watch?v=1d3QCA2cR8o&list=PLuUtcRxSUZUpv2An-RNhjuZSJ5fjY7ghe&index=12)
+
+[Finding Diamonds in the Rough- Parsing for Pentesters](https://bluescreenofjeff.com/2016-07-26-finding-diamonds-in-the-rough-parsing-for-pentesters/)
+
+[Attacking EvilCorp: Anatomy of a Corporate Hack](http://www.irongeek.com/i.php?page=videos/derbycon6/111-attacking-evilcorp-anatomy-of-a-corporate-hack-sean-metcalf-will-schroeder)
+
+[Looping Surveillance Cameras through Live Editing - Van Albert and Banks - Defcon23](https://www.youtube.com/watch?v=RoOqznZUClI)
+* This project consists of the hardware and software necessary to hijack wired network communications. The hardware allows an attacker to splice into live network cabling without ever breaking the physical connection. This allows the traffic on the line to be passively tapped and examined. Once the attacker has gained enough knowledge about the data being sent, the device switches to an active tap topology, where data in both directions can be modified on the fly. Through our custom implementation of the network stack, we can accurately mimic the two devices across almost all OSI layers.
+* We have developed several applications for this technology. Most notable is the editing of live video streams to produce a “camera loop,” that is, hijacking the feed from an Ethernet surveillance camera so that the same footage repeats over and over again. More advanced video transformations can be applied if necessary. This attack can be executed and activated with practically no interruption in service, and when deactivated, is completely transparent.
+
+[Richard Thieme - The Impact of Dark Knowledge and Secrets on Security and Intelligence Professionals](https://www.youtube.com/watch?v=0MzcPBAj88A&list=PLuUtcRxSUZUpv2An-RNhjuZSJ5fjY7ghe)
+* Dismissing or laughing off concerns about what it does to a person to know critical secrets does not lessen the impact on life, work, and relationships of building a different map of reality than “normal people” use. One has to calibrate narratives to what another believes. One has to live defensively, warily. This causes at the least cognitive dissonance which some manage by denial. But refusing to feel the pain does not make it go away. It just intensifies the consequences when they erupt.
+Philip K. Dick said, reality is that which, when you no longer believe in it, does not go away. When cognitive dissonance evolves into symptoms of traumatic stress, one ignores those symptoms at one’s peril. But the very constraints of one’s work often make it impossible to speak aloud about those symptoms, because that might threaten one’s clearances, work, and career. And whistle blower protection is often non-existent.
+
+[303 Hacks Lies Nation States Mario DiNatale](https://www.youtube.com/watch?v=nyh_ORq1Qwk)
+
+
+
+### Slides
+
+[Make It Count: Progressing through Pentesting - Bálint Varga-Perke -Silent Signal](https://silentsignal.hu/docs/Make_It_Count_-_Progressing_through_Pentesting_Balint_Varga-Perke_Silent_Signal.pdf)
+
+
+
+
+
+
+### Articles / Blogposts
+
+[Fools of Golden Gate](https://blog.silentsignal.eu/2017/05/08/fools-of-golden-gate/)
+* How major vulnerabilities/large amounts of publicly vulnerable systems can exist without public recognition for long periods of time. (i.e. CVEs(10.0) exist, but no mapping in nessus/metasploit/etc)
+
+[how-to-make-communication-profiles-for-empire](https://github.com/bluscreenofjeff/bluscreenofjeff.github.io/blob/master/_posts/2017-03-01-how-to-make-communication-profiles-for-empire.md)
+
+[Empire – Modifying Server C2 Indicators](http://threatexpress.com/2017/05/empire-modifying-server-c2-indicators/)
+
+[Red Team Insights on HTTPS Domain Fronting Google Hosts Using Cobalt Strike](https://www.cyberark.com/threat-research-blog/red-team-insights-https-domain-fronting-google-hosts-using-cobalt-strike/)
+
+[Hiding Malicious Traffic Under the HTTP 404 Error](https://blog.fortinet.com/2015/04/09/hiding-malicious-traffic-under-the-http-404-error)
+
+[How to Build a 404 page not found C2](https://www.blackhillsinfosec.com/?p=5134)
+
+[404 File not found C2 PoC](https://github.com/theG3ist/404)
+
+[#OLEOutlook - bypass almost every Corporate security control with a point’n’click GUI](https://doublepulsar.com/oleoutlook-bypass-almost-every-corporate-security-control-with-a-point-n-click-gui-37f4cbc107d0)
+
+
+[Penetration Testing considered Harmful Today](http://blog.thinkst.com/p/penetration-testing-considered-harmful.html)
+
+
+
+
+### Papers
+
+[Blocking-resistant communication through domain fronting](https://www.bamsoftware.com/papers/fronting/)
+
+
+
+### Tools
+
+[PenTesting-Scripts - killswitch-GUI](https://github.com/killswitch-GUI/PenTesting-Scripts)
+
+[stupid_malware](https://github.com/andrew-morris/stupid_malware)
+* Python malware for pentesters that bypasses most antivirus (signature and heuristics) and IPS using sheer stupidity
+
+
+
+
+
+
+
+
+##### HW
+[DigiDucky - How to setup a Digispark like a rubber ducky](http://www.redteamr.com/2016/08/digiducky/)
+
+[How to Build Your Own Penetration Testing Drop Box - BHIS](https://www.blackhillsinfosec.com/?p=5156&)
+
+###### SW
+
+[FindFrontableDomains](https://github.com/rvrsh3ll/FindFrontableDomains)
+* Search for potential frontable domains
+
+[Domain Hunter](https://github.com/minisllc/domainhunter)
+* Checks expired domains, bluecoat categorization, and Archive.org history to determine good candidates for phishing and C2 domain names
+
+[Chameleon](https://github.com/mdsecactivebreach/Chameleon)
+* A tool for evading Proxy categorisation
+
+
+
+
+
+
diff --git a/Draft/Reverse Engineering.md b/Draft/Reverse Engineering.md
index d4bee2c..c104fac 100755
--- a/Draft/Reverse Engineering.md	
+++ b/Draft/Reverse Engineering.md	
@@ -31,6 +31,14 @@ To be sorted
 
 ### To be sorted
 
+[gdbgui](https://github.com/cs01/gdbgui)
+* A modern, browser-based frontend to gdb (gnu debugger). Add breakpoints, view stack traces, and more in C, C++, Go, and Rust. Simply run gdbgui from the terminal and a new tab will open in your browser.
+
+[Reverse Engineering a 433MHz Motorised Blind RF Protocol](https://nickwhyte.com/post/2017/reversing-433mhz-raex-motorised-rf-blinds/)
+
+[PPEE(puppy)](https://www.mzrst.com/#top)
+* Professional PE file Explorer for reversers, malware researchers and those who want to statically inspect PE files in more details. Free and fast.
+
 
 [Symbolic execution timeline](https://github.com/enzet/symbolic-execution)
 * Diagram highlights some major tools and ideas of pure symbolic execution, dynamic symbolic execution (concolic) as well as related ideas of model checking, SAT/SMT solving, black-box fuzzing, taint data tracking, and other dynamic analysis techniques.
diff --git a/Draft/SCADA.md b/Draft/SCADA.md
new file mode 100644
index 0000000..4605b85
--- /dev/null
+++ b/Draft/SCADA.md
@@ -0,0 +1,62 @@
+## SCADA/Industrial Control Systems
+
+
+
+
+### ToC
+
+
+
+
+
+#### Sort
+
+
+#### End Sort
+
+
+### General
+
+
+
+
+### Articles/Blogposts
+
+
+
+### Talks/Presentations
+
+[Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion - Marina Krotofil - Jason Larsen](https://www.youtube.com/watch?v=AL8L76n0Q9w)
+* The appeal of hacking a physical process is dreaming about physical damage attacks lighting up the sky in a shower of goodness. Let’s face it, after such elite hacking action nobody is going to let one present it even at a conference like DEF CON. As a poor substitute, this presentation will get as close as using a simulated plant for Vinyl Acetate production for demonstrating a complete attack, from start to end, directed at persistent economic damage to a production site while avoiding attribution of production loss to a cyber-event. Such an attack scenario could be useful to a manufacturer aiming at putting competitors out of business or as a strong argument in an extortion attack. Exploiting physical process is an exotic and hard to develop skill which have so far kept a high barrier to entry. Therefore real-world control system exploitation has remained in the hands of a few. To help the community mastering new skills we have developed „Damn Vulnerable Chemical Process“ – first open source framework for cyber-physical experimentation based on two realistic models of chemical plants. Come to the session and take your first master class on complex physical hacking.
+
+[Industrial Control Systems : Pentesting PLCs 101 (Part 1/2)](https://www.youtube.com/watch?v=iGwm6-lyn2Y)
+
+[Industrial Control Systems : Pentesting PLCs 101 (Part 2/2)](https://www.youtube.com/watch?v=rP_Jys1_OJk)
+
+[ICS Security Assessment Methodology, Tools & Tips](https://www.youtube.com/watch?v=0WoA9SYLDoM)
+* Dale Peterson of Digital Bond describes how to perform an ICS / SCADA cyber security assessment in this S4xJapan video.  He goes into a lot of detail on the tools and how to use them in the fragile and insecure by design environment that is an ICS.  There are also useful tips on when to bother applying security patches (this will likely surprise you), the importance of identifying the impact of a vulnerability, and an efficient risk reduction approach.
+
+
+
+
+### Tools
+[python-opcua](https://github.com/FreeOpcUa/python-opcua/blob/master/README.md)
+* OPC UA binary protocol implementation is quasi complete and has been tested against many different OPC UA stacks. API offers both a low level interface to send and receive all UA defined structures and high level classes allowing to write a server or a client in a few lines. It is easy to mix high level objects and low level UA calls in one application.
+
+[UaExpert—A Full-Featured OPC UA Client](https://www.unified-automation.com/products/development-tools/uaexpert.html)
+* The UaExpert® is a full-featured OPC UA Client demonstrating the capabilities of our C++ OPC UA Client SDK/Toolkit. The UaExpert is designed as a general purpose test client supporting OPC UA features like DataAccess, Alarms & Conditions, Historical Access and calling of UA Methods. The UaExpert is a cross-platform OPC UA test client programmed in C++. It uses the sophisticated GUI library QT form Nokia (formerly Trolltech) forming the basic framework which is extendable by Plugins.
+
+
+[dyode](https://github.com/arnaudsoullie/dyode)
+* A low-cost data diode, aimed at Industrial Control Systems
+
+[GRASSMARLIN](https://github.com/iadgov/GRASSMARLIN)
+
+
+
+
+
+
+
+
+
diff --git a/Draft/Social Engineering.md b/Draft/Social Engineering.md
index 9d6f8df..0899d6c 100755
--- a/Draft/Social Engineering.md	
+++ b/Draft/Social Engineering.md	
@@ -21,6 +21,16 @@ CULL
 
 
 
+
+[How to bypass Web-Proxy Filtering](https://www.blackhillsinfosec.com/?p=5831)
+
+[Malicious Outlook Rules](https://silentbreaksecurity.com/malicious-outlook-rules/)
+
+[EXE-less Malicious Outlook Rules - BHIS](https://www.blackhillsinfosec.com/?p=5544)
+
+["Humans, right?" Soft Skills in Security - Ariel Robinson](http://www.irongeek.com/i.php?page=videos/bsidesnova2017/200-humans-right-soft-skills-in-security-ariel-robinson)
+* Let's face it: humans ruin everything. They are almost always the weak link in the information security chain, between their susceptibility to social engineering, rejection of security threats, and sheer laziness. You can make the best security tool in the business, but if a human doesn't use it right, well, you might as well leave your passwords on a sticky note on your-- wait a minute. Yes, humans suck at information security. But we don't make it easy. Infosec is incredibly inaccessible to your average user. Just ask me: I am one. We can't change humans (or get rid of them, no matter how much we might want to), but we can change information security. We can leverage insights from non-technical disciplines such as cognitive science, human-centered design, strategic communications, and psychology. Or we can keep hitting our heads against our desktops. As a professional communicator and bridge builder, help me help you. To make security work, we have to make it easy. For humans.
+
 http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3152826/
 #### end sort
 
diff --git a/Draft/System Internals Windows and Linux Internals Reference.md b/Draft/System Internals Windows and Linux Internals Reference.md
index 92dc60f..eac76e9 100755
--- a/Draft/System Internals Windows and Linux Internals Reference.md	
+++ b/Draft/System Internals Windows and Linux Internals Reference.md	
@@ -36,6 +36,17 @@ https://tribalchicken.com.au/technical/recovering-bitlocker-keys-on-windows-8-1-
 [Stack Smashing Protector](http://wiki.osdev.org/Stack_Smashing_Protector)
 
 
+
+[windows-operating-system-archaeology](https://github.com/subTee/windows-operating-system-archaeology)
+* subTee stuff
+
+[Processes, Threads, and Jobs in the Windows Operating System](https://www.microsoftpressstore.com/articles/article.aspx?p=2233328&seqNum=2)
+
+[Mandatory Integrity Control](https://msdn.microsoft.com/en-gb/library/windows/desktop/bb648648(v=vs.85).aspx)
+
+[Windows Access Control Demystified](http://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=E1A09F166B29C17D2CD38C70A02576E4?doi=10.1.1.88.1930&rep=rep1&type=pdf)
+
+
 #### End Sort
 
 
@@ -66,6 +77,12 @@ https://tribalchicken.com.au/technical/recovering-bitlocker-keys-on-windows-8-1-
 
 [WinAPIs for Hackers](https://www.bnxnet.com/wp-content/uploads/2015/01/WinAPIs_for_hackers.pdf)
 
+[About Atom Tables](https://msdn.microsoft.com/en-us/library/windows/desktop/ms649053(v=vs.85).aspx)
+
+[GlobalGetAtomName function](https://msdn.microsoft.com/en-us/library/windows/desktop/ms649063(v=vs.85).aspx)
+
+
+
 
 #### Documentation
 
@@ -192,6 +209,9 @@ https://tribalchicken.com.au/technical/recovering-bitlocker-keys-on-windows-8-1-
 
 [Introduction to ADS: Alternate Data Streams](https://hshrzd.wordpress.com/2016/03/19/introduction-to-ads-alternate-data-streams/)
 
+[Detecting stealthier cross-process injection techniques with Windows Defender ATP: Process hollowing and atom bombing](https://blogs.technet.microsoft.com/mmpc/2017/07/12/detecting-stealthier-cross-process-injection-techniques-with-windows-defender-atp-process-hollowing-and-atom-bombing/)
+
+
 
 
 
diff --git a/Draft/Threat Modeling.md b/Draft/Threat Modeling.md
index 763d1b0..a67c298 100755
--- a/Draft/Threat Modeling.md	
+++ b/Draft/Threat Modeling.md	
@@ -13,6 +13,10 @@
 
 
 
+[ThreatHuntingStuff](https://github.com/MatthewDemaske/ThreatHuntingStuff)
+
+[Adam Shostack - Pentesting: Lessons from Star Wars](https://www.youtube.com/watch?v=BfWWryF8M7E&list=PLuUtcRxSUZUpv2An-RNhjuZSJ5fjY7ghe&index=13)
+* Everyone knows you ought to threat model, but in practical reality it turns out to be tricky. If past efforts to threat model haven’t panned out, perhaps part of the problem is confusion over what works, and how the various approaches conflict or align. This talk captures lessons from years of work helping people throughout the software industry threat model more effectively. It’s designed to help security pros, especially pen testers, all of whom will leave with both threat modeling lessons from Star Wars and a proven foundation, enabling them to threat model effectively on offense or defense.
 
 
 
diff --git a/Draft/Threat-Hunting.md b/Draft/Threat-Hunting.md
new file mode 100644
index 0000000..c200261
--- /dev/null
+++ b/Draft/Threat-Hunting.md
@@ -0,0 +1,60 @@
+# Threat Hunting
+
+### ToC
+
+
+
+
+#### Sort
+
+
+#### End Sort
+
+
+### General
+
+
+
+### Articles/Blogposts
+
+
+[Windows Log Hunting with PowerShell](http://909research.com/windows-log-hunting-with-powershell/)
+
+[Hunting in Memory](https://www.endgame.com/blog/technical-blog/hunting-memory)
+https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework
+
+[Windows Log Hunting with PowerShell](http://909research.com/windows-log-hunting-with-powershell/)
+
+
+### Talks/Videos
+
+[Taking Hunting to the Next Level Hunting in Memory - Jared Atkinson 2017](https://www.youtube.com/watch?v=3RUMShnJq_I)
+
+[Taking Hunting to the Next Level Hunting in Memory - Jared Atkinson 2017](https://www.youtube.com/watch?v=3RUMShnJq_I)
+
+
+
+
+
+### Tools
+
+[Revoke-Obfuscation](https://github.com/danielbohannon/Revoke-Obfuscation)
+* Revoke-Obfuscation is a PowerShell v3.0+ compatible PowerShell obfuscation detection framework.
+
+
+
+### Papers
+
+[Revoke -­� Obfuscation: PowerShell Obfuscation Detection Using Science](https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/revoke-obfuscation-report.pdf)
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/Draft/UX Design - Because we all know how sexy pgp is.md b/Draft/UX Design - Because we all know how sexy pgp is.md
index fd33f20..ac0e4a8 100755
--- a/Draft/UX Design - Because we all know how sexy pgp is.md	
+++ b/Draft/UX Design - Because we all know how sexy pgp is.md	
@@ -1,20 +1,53 @@
-##UX/UI Design - Because we all know how sexy PGP looks
+## UX/UI Design - Because we all know how sexy PGP looks / How easy to use it is.
 
 Required Reading: [The Design of Everyday Things](http://www.jnd.org/books/design-of-everyday-things-revised.html)
 * This book is extraordinary not only in the fact that its a crash course on UI/UX design but also for the fact that almost anyone can read it and understand the principles it talks about.
 
 
-https://en.wikipedia.org/wiki/User_interface_design
 
 
+#### Sort
+
 http://www.usability.gov/what-and-why/user-interface-design.html
 
 
 
-http://ui-patterns.com/
+https://dribbble.com/
+
+https://www.uplabs.com/
+
+[CodePen](https://codepen.io/#)
+#### End Sort
+
+
+### General
+
+
+[User Interface - Wikipedia](https://en.wikipedia.org/wiki/User_interface)
+
+[User Interface Design - Wikipedia](https://en.wikipedia.org/wiki/User_interface_design)
+
+[UI Patterns](http://ui-patterns.com/)
+
+[Principals of User Interface Design](https://en.wikipedia.org/wiki/Principles_of_user_interface_design)
+
+
+### Books
+
+
+
+### Talks & Presentations
+
+[UI Fundamentals for Programmers by Ryan Singer](https://vimeo.com/6702766)
+
+
+
+### Articles/Writeups
+
+
 
-https://en.wikipedia.org/wiki/Principles_of_user_interface_design
 
+### Websites/Organizations
 
 [Dark Patterns: fighting user deception worldwide](http://darkpatterns.org/)
 * A Dark Pattern is a user interface that has been carefully crafted to trick users into doing things, such as buying insurance with their purchase or signing up for recurring bills.
diff --git a/Draft/Web & Browsers.md b/Draft/Web & Browsers.md
index 14ef93b..e63f291 100755
--- a/Draft/Web & Browsers.md	
+++ b/Draft/Web & Browsers.md	
@@ -69,6 +69,49 @@ prompt.ml
 
 Clickjacking attacks
 
+
+[PowerWebShot](https://github.com/dafthack/PowerWebShot)
+* A PowerShell tool for taking screenshots of multiple web servers quickly.
+
+[BurpSmartBuster](https://github.com/pathetiq/BurpSmartBuster)
+* A Burp Suite content discovery plugin that add the smart into the Buster!
+
+[Java Deserialization Exploits](https://github.com/CoalfireLabs/java_deserialization_exploits)
+* A collection of Java Deserialization Exploits
+
+[Critical vulnerabilities in JSON Web Token libraries - 2015](https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/)
+
+[100 OWASP Top 10 Hacking Web Applications with Burp Suite Chad Furman](https://www.youtube.com/watch?v=2p6twRRXK_o)
+
+[json token decode](http://jwt.calebb.net/)
+
+[JWT Inspector - FF plugin](https://www.jwtinspector.io/)
+* JWT Inspector is a browser extension that lets you decode and inspect JSON Web Tokens in requests, cookies, and local storage. Also debug any JWT directly from the console or in the built-in UI. 
+
+[Attacking JWT authentication](https://www.sjoerdlangkemper.nl/2016/09/28/attacking-jwt-authentication/)
+
+[WAFPASS](https://github.com/wafpassproject/wafpass)
+* Analysing parameters with all payloads' bypass methods, aiming at benchmarking security solutions like WAF.
+
+[collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere)
+* A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator
+
+[hackability](https://github.com/PortSwigger/hackability)
+* Rendering Engine Hackability Probe performs a variety of tests to discover what the unknown rendering engine supports. To use it simply extract it to your web server and visit the url in the rendering engine you want to test. The more successful probes you get the more likely the target engine is vulnerable to attack.
+
+[Exploiting misuse of Python's "pickle"](https://blog.nelhage.com/2011/03/exploiting-pickle/)
+
+[Typosquatting programming language package managers](http://incolumitas.com/2016/06/08/typosquatting-package-managers/)
+
+[The Website Obesity Crisis](http://idlewords.com/talks/website_obesity.htm)
+
+[HUNT Burp Suite Extension](https://github.com/bugcrowdlabs/HUNT)
+* HUNT Logo  HUNT is a Burp Suite extension to: 1. Identify common parameters vulnerable to certain vulnerability classes. 2. Organize testing methodologies inside of Burp Suite.
+
+[Caja](https://developers.google.com/caja/)
+*  The Caja Compiler is a tool for making third party HTML, CSS and JavaScript safe to embed in your website. It enables rich interaction between the embedding page and the embedded applications. Caja uses an object-capability security model to allow for a wide range of flexible security policies, so that your website can effectively control what embedded third party code can do with user data. 
+
+
 #### End Sort
 
 
diff --git a/Draft/Wireless Networks & RF.md b/Draft/Wireless Networks & RF.md
index 1ce36f9..f5f43a7 100755
--- a/Draft/Wireless Networks & RF.md	
+++ b/Draft/Wireless Networks & RF.md	
@@ -35,6 +35,27 @@ Scapy
 
 [gr-lora](https://github.com/BastilleResearch/gr-lora)
 * This is an open-source implementation of the LoRa CSS PHY, based on the blind signal analysis conducted by @matt-knight. The original research that guided this implementation may be found at https://github.com/matt-knight/research
+
+
+[LTE Security - How good is it?](http://csrc.nist.gov/news_events/cif_2015/research/day2_research_200-250.pdf)
+
+[UAV Transponders & Tracker Kits - UST](http://www.unmannedsystemstechnology.com/company/sagetech-corporation/)
+
+[Emulation and Exploration of BCM WiFi Frame Parsing using LuaQEMU](https://comsecuris.com/blog/posts/luaqemu_bcm_wifi/)
+
+[Fluxion](https://github.com/wi-fi-analyzer/fluxion)
+* Fluxion is a remake of linset by vk496 with (hopefully) less bugs and more functionality. It's compatible with the latest release of Kali (rolling). The attack is mostly manual, but experimental versions will automatically handle most functionality from the stable releases.
+
+
+
+[ESP8266 deauther](https://github.com/spacehuhn/esp8266_deauther)
+* Deauthentication attack and other exploits using an ESP8266!
+
+
+
+
+
+
 ##### End Cull
 
 
diff --git a/Draft/things-added.md b/Draft/things-added.md
index 35eee0b..5b391c8 100755
--- a/Draft/things-added.md
+++ b/Draft/things-added.md
@@ -5,6 +5,50 @@
 
 
 
+[PenTesting-Scripts - killswitch-GUI](https://github.com/killswitch-GUI/PenTesting-Scripts)
+
+
+
+
+
+[Hunting in Memory](https://www.endgame.com/blog/technical-blog/hunting-memory)
+https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework
+
+[Jackson Thuraisamy & Jason Tran - Hacking POS PoS Systems](https://www.youtube.com/watch?v=-n7oJqmTUCo) 
+
+
+
+
+[Revoke -­� Obfuscation: PowerShell Obfuscation Detection Using Science](https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/revoke-obfuscation-report.pdf)
+
+[Revoke-Obfuscation](https://github.com/danielbohannon/Revoke-Obfuscation)
+* Revoke-Obfuscation is a PowerShell v3.0+ compatible PowerShell obfuscation detection framework.
+
+[nps_payload](https://github.com/trustedsec/nps_payload)
+* This script will generate payloads for basic intrusion detection avoidance. It utilizes publicly demonstrated techniques from several different sources. 
+
+
+https://improsec.com/blog//windows-kernel-shellcode-on-windows-10-part-1
+https://improsec.com/blog//windows-kernel-shellcode-on-windows-10-part-2
+https://improsec.com/blog//windows-kernel-shellcode-on-windows-10-part-3
+https://improsec.com/blog//windows-kernel-shellcode-on-windows-10-part-4-there-is-no-code
+
+
+[Bypassing UAC using App Paths](https://enigma0x3.net/2017/03/14/bypassing-uac-using-app-paths/)
+
+
+[Invoke-DCOM.ps1](https://github.com/rvrsh3ll/Misc-Powershell-Scripts/blob/master/Invoke-DCOM.ps1)
+
+[katz.xml](https://gist.github.com/subTee/c98f7d005683e616560bda3286b6a0d8)
+* Downloads Mimikatz From GitHub, Executes Inside of MsBuild.exe
+
+
+
+
+
+
+[Software Assurance Maturity Model - OWASP](http://www.opensamm.org/downloads/SAMM-1.0-en_US.pdf)
+
 
 [How to Build Your Own Penetration Testing Drop Box - BHIS](https://www.blackhillsinfosec.com/?p=5156&)
 
@@ -15,37 +59,56 @@
 
 [Finding Diamonds in the Rough- Parsing for Pentesters](https://bluescreenofjeff.com/2016-07-26-finding-diamonds-in-the-rough-parsing-for-pentesters/)
 
+[Red Team Tips as posted by @vysecurity on Twitter](https://github.com/vysec/RedTips)
 
+[FindFrontableDomains](https://github.com/rvrsh3ll/FindFrontableDomains)
+* Search for potential frontable domains
 
-http://www.exploit-monday.com/2012/05/accessing-native-windows-api-in.html
-https://clymb3r.wordpress.com/2013/11/03/powershell-and-token-impersonation/
-https://adsecurity.org/?p=2398
-https://blog.ropnop.com/using-credentials-to-own-windows-boxes/
-https://www.toshellandback.com/
+[Domain Hunter](https://github.com/minisllc/domainhunter)
+* Checks expired domains, bluecoat categorization, and Archive.org history to determine good candidates for phishing and C2 domain names
 
+[Laurent Desaulniers - Stupid RedTeamer Tricks](https://www.youtube.com/watch?v=2g_8oHM0nwA&list=PLuUtcRxSUZUpv2An-RNhjuZSJ5fjY7ghe&index=11)
 
-https://www.class-central.com/
 
+[Dimitry Snezhkov - Abusing Webhooks for Command and Control](https://www.youtube.com/watch?v=1d3QCA2cR8o&list=PLuUtcRxSUZUpv2An-RNhjuZSJ5fjY7ghe&index=12)
 
+[Chameleon](https://github.com/mdsecactivebreach/Chameleon)
+* A tool for evading Proxy categorisation
 
-[Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion - Marina Krotofil - Jason Larsen](https://www.youtube.com/watch?v=AL8L76n0Q9w)
-* The appeal of hacking a physical process is dreaming about physical damage attacks lighting up the sky in a shower of goodness. Let’s face it, after such elite hacking action nobody is going to let one present it even at a conference like DEF CON. As a poor substitute, this presentation will get as close as using a simulated plant for Vinyl Acetate production for demonstrating a complete attack, from start to end, directed at persistent economic damage to a production site while avoiding attribution of production loss to a cyber-event. Such an attack scenario could be useful to a manufacturer aiming at putting competitors out of business or as a strong argument in an extortion attack. Exploiting physical process is an exotic and hard to develop skill which have so far kept a high barrier to entry. Therefore real-world control system exploitation has remained in the hands of a few. To help the community mastering new skills we have developed „Damn Vulnerable Chemical Process“ – first open source framework for cyber-physical experimentation based on two realistic models of chemical plants. Come to the session and take your first master class on complex physical hacking.
+[Jackson Thuraisamy & Jason Tran - Hacking POS PoS Systems](https://www.youtube.com/watch?v=-n7oJqmTUCo&list=PLuUtcRxSUZUpv2An-RNhjuZSJ5fjY7ghe&index=13#t=213.471604)
 
 
-[PENQUIN’S MOONLIT MAZE](https://ridt.co/d/jags-moore-raiu-rid.pdf)
+[Software Assurance Maturity Model](http://www.opensamm.org/)
+* The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. - OWASP Project
 
+[DigiDucky - How to setup a Digispark like a rubber ducky](http://www.redteamr.com/2016/08/digiducky/)
 
+[Common Ground Part 1: Red Team History & Overview](https://www.sixdub.net/?p=705)
 
-[Invoke-IR](http://www.invoke-ir.com/)
 
+[Ruler Pivoting Through Exchange - Etienne Stalmans - TR17](https://www.youtube.com/watch?v=tuc8cwOAAcA)
+
+[Domain Hunter](https://github.com/minisllc/domainhunter)
+
+[Windows Access Control Demystified](http://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=E1A09F166B29C17D2CD38C70A02576E4?doi=10.1.1.88.1930&rep=rep1&type=pdf)
 
 
-["Humans, right?" Soft Skills in Security - Ariel Robinson](http://www.irongeek.com/i.php?page=videos/bsidesnova2017/200-humans-right-soft-skills-in-security-ariel-robinson)
-* Let's face it: humans ruin everything. They are almost always the weak link in the information security chain, between their susceptibility to social engineering, rejection of security threats, and sheer laziness. You can make the best security tool in the business, but if a human doesn't use it right, well, you might as well leave your passwords on a sticky note on your-- wait a minute. Yes, humans suck at information security. But we don't make it easy. Infosec is incredibly inaccessible to your average user. Just ask me: I am one. We can't change humans (or get rid of them, no matter how much we might want to), but we can change information security. We can leverage insights from non-technical disciplines such as cognitive science, human-centered design, strategic communications, and psychology. Or we can keep hitting our heads against our desktops. As a professional communicator and bridge builder, help me help you. To make security work, we have to make it easy. For humans.
 
 
+http://www.exploit-monday.com/2012/05/accessing-native-windows-api-in.html
+https://clymb3r.wordpress.com/2013/11/03/powershell-and-token-impersonation/
+https://adsecurity.org/?p=2398
+https://blog.ropnop.com/using-credentials-to-own-windows-boxes/
+https://www.toshellandback.com/
+
+
+https://www.class-central.com/
 
-[Probable-Wordlists](https://github.com/berzerk0/Probable-Wordlists)
+
+[PENQUIN’S MOONLIT MAZE](https://ridt.co/d/jags-moore-raiu-rid.pdf)
+
+["Humans, right?" Soft Skills in Security - Ariel Robinson](http://www.irongeek.com/i.php?page=videos/bsidesnova2017/200-humans-right-soft-skills-in-security-ariel-robinson)
+* Let's face it: humans ruin everything. They are almost always the weak link in the information security chain, between their susceptibility to social engineering, rejection of security threats, and sheer laziness. You can make the best security tool in the business, but if a human doesn't use it right, well, you might as well leave your passwords on a sticky note on your-- wait a minute. Yes, humans suck at information security. But we don't make it easy. Infosec is incredibly inaccessible to your average user. Just ask me: I am one. We can't change humans (or get rid of them, no matter how much we might want to), but we can change information security. We can leverage insights from non-technical disciplines such as cognitive science, human-centered design, strategic communications, and psychology. Or we can keep hitting our heads against our desktops. As a professional communicator and bridge builder, help me help you. To make security work, we have to make it easy. For humans.
 
 [gibbersense](https://github.com/smxlabs/gibbersense)
 * Extract Sense out of Gibberish stuff
@@ -53,6 +116,11 @@ https://www.class-central.com/
 
 
 
+[Mobile Application Penetration Testing Cheat Sheet](https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet)
+
+
+
+
 
 ## Android
 
@@ -84,6 +152,11 @@ https://www.class-central.com/
 
 [De-Anonymizing Alt.Anonymous. Messages - Defcon21 - Tom Ritter](https://www.youtube.com/watch?v=_Tj6c2Ikq_E)
 
+[Dutch-Russian cyber crime case reveals how police tap the internet - ElectroSpaces](http://electrospaces.blogspot.de/2017/06/dutch-russian-cyber-crime-case-reveals.html?m=1)
+
+[Deanonymizing Windows users and capturing Microsoft and VPN accounts](https://medium.com/@ValdikSS/deanonymizing-windows-users-and-capturing-microsoft-and-vpn-accounts-f7e53fe73834)
+
+
 
 
 
@@ -102,12 +175,25 @@ https://www.class-central.com/
 
 ## Building a Lab 
 
-[Install AD DS using Powerhsell](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/install-active-directory-domain-services--level-100-#BKMK_PS)
+[Setting Up a Pentest/Hacking Lab with Hyper-V](http://cyberthreathunt.com/2017/04/01/setting-up-a-pentest-lab-with-hyper-v/)
 
-[Home Lab with pfSense & VMware Workstation - sysadmin perspective](http://itpro.outsidesys.com/2015/02/19/home-lab-with-pfsense-workstation/)
-* I wanted to build a virtual lab environment at home that would emulate an office environment.  My requirements were to have separate network segments for Clients & Servers, and two DMZ networks.  I also wanted my home network, which is external to the virtual lab environment, to emulate the Internet, even though it really isn’t. The following is how I created multiple “named” LAN segments within VMware Workstation, and routed between them using a VM running pfSense, which is an open source firewall.
+[Windows Server 2016: Build a Windows Domain Lab at Home for Free](https://social.technet.microsoft.com/wiki/contents/articles/36438.windows-server-2016-build-a-windows-domain-lab-at-home-for-free.aspx#Download)
+* Microsoft Technet tutorial
 
-[Internet Explorer Windows XP and Vista Virtual Machines](https://github.com/mikescott/ie-virtual-machines/blob/master/README.md)
+[Pentest Home Lab - 0x2 - Building Your AD Lab on Premises-SethSec](https://sethsec.blogspot.com/2017/06/pentest-home-lab-0x2-building-your-ad.html)
+
+[Building A Lab on AWS - 0x1 SethSec](https://sethsec.blogspot.com/2017/05/pentest-home-lab-0x1-building-your-ad.html)
+
+[Building an Effective Active Directory Lab Environment for Testing](https://adsecurity.org/?p=2653)
+
+[Hack Yourself: Building a Test Lab - David Boyd](https://www.youtube.com/watch?v=rgdX-hn0xXU)
+
+[Hack-Yourself: Building a pentesting lab for fun & profit](https://www.slideshare.net/DavidBoydCISSP/hack-yourself-building-a-pentesting-lab-for-fun-and-profit)
+
+[Setting up a Windows Lab Environment](http://thehackerplaybook.com/Windows_Domain.htm)
+
+[Pentest Environment Deployer](https://github.com/Sliim/pentest-env)
+* This repo provides an easy way to deploy a clean and customized pentesting environment with Kali linux using vagrant and virtualbox.
 
 
 ## Car Hacking
@@ -138,7 +224,8 @@ https://www.class-central.com/
 
 [CS 259D Data Mining for Cyber Security Autumn 2014](http://web.stanford.edu/class/cs259d/)
 
-
+[HackSplaining](https://www.hacksplaining.com/faq)
+* Security training aimed towards developers. Free.
 
 
 ## Crypto
@@ -146,102 +233,99 @@ https://www.class-central.com/
 [A Graduate Course in Applied Cryptography - Dan Boneh and Victor Shoup](http://toc.cryptobook.us/)
 * Version 0.3 - posted Dec. 9, 2016
 
-
-## Data Analysis
+[Lifetimes of cryptographic hash functions](http://valerieaurora.org/hash.html)
 
 
 
 
 
-## Documentation/Technical writing
-
 
-[Protecting Your Sources When Releasing Sensitive Documents](https://source.opennews.org/articles/how-protect-your-sources-when-releasing-sensitive-/)
 
 
 
 
 
-## Embedded Devices/Hardware
 
 
-[ThunderGate](http://thundergate.io/)
-* ThunderGate is a collection of tools for the manipulation of Tigon3 Gigabit Ethernet controllers, with special emphasis on the Broadcom NetLink 57762, such as is found in Apple Thunderbolt Gigabit Ethernet adapters.
 
-[ISO/IEC 7816](https://en.wikipedia.org/wiki/ISO/IEC_7816)
-[ISO/IEC 15693](https://en.wikipedia.org/wiki/ISO/IEC_15693)
-[ISO/IEC 14443](https://en.wikipedia.org/wiki/ISO/IEC_14443)
+## Data Analysis
+[Norikra](http://norikra.github.io/)
+* Norikra is a open source server software provides "Stream Processing" with SQL, written in JRuby, runs on JVM, licensed under GPLv2.
 
-[Attacks via physical access to USB (DMA…?)](https://security.stackexchange.com/questions/118854/attacks-via-physical-access-to-usb-dma)
+[Fluentd](https://www.fluentd.org/architecture)
+* Fluentd is an open source data collector, which lets you unify the data collection and consumption for a better use and understanding of data.
 
-[Can a connected USB device read all data from the USB bus?](https://security.stackexchange.com/questions/37927/can-a-connected-usb-device-read-all-data-from-the-usb-bus?rq=1)
 
-[Hacking Printers Wiki](http://hacking-printers.net/wiki/index.php/Main_Page)
 
+## Design
 
+[UI Fundamentals for Programmers by Ryan Singer](https://vimeo.com/6702766)
 
 
 
+## Disclosure
 
+[Request a CVE ID](http://cve.mitre.org/cve/request_id.html#cna_coverage)
 
+[My first CVE-2016-1000329 in BlogPHP](https://www.stevencampbell.info/2016/12/my-first-cve-2016-1000329-in-blogphp/)
 
-## Exploit Dev
+## Documentation/Technical writing
 
-[Proposed Windows 10 EAF/EMET "Bypass" for Reflective DLL Injection](https://zerosum0x0.blogspot.com/2017/06/proposed-eafemet-bypass-for-reflective.html?m=1)
 
-[A Window into Ring0 - Paper](https://labs.mwrinfosecurity.com/publications/a-window-into-ring0/)
-* With the rise of sandboxes and locked down user accounts attackers are increasingly resorting to attacking kernel mode code to gain full access to compromised systems. The talk provided an overview of the Windows kernel mode attack surface and how to interact with it. It then went on to cover the tools available for finding bugs in Windows kernel mode code and drivers as well as highlighting some of the lower hanging fruit, common mistakes and the steps being taken (or lack of steps being taken) to mitigate the risks posed. The talk also covered common exploitation techniques to gather information about the state of kernel mode memory and to gain code execution as SYSTEM. Finally the talk walked through exploiting CVE-2016-7255 on modern 64 bit versions of Windows.
+[Protecting Your Sources When Releasing Sensitive Documents](https://source.opennews.org/articles/how-protect-your-sources-when-releasing-sensitive-/)
 
-[CVE-2016-7255 - Git repo](https://github.com/mwrlabs/CVE-2016-7255)
+[vim-wordy](https://github.com/reedes/vim-wordy/blob/master/README.markdown)
+* wordy is not a grammar checker. Nor is it a guide to proper word usage. Rather, wordy is a lightweight tool to assist you in identifying those words and phrases known for their history of misuse, abuse, and overuse, at least according to usage experts.
 
-[Exploit-Challenges - A collection of vulnerable ARM binaries for practicing exploit development](https://github.com/Billy-Ellis/Exploit-Challenges)
-* Here are a collection of vulnerable ARM binaries designed for beginner vulnerability researchers & exploit developers to play around with and test their skills!
 
-[Windows-driver-samples](https://github.com/Microsoft/Windows-driver-samples	)
-* This repo contains driver samples prepared for use with Microsoft Visual Studio and the Windows Driver Kit (WDK). It contains both Universal Windows Driver and desktop-only driver samples.
 
-[DriverBuddy](https://github.com/nccgroup/DriverBuddy)
-* DriverBuddy is an IDA Python script to assist with the reverse engineering of Windows kernel drivers.
-* [Blog post](https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/november/driverbuddy-tool-release/)
+## Embedded Devices/Hardware
 
 
-[win_driver_plugin](https://github.com/mwrlabs/win_driver_plugin)
-* A tool to help when dealing with Windows IOCTL codes or reversing Windows drivers.
+[ThunderGate](http://thundergate.io/)
+* ThunderGate is a collection of tools for the manipulation of Tigon3 Gigabit Ethernet controllers, with special emphasis on the Broadcom NetLink 57762, such as is found in Apple Thunderbolt Gigabit Ethernet adapters.
 
-[Securi-Tay 2017 - A Window into Ring0](https://www.youtube.com/watch?v=DLND8bKv27w)
-* With the rise of sandboxes and locked down user accounts attackers are increasingly resorting to attacking kernel mode code to gain full access to compromised systems. This talk aims to provide an overview of the Windows kernel mode attack surface and how to interact with it. This talk will demonstrate the tools available for finding bugs in Windows kernel mode code and drivers together with highlighting some of the lower hanging fruit, common mistakes and the steps being taken (or lack of steps being taken) to mitigate the risks posed. The talk will then cover common exploitation techniques to gather information about the state of kernel mode memory and to gain code execution as SYSTEM using examples from publicly known exploits.
+[ISO/IEC 7816](https://en.wikipedia.org/wiki/ISO/IEC_7816)
+[ISO/IEC 15693](https://en.wikipedia.org/wiki/ISO/IEC_15693)
+[ISO/IEC 14443](https://en.wikipedia.org/wiki/ISO/IEC_14443)
 
-[Toward mitigating arbitrary native code execution in Windows 10](https://github.com/Microsoft/MSRC-Security-Research/blob/master/presentations/2017_05_SysScan360_Seattle/SyScan360_Miller_Towards_Mitigating_Arbitrary_Native_Code_Execution.pdf)
+[Attacks via physical access to USB (DMA…?)](https://security.stackexchange.com/questions/118854/attacks-via-physical-access-to-usb-dma)
 
-[MSRC-Security-Research Github](https://github.com/Microsoft/MSRC-Security-Research/tree/master/presentations)
+[Can a connected USB device read all data from the USB bus?](https://security.stackexchange.com/questions/37927/can-a-connected-usb-device-read-all-data-from-the-usb-bus?rq=1)
 
-[A cursory analysis of @nitayart's Broadpwn bug (CVE-2017-9417)](http://boosterok.com/blog/broadpwn/)
+[Hacking Printers Wiki](http://hacking-printers.net/wiki/index.php/Main_Page)
 
-[Emulation and Exploration of BCM WiFi Frame Parsing using LuaQEMU](https://comsecuris.com/blog/posts/luaqemu_bcm_wifi/)
+[Ian Douglas - Creating an Internet of Private Things](https://www.youtube.com/watch?v=4W8SkujOXi4&list=PLuUtcRxSUZUpv2An-RNhjuZSJ5fjY7ghe&index=8)
+* The next big market push is to have the cool IoT device that’s connected to the internet. As we’ve seen from the Mirai and Switcher hacks, it’s important to embed the appropriate safeguards so that devices are not open to attack. When selecting device components there are things that should be checked for, and when you’re doing the coding and workflows, there are other things that need to be taken in to account. Although security and privacy are close cousins, they’re also different. This talk will be centered around some best security and privacy practices as well as some common errors that should be avoided.
 
-[Emulation and Exploration of BCM WiFi Frame Parsing using LuaQEMU](https://comsecuris.com/blog/posts/luaqemu_bcm_wifi/)
 
-[The Weak Bug - Exploiting a Heap Overflow in VMware](http://acez.re/the-weak-bug-exploiting-a-heap-overflow-in-vmware/)
 
-[A Study of Overflow Vulnerabilities on GPUs](https://www.aimlab.org/haochen/papers/npc16-overflow.pdf)
 
-[Playing with canaries](https://www.elttam.com.au/blog/playing-with-canaries/)
 
-[Windows Exploit Protection History/Overview - Compass Security](https://exploit.courses/files/bfh2017/day6/0x60_WindowsExploiting.pdf)
 
-[Resolving the Base Pointer of the Linux Program Interpreter with Shellcode](https://web-beta.archive.org/web/20160720084253/http://howto.hackallthethings.com:80/2015/03/resolving-base-pointer-of-linux-program.html)
 
-[Bypassing Device Guard with .NET Assembly Compilation Methods](http://www.exploit-monday.com/2017/07/bypassing-device-guard-with-dotnet-methods.html)
+## Exploit Dev
+* Add use-after-free section
 
-[Microsoft Patch Analysis for Exploitation Stephen Sims](https://www.youtube.com/watch?v=LHNcBVQF1tM)
+[ShellcodeStdio](https://github.com/jackullrich/ShellcodeStdio)
+* An extensible framework for easily writing debuggable, compiler optimized, position independent, x86 shellcode for windows platforms.
 
-[MS17-010](https://github.com/worawit/MS17-010)
+[gdbgui](https://github.com/cs01/gdbgui)
+* A modern, browser-based frontend to gdb (gnu debugger). Add breakpoints, view stack traces, and more in C, C++, Go, and Rust. Simply run gdbgui from the terminal and a new tab will open in your browser.
 
+[I-know-where-your-page-lives](https://github.com/IOActive/I-know-where-your-page-lives)
+* I Know Where Your Page Lives: Derandomizing the latest Windows 10 Kernel - ZeroNights 2016
 
+[Crashing phones with Wi-Fi: Exploiting nitayart's Broadpwn bug (CVE-2017-9417)](http://boosterok.com/blog/broadpwn2/)
 
+[Sigreturn Oriented Programming is a real Threat](https://subs.emis.de/LNI/Proceedings/Proceedings259/2077.pdf)
+* Abstract: This paper shows that Sigreturn Oriented Programming (SROP), which consists of using calls to sigreturn to execute arbitrary code, is a pow erful method for the de velopment of exploits. This is demonstrated by developing two different kinds of SROP based exploits, one asterisk exploit which was already portrayed in the paper presenting SROP, and one novel exploit for a recently disclosed bug inthe DNS address resolution of the default GNUC library. Taking advantage of the fact, that these exploits have very few dependencies on the program being exploited, a library is implemented to automate wide parts of SROP exploit creation. This highlights the potential of SROP in respect to reusable and portable exploit code which strongly supports the conclusion of the original paper: SROP is areal threat!
 
+[Playing with signals : An overview on Sigreturn Oriented Programming](https://thisissecurity.net/2015/01/03/playing-with-signals-an-overview-on-sigreturn-oriented-programming/)
 
+[SROP | Signals, you say?](https://0x00sec.org/t/srop-signals-you-say/2890)
 
+[EnglishmansDentist Exploit Analysis](https://blogs.technet.microsoft.com/srd/2017/07/20/englishmansdentist-exploit-analysis/)
 
 
 
@@ -255,29 +339,42 @@ https://www.class-central.com/
 [PowerForensics - PowerShell Digital Forensics](https://github.com/Invoke-IR/PowerForensics)
 * The purpose of PowerForensics is to provide an all inclusive framework for hard drive forensic analysis. PowerForensics currently supports NTFS and FAT file systems, and work has begun on Extended File System and HFS+ support.
 
+[IRM (Incident Response Methodologies)](https://github.com/certsocietegenerale/IRM)
+* CERT Societe Generale provides easy to use operational incident best practices. These cheat sheets are dedicated to incident handling and cover multiple fields in which a CERT team can be involved. One IRM exists for each security incident we're used to dealing with.
+
+[Get-InjectedThread.ps1](https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2)
+* Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
+
+
+
+
 
 
 
 
 ## Fuzzing
-https://raw.githubusercontent.com/secfigo/Awesome-Fuzzing/master/README.md
 
-[Upping Your Bug Hunting Skills Using Symbolic Virtual Machines by Anto  - x33fcon](https://www.youtube.com/watch?v=IPSZxGaLlyk)
+[The Bug Hunters Methodology](https://github.com/jhaddix/tbhm)
+* Welcome! This repo is a conglomeration of tips, tricks, tools, and data analysis to use while doing web application security assessments, and more specifically towards bug hunting in bug bounties.
 
-[libFuzzer-gv: new techniques for dramatically faster fuzzing](https://guidovranken.wordpress.com/2017/07/08/libfuzzer-gv-new-techniques-for-dramatically-faster-fuzzing/)
 
-[libfuzzer-gv](https://github.com/guidovranken/libfuzzer-gv)
-* enhanced fork of libFuzzer
 
-[Browser Bug Hunting and Mobile](http://slides.com/revskills/fzbrowsers#/)
+## Game Hacking
+
+[Remote Code Execution In Source Games](https://oneupsecurity.com/research/remote-code-execution-in-source-games?t=r)
+
+http://douevenknow.us/post/151129092928/throwback-k9lhax-by-bruteforce
+
 
-[Introduction to USB and Fuzzing DEFCON23 Matt DuHarte](https://www.youtube.com/watch?v=KWOTXypBt4E)
 
 
-## Honeypots
 
 
+## Honeypots
+[honeyLambda](https://github.com/0x4D31/honeyLambda)
+* a simple, serverless application designed to create and monitor URL {honey}tokens, on top of AWS Lambda and Amazon API Gateway
 
+[Masarah Paquet-Clouston & Olivier Bilodeau - Attacking Linux Moose Unraveled an Ego Market](https://www.youtube.com/watch?v=8c8C5cHbRU0&list=PLuUtcRxSUZUpv2An-RNhjuZSJ5fjY7ghe&index=2)
 
 
 
@@ -286,6 +383,8 @@ https://raw.githubusercontent.com/secfigo/Awesome-Fuzzing/master/README.md
 [dyode](https://github.com/arnaudsoullie/dyode)
 * A low-cost data diode, aimed at Industrial Control Systems
 
+[Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion - Marina Krotofil - Jason Larsen](https://www.youtube.com/watch?v=AL8L76n0Q9w)
+* The appeal of hacking a physical process is dreaming about physical damage attacks lighting up the sky in a shower of goodness. Let’s face it, after such elite hacking action nobody is going to let one present it even at a conference like DEF CON. As a poor substitute, this presentation will get as close as using a simulated plant for Vinyl Acetate production for demonstrating a complete attack, from start to end, directed at persistent economic damage to a production site while avoiding attribution of production loss to a cyber-event. Such an attack scenario could be useful to a manufacturer aiming at putting competitors out of business or as a strong argument in an extortion attack. Exploiting physical process is an exotic and hard to develop skill which have so far kept a high barrier to entry. Therefore real-world control system exploitation has remained in the hands of a few. To help the community mastering new skills we have developed „Damn Vulnerable Chemical Process“ – first open source framework for cyber-physical experimentation based on two realistic models of chemical plants. Come to the session and take your first master class on complex physical hacking.
 
 
 
@@ -312,44 +411,40 @@ https://raw.githubusercontent.com/secfigo/Awesome-Fuzzing/master/README.md
 
 ## Interesting Things
 
-[Manuals Library](https://www.manualslib.com/)
+[VBScript Injection via GNOME Thumbnailer - On Linux](http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html)
 
-[SweetSecurity](https://github.com/TravisFSmith/SweetSecurity)
-* Scripts to setup and install Bro IDS, Elastic Search, Logstash, Kibana, and Critical Stack on a Raspberry Pi 3 device.
+[wikiteam](https://github.com/WikiTeam/wikiteam)
+* Tools for downloading and preserving wikis 
 
-[The S stands for Simple](http://harmful.cat-v.org/software/xml/soap/simple)
-* Satire(Only it's not) of a conversation about SOAP
+[List of disposable email domains](https://github.com/martenson/disposable-email-domains)
 
-[Encyclopedia of things considered harmful](http://harmful.cat-v.org/)
+[Locking Your Registry Keys for Fun and, Well, Just Fun I Guess](https://tyranidslair.blogspot.co.uk/2017/07/locking-your-registry-keys-for-fun-and.html)
 
-[THE BASIC LAWS OF HUMAN STUPIDITY - Carlo M. Cipolia](http://harmful.cat-v.org/people/basic-laws-of-human-stupidity/)
+[303 Hacks Lies Nation States Mario DiNatale](https://www.youtube.com/watch?v=nyh_ORq1Qwk)
 
-[NIST National Vulnerability Database](https://nvd.nist.gov/ncp/repository)
+[Richard Thieme - The Impact of Dark Knowledge and Secrets on Security and Intelligence Professionals](https://www.youtube.com/watch?v=0MzcPBAj88A&list=PLuUtcRxSUZUpv2An-RNhjuZSJ5fjY7ghe)
+* Dismissing or laughing off concerns about what it does to a person to know critical secrets does not lessen the impact on life, work, and relationships of building a different map of reality than “normal people” use. One has to calibrate narratives to what another believes. One has to live defensively, warily. This causes at the least cognitive dissonance which some manage by denial. But refusing to feel the pain does not make it go away. It just intensifies the consequences when they erupt.
+Philip K. Dick said, reality is that which, when you no longer believe in it, does not go away. When cognitive dissonance evolves into symptoms of traumatic stress, one ignores those symptoms at one’s peril. But the very constraints of one’s work often make it impossible to speak aloud about those symptoms, because that might threaten one’s clearances, work, and career. And whistle blower protection is often non-existent.
 
-[IA Guidance - NSA](https://www.iad.gov/iad/library/ia-guidance/index.cfm)
+[recap](https://github.com/rackerlabs/recap)
+* recap is a reporting script that generates reports of various information about the server.
 
-[Docker: Not Even a Linker](http://adamierymenko.com/docker-not-even-a-linker/)
+[Paul Rascagneres - Modern Reconnaissance Phase by APT – Protection Layer](https://www.youtube.com/watch?v=4JVrK7bRKb0&index=10&list=PLuUtcRxSUZUpv2An-RNhjuZSJ5fjY7ghe)
 
-[Paste-Scraper](https://github.com/KernelEquinox/Paste-Scraper)
+[BE YOUR OWN VPN PROVIDER WITH OPENBSD (v2)](https://networkfilter.blogspot.com/2017/04/be-your-own-vpn-provider-with-openbsd-v2.html)
 
-[Wayback scraper](https://github.com/abrenaut/waybackscraper)
+[New cache architecture on Intel I9 and Skylake server: An initial assessment](https://cyber.wtf/2017/07/18/new-cache-architecture-on-intel-i9-and-skylake-server-an-initial-assessment/)
 
-[LeakedSource.ru](https://leakedsource.ru/)
+[301 The Road to Hiring is Paved in Good Intentions Tim OBrien](https://www.youtube.com/watch?v=sdkf8SIj1rU)
 
-[Red Team Infrastructure Wiki](https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki)
-* Wiki to collect Red Team infrastructure hardening resources
-* Accompanying Presentation: [Doomsday Preppers: Fortifying Your Red Team Infrastructure](https://speakerdeck.com/rvrsh3ll/doomsday-preppers-fortifying-your-red-team-infrastructure)
-
-[cyberfree](https://github.com/arnaudsoullie/cyberfree)
-* Cyber-free browsing extension for Chrome
-
-[Software Supply Chains and the Illusion of Control - Derek Weeks](http://www.irongeek.com/i.php?page=videos/bsidesnova2017/107-software-supply-chains-and-the-illusion-of-control-derek-weeks)
-* In this presentation I am sharing the results of a three-year, industry-wide study on open source development and security practices across 3,000 organizations and 25,000. I will detail how these organizations are employing a vast community of open source component suppliers, warehouses, and development tools that take the form of software supply chains. Modern software development practices are now consuming BILLIONS of open source and third-party components. The tooling with package managers and build tools such as Maven, Gradle, npm, NuGet, RubyGems and others has promoted the usage of components to a convenient standard practice. As a result, 90% of a typical application is now composed of open source components. The good news: use of the components is improving developer productivity and accelerating time to market. However, using these components brings ownership and responsibility with it and this fact is largely overlooked. The unspoken truth: not all parts are created equal. For example, 1 in 16 components in use include known security vulnerabilities. Ugh. This session aims to enlighten development professionals by sharing results from the State of the Software Supply Chain reports from 2015 through 2017. The reports blend of public and proprietary data with expert research and analysis. Attendees in this session will learn: - What our analysis of 25,000 applications reveals about the quality and security of software built with open source components - How organizations like Mayo Clinic, Exxon, Capital One, the U.S. FDA and Intuit are utilizing the principles of software supply chain automation to improve application security - Why avoiding open source components over 3 years old might be a really good idea - How to balance the need for speed with quality and security -- early in the development lifecycle We will also discuss how you can best approach the effort for development teams to identify, track and replace components with known vulnerabilities, while getting more products and new features to market quickly. Attend this session and gain insight as to how your organization’s application development practices compare to others. I'll share the industry benchmarks to take back and discuss with your development, security, and open source governance teams.
+[Ermahgerd: Lawrs - Robert Heverly - Anycon17](http://www.irongeek.com/i.php?page=videos/anycon2017/305-ermahgerd-lawrs-prof-robert-heverly)
+* When do you ? and other coders, hackers, developers, and tinkerers ? think or worry about the law? If your answer is, ?Not very often,? then this talk is for you. We all need to think about the law. And it?s not just privacy, or computer fraud, or even anti-circumvention law, that we should think about. We need to think about law as a whole and how it can help us do or stop us from doing what we want to do. This talk will start with a broad overview of the ways in which we implicate law when we do what we do, and then will focus on what that means for us and the broader implications that can arise from our various activities. Do you think the law would stop you from doing what you want to do or punish you for doing it? It might, but it also might not. If you think it does, do you think you should be able to do what you want to do? If you do, then we need to hack the law, and to do that we?ll need to talk to the legal coders, those writers of our cultural software. This talk will tackle not only law and working with code, but also why it matters for us to be aware of the law and engaged in improving it.
 
 
 
 ## Lockpicking
 
+[Lock Picking Course - LockLab](https://lock-lab.com/locklab-university/lock-picking-course-2/)
 
 
 
@@ -361,9 +456,8 @@ https://archive.is/Nol3S
 
 [Hiding in Plain Sight: Advances in malware covert communication channels - BH2015 Pierre-Marc Bureau, Christian Dietrich](https://www.blackhat.com/docs/eu-15/materials/eu-15-Bureau-Hiding-In-Plain-Sight-Advances-In-Malware-Covert-Communication-Channels-wp.pdf)
 
-
-
-
+[rVMI - A New Paradigm For Full System Analysis](https://github.com/fireeye/rvmi)
+* rVMI is a debugger on steroids. It leverages Virtual Machine Introspection (VMI) and memory forensics to provide full system analysis. This means that an analyst can inspect userspace processes, kernel drivers, and preboot environments in a single tool.  It was specifially designed for interactive dynamic malware analysis. rVMI isolates itself from the malware by placing its interactive debugging environment out of the virtual machine (VM) onto the hypervisor-level. Through the use of VMI the analyst still has full control of the VM, which allows her to pause the VM at any point in time and to use typical debugging features such as breakpoints and watchpoints. In addtion, rVMI provides access to the entire Rekall feature set, which enables an analyst to inspect the kernel and its data structures with ease.
 
 
 
@@ -376,94 +470,72 @@ https://archive.is/Nol3S
 
 ## Network Scanning and Attacks
 
-[PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server](https://github.com/NetSPI/PowerUpSQL)
-* The PowerUpSQL module includes functions that support SQL Server discovery, auditing for common weak configurations, and privilege escalation on scale. It is intended to be used during internal penetration tests and red team engagements. However, PowerUpSQL also includes many functions that could be used by administrators to quickly inventory the SQL Servers in their ADS domain.
-* [Documentation](https TLS/SSL Vulnerabilities ://github.com/NetSPI/PowerUpSQL/wiki)
-* [Overview of PowerUpSQL](https://github.com/NetSPI/PowerUpSQL/wiki/Overview-of-PowerUpSQL)
+[bluebox-ng](https://github.com/jesusprubio/bluebox-ng)
+* Pentesting framework using Node.js powers, focused in VoIP.
 
-[ TLS/SSL Vulnerabilities ](https://www.gracefulsecurity.com/tls-ssl-vulnerabilities/)
+[dns-parallel-prober](https://github.com/lorenzog/dns-parallel-prober)
+* This script is a proof of concept for a parallelised domain name prober. It creates a queue of threads and tasks each one to probe a sub-domain of the given root domain. At every iteration step each dead thread is removed and the queue is replenished as necessary.
 
-[WSUXploit])(https://github.com/pimps/wsuxploit)
-* This is a MiTM weaponized exploit script to inject 'fake' updates into non-SSL WSUS traffic. It is based on the WSUSpect Proxy application that was introduced to public on the Black Hat USA 2015 presentation, 'WSUSpect – Compromising the Windows Enterprise via Windows Update'
+[enumall](https://github.com/Dhayalan96/enumall)
+* Script to enumerate subdomains, leveraging recon-ng. Uses google scraping, bing scraping, baidu scraping, yahoo scarping, netcraft, and bruteforces to find subdomains. Plus resolves to IP.
 
-[IPv6 Local Neighbor Discovery Using Router Advertisement](https://www.rapid7.com/db/modules/auxiliary/scanner/discovery/ipv6_neighbor_router_advertisement)
-* Send a spoofed router advertisement with high priority to force hosts to start the IPv6 address auto-config. Monitor for IPv6 host advertisements, and try to guess the link-local address by concatinating the prefix, and the host portion of the IPv6 address. Use NDP host solicitation to determine if the IP address is valid'
+[SIMPLYEMAIL](https://github.com/killswitch-GUI/SimplyEmail)
+* What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.
 
-[sipvicious](https://github.com/EnableSecurity/sipvicious)
 
-[STP MiTM Attack and L2 Mitigation Techniques on the Cisco Catalyst 6500 ](http://www.ndm.net/ips/pdf/cisco/Catalyst-6500/white_paper_c11_605972.pdf)
 
-[t50 - the fastest packet injector.](https://github.com/fredericopissarra/t50)
-* T50 was designed to perform “Stress Testing”  on a variety of infra-structure
-network devices (Version 2.45), using widely implemented protocols, and after
-some requests it was was re-designed to extend the tests (as of Version 5.3),
-covering some regular protocols (ICMP,  TCP  and  UDP),  some infra-structure
-specific protocols (GRE,  IPSec  and  RSVP), and some routing protocols (RIP,
-EIGRP and OSPF).
 
-[DNS hijacking using cloud providers - Frans Rosén](https://www.youtube.com/watch?v=HhJv8CU-RIk)
 
-[Sublist3r](https://github.com/aboul3la/Sublist3r)
-* Fast subdomains enumeration tool for penetration testers
 
-[Altdns](https://github.com/infosec-au/altdns)
-* Altdns is a DNS recon tool that allows for the discovery of subdomains that conform to patterns. Altdns takes in words that could be present in subdomains under a domain (such as test, dev, staging) as well as takes in a list of subdomains that you know of.
 
-[Attacking Nextgen Firewalls](https://www.youtube.com/watch?v=ZoCf9yWC32g)
 
 
 
 
 
+## Network | Monitoring & Logging
 
-## Network Monitoring
+[Uncovering Indicators of Compromise (IoC) Using   PowerShell, Event Logs, and  a Traditional Monitoring Tool](https://www.sans.org/reading-room/whitepapers/critical/uncovering-indicators-compromise-ioc-powershell-event-logs-traditional-monitoring-tool-36352)
 
-[Stenographer](https://github.com/google/stenographer)
-* Stenographer is a full-packet-capture utility for buffering packets to disk for intrusion detection and incident response purposes. It provides a high-performance implementation of NIC-to-disk packet writing, handles deleting those files as disk fills up, and provides methods for reading back specific sets of packets quickly and easily.
+[Advanced Security Audit Policy Settings](https://technet.microsoft.com/en-us/library/dn319056(v=ws.11).aspx)
 
-[ROCK NSM](http://rocknsm.io/)
+[Sysinternals Sysmon unleashed](https://blogs.technet.microsoft.com/motiba/2016/10/18/sysinternals-sysmon-unleashed/)
 
-[Response Operation Collections Kit Reference Build](https://github.com/rocknsm/rock)
+[Advanced Security Audit Policy Settings(Windows)](https://technet.microsoft.com/en-us/library/dn319056(v=ws.11).aspx)
 
-[PCAPDB](https://github.com/dirtbags/pcapdb)
-* PcapDB is a distributed, search-optimized open source packet capture system. It was designed to replace expensive, commercial appliances with off-the-shelf hardware and a free, easy to manage software system. Captured packets are reorganized during capture by flow (an indefinite length sequence of packets with the same src/dst ips/ports and transport proto), indexed by flow, and searched (again) by flow. The indexes for the captured packets are relatively tiny (typically less than 1% the size of the captured data).
+[SysInternals: SysMon Unleashed](https://blogs.technet.microsoft.com/motiba/2016/10/18/sysinternals-sysmon-unleashed/)
 
-[Aktaion: Open Source Tool For "Micro Behavior Based" Exploit Detection and Automated GPO Policy Generation](https://github.com/jzadeh/Aktaion)
-* Aktaion is a lightweight JVM based project for detecting exploits (and more generally attack behaviors). The project is meant to be a learning/teaching tool on how to blend multiple security signals and behaviors into an expressive framework for intrusion detection. The cool thing about the project is it provides an expressive mechanism to add high level IOCs (micro beahviors) such as timing behavior of a certain malware family.
+[Windows Event Collector(For centralizing windows domain logging with no local agent, windows actually has built-in logging freely available)](https://msdn.microsoft.com/en-us/library/bb427443(v=vs.85).aspx)
 
-[Passive IPS Reconnaissance and Enumeration - false positive (ab)use - Arron Finnon](https://vimeo.com/108775823)
-* Network Intrusion Prevention Systems or NIPS have been plagued by "False Positive" issues almost since their first deployment. A "False Positive" could simply be described as incorrectly or mistakenly detecting a threat that is not real. A large amount of research has gone into using "False Positive" as an attack vector either to attack the very validity of an IPS system or to conduct forms of Denial of Service attacks. However the very reaction to a "False Positive" in the first place may very well reveal more detailed information about defences than you might well think.
+[Windows event Collector - Setting up source initiated Subscriptions](https://msdn.microsoft.com/en-us/library/bb870973(v=vs.85).aspx)
 
-[Public:Windows Event Log Zero 2 Hero Slides](https://docs.google.com/presentation/d/1dkrldTTlN3La-OjWtkWJBb4hVk6vfsSMBFBERs6R8zA/edit#slide=id.g21acf94f3f_2_27)
+[Use Windows Event Forwarding to help with intrusion detection](https://docs.microsoft.com/en-us/windows/threat-protection/use-windows-event-forwarding-to-assist-in-instrusion-detection)
 
-[SniffJoke](https://github.com/vecna/sniffjoke)
-* SniffJoke is an application for Linux that handle transparently your TCP connection, delaying, modifyng and inject fake packets inside your transmission, make them almost impossible to be correctly readed by a passive wiretapping technology (IDS or sniffer)
+[GetInjectedThreads.ps1](https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2)
+* Looks for threads that were created as a result of code injection.
 
-[RITA - Finding Bad Things on Your Network Using Free and Open Source Tools](https://www.youtube.com/watch?v=mpCBOQSjbOA)
+[Taking Hunting to the Next Level Hunting in Memory - Jared Atkinson 2017](https://www.youtube.com/watch?v=3RUMShnJq_I)
 
-[ You Pass Butter: Next Level Security Monitoring Through Proactivity](http://www.irongeek.com/i.php?page=videos/nolacon2016/110-you-pass-butter-next-level-security-monitoring-through-proactivity-cry0-s0ups)
+[Sysmon - The Best Free Windows Monitoring Tool You Aren't Using](http://909research.com/sysmon-the-best-free-windows-monitoring-tool-you-arent-using/)
 
-[Uproot](https://github.com/Invoke-IR/Uproot)
-* Uproot is a Host Based Intrusion Detection System (HIDS) that leverages Permanent Windows Management Instrumentation (WMI) Event Susbcriptions to detect malicious activity on a network. For more details on WMI Event Subscriptions please see the WMIEventing Module
+[Windows Log Hunting with PowerShell](http://909research.com/windows-log-hunting-with-powershell/)
 
-[WMIEvent](https://github.com/Invoke-IR/WMIEvent)
-* A PowerShell module to abstract the complexities of Permanent WMI Event Subscriptions
+[check_ioc](https://github.com/oneoffdallas/check_ioc)
+* Check_ioc is a script to check for various, selectable indicators of compromise on Windows systems via PowerShell and Event Logs. It was primarily written to be run on a schedule from a monitoring engine such as Nagios, however, it may also be run from a command-line (for incident response).
 
+[Greater Visibility Through PowerShell Logging](https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html)
 
+[block-parser](https://github.com/matthewdunwoody/block-parser)
+* Parser for Windows PowerShell script block logs
 
+[Revoke -­ Obfuscation: PowerShell Obfuscation Detection Using Science](https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/revoke-obfuscation-report.pdf)
 
 
 
-## OSINT
 
-[PowerMeta](https://github.com/dafthack/PowerMeta)
-* PowerMeta searches for publicly available files hosted on various websites for a particular domain by using specially crafted Google, and Bing searches. It then allows for the download of those files from the target domain. After retrieving the files, the metadata associated with them can be analyzed by PowerMeta. Some interesting things commonly found in metadata are usernames, domains, software titles, and computer names.
 
-[Fantastic OSINT and where to find it - blindseeker/malware focused](http://archive.is/sYzcP#selection-62.0-62.1)
 
-[Corporate Espionage without the Hassle of Committing Felonies](https://www.slideshare.net/JohnCABambenek/corporate-espionage-without-the-hassle-of-committing-felonies)
 
-[How to Use Python to Spy on Your Friends: Web APIs, Recon ng, & OSINT](https://www.youtube.com/watch?v=BOjz7NfsLpA)
 
 
 
@@ -472,116 +544,129 @@ EIGRP and OSPF).
 
 
 
-##	OS X
-
-
 
+## OSINT
+[XRAY](https://github.com/evilsocket/xray)
+* XRay is a tool for recon, mapping and OSINT gathering from public networks.
 
-## Privilege Escalation/Post Exploitatoin
+[PowerMeta](https://github.com/dafthack/PowerMeta)
+* PowerMeta searches for publicly available files hosted on various websites for a particular domain by using specially crafted Google, and Bing searches. It then allows for the download of those files from the target domain. After retrieving the files, the metadata associated with them can be analyzed by PowerMeta. Some interesting things commonly found in metadata are usernames, domains, software titles, and computer names.
 
-[Pen Testing Active Directory Series](https://blog.varonis.com/binge-read-pen-testing-active-directory-series/)
+[tweets_analyzer](https://github.com/x0rz/tweets_analyzer)
+* Tweets metadata scraper & activity analyzer
 
-[Offensive Active Directory with Powershell](https://www.youtube.com/watch?v=cXWtu-qalSs)
+[GitPrey](https://github.com/repoog/GitPrey)
+* GitPrey is a tool for searching sensitive information or data according to company name or key word something.The design mind is from searching sensitive data leakling in Github:
 
-[Hacking SQL Server on Scale with PowerShell - Secure360 2017](https://www.slideshare.net/nullbind/2017-secure360-hacking-sql-server-on-scale-with-powershell)
+[linkedin](https://github.com/eracle/linkedin)
+* Linkedin Scraper using Selenium Web Driver, Firefox 45, Ubuntu and Scrapy
 
+[repo-supervisor](https://github.com/auth0/repo-supervisor)
 
+[git-all-secrets](https://github.com/anshumanbh/git-all-secrets)
+* A tool to capture all the git secrets by leveraging multiple open source git searching tools
 
+[Truffle Hog](https://github.com/dxa4481/truffleHog)
+* Searches through git repositories for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed that contain high entropy.
 
+[SimplyEmail](https://github.com/killswitch-GUI/SimplyEmail)
+* Email recon made fast and easy, with a framework to build on
 
 
-## Password Cracking
 
-[HashView](https://github.com/hashview/hashview)
-* Hashview is a tool for security professionals to help organize and automate the repetitious tasks related to password cracking. Hashview is a web application that manages hashcat (https://hashcat.net) commands. Hashview strives to bring constiency in your hashcat tasks while delivering analytics with pretty pictures ready for ctrl+c, ctrl+v into your reports.
 
-[BEWGor](https://github.com/berzerk0/BEWGor)
-* Bull's Eye Wordlist Generator
 
-[Probable-Wordlists](https://github.com/berzerk0/Probable-Wordlists)
-* Wordlists sorted by probability originally created for password generation and testing
 
-[Cracking Corporate Passwords Exploiting Password Policy Weaknesses - Minga Rick Redm - Derbycon3](https://www.youtube.com/watch?v=qR-qRUbeKAo)
 
 
+##	OS X
 
 
-## Phishing/SE
 
-[CatMyFish](https://github.com/Mr-Un1k0d3r/CatMyFish)
-* Search for categorized domain that can be used during red teaming engagement. Perfect to setup whitelisted domain for your Cobalt Strike beacon C&C.  It relies on expireddomains.net to obtain a list of expired domains. The domain availability is validated using checkdomain.com
 
+## Privilege Escalation/Post Exploitatoin
 
+[Pen Testing Active Directory Series](https://blog.varonis.com/binge-read-pen-testing-active-directory-series/)
 
+[Offensive Active Directory with Powershell](https://www.youtube.com/watch?v=cXWtu-qalSs)
 
+[Hacking SQL Server on Scale with PowerShell - Secure360 2017](https://www.slideshare.net/nullbind/2017-secure360-hacking-sql-server-on-scale-with-powershell)
 
-## Post Exploitation/Privilege Escalation
+[EvilAbigail](https://github.com/GDSSecurity/EvilAbigail/blob/master/README.md)
+* Initrd encrypted root fs attack
 
-[The “SYSTEM” challenge](https://decoder.cloud/2017/02/21/the-system-challenge/)
-* Writeup of achieving system from limited user privs.
 
-[How to use msfvenom](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom)
 
-[Mimikatz Logs and Netcat](http://blackpentesters.blogspot.com/2013/12/mimikatz-logs-and-netcat.html?m=1)
+## Password Cracking
 
-[Invoke-CradleCrafter: Moar PowerShell obFUsk8tion by Daniel Bohannon](https://www.youtube.com/watch?feature=youtu.be&v=Nn9yJjFGXU0&app=desktop)
+[Cracklord](https://github.com/jmmcatee/cracklord)
+* CrackLord is a system designed to provide a scalable, pluggable, and distributed system for both password cracking as well as any other jobs needing lots of computing resources. Better said, CrackLord is a way to load balance the resources, such as CPU, GPU, Network, etc. from multiple hardware systems into a single queueing service across two primary services: the Resource and Queue. It won't make these tasks faster, but it will make it easier to manage them.
 
-[Invoke-CradleCrafter v1.1](https://github.com/danielbohannon/Invoke-CradleCrafter)
+[Dagon](https://github.com/Ekultek/Dagon)
+* Named after the prince of Hell, Dagon (day-gone) is an advanced hash cracking and manipulation system, capable of bruteforcing multiple hash types, creating bruteforce dictionaries, automatic hashing algorithm verification, random salt generation from Unicode to ASCII, and much more.
 
-[Customising Meterpreter Loader DLL part. 2](https://astr0baby.wordpress.com/2014/02/13/customising-meterpreter-loader-dll-part-2/)
 
-[Dr0p1t-Framework](https://github.com/D4Vinci/Dr0p1t-Framework)
-* Have you ever heard about trojan droppers ? In short dropper is type of trojans that downloads other malwares and Dr0p1t gives you the chance to create a stealthy dropper that bypass most AVs and have a lot of tricks ( Trust me :D ) ;)
+x
 
-[Winpayloads](https://github.com/nccgroup/Winpayloads)
-* Undetectable Windows Payload Generation with extras Running on Python2.7
 
-[The Travelling Pentester: Diaries of the Shortest Path to Compromise](https://www.slideshare.net/harmj0y/the-travelling-pentester-diaries-of-the-shortest-path-to-compromise)
+## Phishing/SE
 
-[Sherlock](https://github.com/rasta-mouse/Sherlock/blob/master/README.md)
-* PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.
+[KingPhisher](https://github.com/securestate/king-phisher)
+* King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.
 
-[gateway-finder](https://github.com/pentestmonkey/gateway-finder)
-* Gateway-finder is a scapy script that will help you determine which of the systems on the local LAN has IP forwarding enabled and which can reach the Internet.
+[SimplyTemplate](https://github.com/killswitch-GUI/SimplyTemplate)
+* Phishing Template Generation Made Easy. The goal of this project was to hopefully speed up Phishing Template Gen as well as an easy way to ensure accuracy of your templates. Currently my standard Method of delivering emails is the Spear Phish in Cobalt strike so you will see proper settings for that by default.
 
-[Payload Generation with CACTUSTORCH](https://www.mdsec.co.uk/2017/07/payload-generation-with-cactustorch/)
 
-[PowerLine](https://github.com/fullmetalcache/powerline)
-* [Presentation](https://www.youtube.com/watch?v=HiAtkLa8FOc)
 
-[How to Build a 404 page not found C2](https://www.blackhillsinfosec.com/?p=5134)
+## Policy
+[A Survey of Insider Attack Detection Research - 2008](http://web.stanford.edu/class/cs259d/readings/Insider_survey.pdf)
 
-[404 File not found C2 PoC](https://github.com/theG3ist/404)
+[The “Big Picture” of Insider IT Sabotage Across U.S. Critical Infrastructures](http://web.stanford.edu/class/cs259d/readings/Infrastructure.pdf)
 
-[Hiding Malicious Traffic Under the HTTP 404 Error](https://blog.fortinet.com/2015/04/09/hiding-malicious-traffic-under-the-http-404-error)
 
-[Windows Privilege Escalation Methods for Pentesters](https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/)
 
-[LaZagne](https://github.com/AlessandroZ/LaZagne/blob/master/README.md)
-* The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext, APIs, custom algorithms, databases, etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.
+## Post Exploitation/Privilege Escalation
 
-[WSUSpect Proxy](https://github.com/ctxis/wsuspect-proxy/)
-* This is a proof of concept script to inject 'fake' updates into non-SSL WSUS traffic. It is based on our Black Hat USA 2015 presentation, 'WSUSpect – Compromising the Windows Enterprise via Windows Update'
-* [Whitepaper](http://www.contextis.com/documents/161/CTX_WSUSpect_White_Paper.pdf)
+[Invoke-ProcessScan](https://github.com/vysec/Invoke-ProcessScan)
+* Gives context to a system. Uses EQGRP shadow broker leaked list to give some descriptions to processes.
 
-[Introducing PS Attack, a portable PowerShell attack toolkit - Jared Haight](https://www.youtube.com/watch?v=lFCtPdUPdHw)
+[ElevateKit](https://github.com/rsmudge/ElevateKit)
+* The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.
 
-[PowerShell Secrets and Tactics Ben0xA ](https://www.youtube.com/watch?v=mPPv6_adTyg)
+[WMIcmd](https://github.com/nccgroup/WMIcmd)
+* A command shell wrapper using only WMI for Microsoft Windows
 
-[Beyond the MCSE: Red Teaming Active Directory](https://www.youtube.com/watch?v=tEfwmReo1Hk)
+[mimipenguin](https://github.com/huntergregal/mimipenguin)
+* A tool to dump the login password from the current linux user
 
-[Red vs Blue: Modern Active Directory Attacks & Defense - Defcon23](https://www.youtube.com/watch?v=rknpKIxT7NM)
+[BrowserGatherer](https://github.com/sekirkity/BrowserGather)
+* Fileless Extraction of Sensitive Browser Information with PowerShell
 
-[Red Vs. Blue: Modern Active Directory Attacks, Detection, And Protection - BHUSA15](https://www.youtube.com/watch?v=b6GUXerE9Ac)
+[wePWNise](https://github.com/mwrlabs/wePWNise)
+* WePWNise generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software
 
-[Abusing Active Directory in Post Exploitation - Carlos Perez - Derbycon 4](https://www.youtube.com/watch?v=sTU-70dD-Ok)
+[rattler](https://github.com/sensepost/rattler)
+* Rattler is a tool that automates the identification of DLL's which can be used for DLL preloading attacks.
 
+[Brosec](https://github.com/gabemarshall/Brosec)
+* Brosec is a terminal based reference utility designed to help us infosec bros and broettes with useful (yet sometimes complex) payloads and commands that are often used during work as infosec practitioners. An example of one of Brosec's most popular use cases is the ability to generate on the fly reverse shells (python, perl, powershell, etc) that get copied to the clipboard.
 
+[Application Whitelist Bypass Techniques](https://github.com/subTee/ApplicationWhitelistBypassTechniques)
+* A Catalog of Application Whitelisting Bypass Techniques - SubTee
 
+[injectAllTheThings](https://github.com/fdiskyou/injectAllTheThings)
+* Single Visual Studio project implementing multiple DLL injection techniques (actually 7 different techniques) that work both for 32 and 64 bits. Each technique has its own source code file to make it easy way to read and understand.
 
+[Find AD users with empty password using PowerShell](https://4sysops.com/archives/find-ad-users-with-empty-password-passwd_notreqd-flag-using-powershell/)
 
+[PSReflect](https://github.com/mattifestation/PSReflect)
+* Easily define in-memory enums, structs, and Win32 functions in PowerShell
 
+[Pulling Back the Curtains on EncodedCommand PowerShell Attacks](https://researchcenter.paloaltonetworks.com/2017/03/unit42-pulling-back-the-curtains-on-encodedcommand-powershell-attacks/)
 
+[quarkspwdump](https://github.com/quarkslab/quarkspwdump)
+* Dump various types of Windows credentials without injecting in any process.
 
 
 
@@ -600,36 +685,35 @@ EIGRP and OSPF).
 [aslrepl](https://github.com/enferex/asrepl)
 * asrepl is an assembly based REPL. The REPL processes each line of user input, the output can be witnessed by issuing the command 'regs' and looking at the register state.
 
+[Perl & Linguistics](http://world.std.com/~swmcd/steven/perl/linguistics.html)
 
+[What makes lisp macros so special - StackOverflow](https://stackoverflow.com/questions/267862/what-makes-lisp-macros-so-special)
 
+[Big picture software testing unit testing, Lean Startup, and everything in between PyCon 2017](https://www.youtube.com/watch?v=Vaq_e7qUA-4&feature=youtu.be&t=63s)
 
+[RailsConf 2015 - Nothing is Something](https://www.youtube.com/watch?v=OMPfEXIlTVE)
 
+[Boundaries - By Gary Bernhardt from SCNA 2012](https://www.destroyallsoftware.com/talks/boundaries)
+* This talk is about using simple values (as opposed to complex objects) not just for holding data, but also as the boundaries between components and subsystems. It moves through many topics: functional programming; mutability's relationship to OO; isolated unit testing with and without test doubles; and concurrency, to name some bar. The "Functional Core, Imperative Shell" screencast mentioned at the end is available as part of season 4 of the DAS catalog. 
 
+[Big picture software testing unit testing, Lean Startup, and everything in between PyCon 2017](https://www.youtube.com/watch?v=Vaq_e7qUA-4&feature=youtu.be&t=63s)
+* There are many ways you can test your software: unit testing, manual testing, end-to-end testing, and so forth. Take a step back and you'll discover even more form of testing, many of them very different in their goals: A/B testing, say, where you see which of two versions of your website results in more signups or ad clicks. How do these forms of testing differ, how do they relate to each other? How do you choose which kind of testing to pursue, given limited time and resources? How do you deal with strongly held yet opposite views arguing either that a particular kind of testing is essential or that it's a waste time? This talk will provide you with a model, a way to organize all forms of testing and understand what exactly they provide, and why. Once you understand the model you will be able to choose the right form of testing for *your* situation and goals.
 
-## Policy and Compliance
 
 
+## Policy and Compliance
 
-## RE
-
-
-[Symbolic execution timeline](https://github.com/enzet/symbolic-execution)
-* Diagram highlights some major tools and ideas of pure symbolic execution, dynamic symbolic execution (concolic) as well as related ideas of model checking, SAT/SMT solving, black-box fuzzing, taint data tracking, and other dynamic analysis techniques.
-
-[bingrep](https://github.com/m4b/bingrep)
-* Greps through binaries from various OSs and architectures, and colors them. 
-
-[radare2 cheat sheet](https://github.com/pwntester/cheatsheets/blob/master/radare2.md)
-
-[Blackbone](https://github.com/DarthTon/Blackbone)
-* Windows memory hacking library
 
-[Binacle](https://github.com/ANSSI-FR/Binacle)
-* Indexation "full-bin" of binary files
 
+## RE
 
+[gdbgui](https://github.com/cs01/gdbgui)
+* A modern, browser-based frontend to gdb (gnu debugger). Add breakpoints, view stack traces, and more in C, C++, Go, and Rust. Simply run gdbgui from the terminal and a new tab will open in your browser.
 
+[Reverse Engineering a 433MHz Motorised Blind RF Protocol](https://nickwhyte.com/post/2017/reversing-433mhz-raex-motorised-rf-blinds/)
 
+[PPEE(puppy)](https://www.mzrst.com/#top)
+* Professional PE file Explorer for reversers, malware researchers and those who want to statically inspect PE files in more details. Free and fast.
 
 
 
@@ -647,6 +731,8 @@ EIGRP and OSPF).
 [ICS Security Assessment Methodology, Tools & Tips](https://www.youtube.com/watch?v=0WoA9SYLDoM)
 * Dale Peterson of Digital Bond describes how to perform an ICS / SCADA cyber security assessment in this S4xJapan video.  He goes into a lot of detail on the tools and how to use them in the fragile and insecure by design environment that is an ICS.  There are also useful tips on when to bother applying security patches (this will likely surprise you), the importance of identifying the impact of a vulnerability, and an efficient risk reduction approach.
 
+[GRASSMARLIN](https://github.com/iadgov/GRASSMARLIN)
+
 
 
 
@@ -654,9 +740,14 @@ EIGRP and OSPF).
 
 ## System Internals
 
-[AppInit_DLLs in Windows 7 and Windows Server 2008 R2](https://msdn.microsoft.com/en-us/library/windows/desktop/dd744762(v=vs.85).aspx)
+[windows-operating-system-archaeology](https://github.com/subTee/windows-operating-system-archaeology)
+* subTee stuff
+
+[Processes, Threads, and Jobs in the Windows Operating System](https://www.microsoftpressstore.com/articles/article.aspx?p=2233328&seqNum=2)
+
+[Mandatory Integrity Control](https://msdn.microsoft.com/en-gb/library/windows/desktop/bb648648(v=vs.85).aspx)
+
 
-[Antimalware Scan Interface Reference](https://msdn.microsoft.com/en-us/library/windows/desktop/dn889588(v=vs.85).aspx)
 
 
 ## Social Engineering
@@ -668,14 +759,15 @@ EIGRP and OSPF).
 [EXE-less Malicious Outlook Rules - BHIS](https://www.blackhillsinfosec.com/?p=5544)
 
 
-## Threat Modeling & Analysis
 
-[ThreadFix](https://github.com/denimgroup/threadfix)
-* ThreadFix is a software vulnerability aggregation and management system that helps organizations aggregate vulnerability data, generate virtual patches, and interact with software defect tracking systems.
 
-[2 7 Steps to Threat Modeling](https://www.slideshare.net/chinwhei/7-steps-to-threat-modeling)
 
+## Threat Modeling & Analysis
 
+[ThreatHuntingStuff](https://github.com/MatthewDemaske/ThreatHuntingStuff)
+
+[Adam Shostack - Pentesting: Lessons from Star Wars](https://www.youtube.com/watch?v=BfWWryF8M7E&list=PLuUtcRxSUZUpv2An-RNhjuZSJ5fjY7ghe&index=13)
+* Everyone knows you ought to threat model, but in practical reality it turns out to be tricky. If past efforts to threat model haven’t panned out, perhaps part of the problem is confusion over what works, and how the various approaches conflict or align. This talk captures lessons from years of work helping people throughout the software industry threat model more effectively. It’s designed to help security pros, especially pen testers, all of whom will leave with both threat modeling lessons from Star Wars and a proven foundation, enabling them to threat model effectively on offense or defense.
 
 
 ## Training
@@ -685,111 +777,59 @@ EIGRP and OSPF).
 
 ## Web: 
 
-[Kraken - Web Interface Survey Tool](https://github.com/Sw4mpf0x/Kraken)
-* [Blogpost](https://pentestarmoury.com/2017/01/31/kraken-web-interface-survey-tool/)
-
-[WebSocket API Standards](https://www.w3.org/TR/2011/WD-websockets-20110929/)
-
-[DOM - Standard](https://dom.spec.whatwg.org/)
-
-[HTML 5 Standards](http://w3c.github.io/html/)
-
-[Web IDL Standards](https://heycam.github.io/webidl/)
-
-[The WebSocket Protocol Standard - IETF](https://tools.ietf.org/html/rfc6455)
-
-[WebSocket Protocol - RFC Draft 17](https://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-17)
-
-[timing_attack](https://github.com/ffleming/timing_attack)
-* Perform timing attacks against web applications
-
-[Wordpress Security Guide - WPBeginner](http://www.wpbeginner.com/wordpress-security/)
-
-[Web Services Security Testing Cheat Sheet Introduction - OWASP](https://www.owasp.org/index.php/Web_Service_Security_Testing_Cheat_Sheet)
-
-[OWASP API Security Project](https://www.owasp.org/index.php/OWASP_API_Security_Project)
+[PowerWebShot](https://github.com/dafthack/PowerWebShot)
+* A PowerShell tool for taking screenshots of multiple web servers quickly.
 
-[REST Security Cheat Sheet](REST Security Cheat Sheet)
+[BurpSmartBuster](https://github.com/pathetiq/BurpSmartBuster)
+* A Burp Suite content discovery plugin that add the smart into the Buster!
 
-[REST Assessment Cheat Sheet](https://www.owasp.org/index.php/REST_Assessment_Cheat_Sheet)
+[Java Deserialization Exploits](https://github.com/CoalfireLabs/java_deserialization_exploits)
+* A collection of Java Deserialization Exploits
 
-[Attack Surface Analysis Cheat Sheet](https://www.owasp.org/index.php/Attack_Surface_Analysis_Cheat_Sheet)
+[Critical vulnerabilities in JSON Web Token libraries - 2015](https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/)
 
+[100 OWASP Top 10 Hacking Web Applications with Burp Suite Chad Furman](https://www.youtube.com/watch?v=2p6twRRXK_o)
 
-[RESTful Services, The Web Security Blind Spot](https://www.youtube.com/watch?feature=player_embedded&v=pWq4qGLAZHI#!)
-* [Blogpost](https://xiom.com/2016/10/31/restful-services-web-security-blind-spot/)
-* [Presentation Slides -pdf](https://xiomcom.files.wordpress.com/2016/10/security-testing-for-rest-applications-v6-april-2013.pdf)
+[json token decode](http://jwt.calebb.net/)
 
-[Cracking and Fixing REST APIs](http://www.sempf.net/post/Cracking-and-Fixing-REST-APIs)
+[JWT Inspector - FF plugin](https://www.jwtinspector.io/)
+* JWT Inspector is a browser extension that lets you decode and inspect JSON Web Tokens in requests, cookies, and local storage. Also debug any JWT directly from the console or in the built-in UI. 
 
-[Cracking and fixing REST services](http://www.irongeek.com/i.php?page=videos/converge2015/track109-cracking-and-fixing-rest-services-bill-sempf)
+[Attacking JWT authentication](https://www.sjoerdlangkemper.nl/2016/09/28/attacking-jwt-authentication/)
 
-[Hackazon](https://github.com/rapid7/hackazon)
-* Hackazon is a free, vulnerable test site that is an online storefront built with the same technologies used in today’s rich client and mobile applications. Hackazon has an AJAX interface, strict workflows and RESTful API’s used by a companion mobile app providing uniquely-effective training and testing ground for IT security professionals. And, it’s full of your favorite vulnerabilities like SQL Injection, cross-site scripting and so on.
+[WAFPASS](https://github.com/wafpassproject/wafpass)
+* Analysing parameters with all payloads' bypass methods, aiming at benchmarking security solutions like WAF.
 
-[burp-rest-api](https://github.com/vmware/burp-rest-api)
-* A REST/JSON API to the Burp Suite security tool.  Upon successfully building the project, an executable JAR file is created with the Burp Suite Professional JAR bundled in it. When the JAR is launched, it provides a REST/JSON endpoint to access the Scanner, Spider, Proxy and other features of the Burp Suite Professional security tool.
+[collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere)
+* A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator
 
-[RESTful API Best Practices and Common Pitfalls](https://medium.com/@schneidenbach/restful-api-best-practices-and-common-pitfalls-7a83ba3763b5)
+[hackability](https://github.com/PortSwigger/hackability)
+* Rendering Engine Hackability Probe performs a variety of tests to discover what the unknown rendering engine supports. To use it simply extract it to your web server and visit the url in the rendering engine you want to test. The more successful probes you get the more likely the target engine is vulnerable to attack.
 
-[Automating API Penetration Testing using fuzzapi - AppSecUSA 2016](https://www.youtube.com/watch?v=43G_nSTdxLk)
+[Exploiting misuse of Python's "pickle"](https://blog.nelhage.com/2011/03/exploiting-pickle/)
 
-[Fuzzapi](https://github.com/lalithr95/Fuzzapi/)
-* Fuzzapi is rails application which uses API_Fuzzer and provide UI solution for gem.
+[Typosquatting programming language package managers](http://incolumitas.com/2016/06/08/typosquatting-package-managers/)
 
-[White House Web API Standards](https://github.com/WhiteHouse/api-standards)
-* This document provides guidelines and examples for White House Web APIs, encouraging consistency, maintainability, and best practices across applications. White House APIs aim to balance a truly RESTful API interface with a positive developer experience (DX).
-
-[Damn Vulnerable Web Services dvws](https://github.com/snoopysecurity/dvws)
-* Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities.
-
-[Performing sqlmap POST request injection](https://hackertarget.com/sqlmap-post-request-injection/)
-
-[xsscrapy](https://github.com/byt3bl33d3r/xsscrapy)
-
-[XSSer](https://xsser.03c8.net/)
-
-[XSS Sniper](https://sourceforge.net/projects/xssniper/)
-
-[AWS Security Primer](https://cloudonaut.io/aws-security-primer/#fn:2)
-
-[PHP Generic Gadget Chains: Exploiting unserialize in unknown environments](https://www.ambionics.io/blog/php-generic-gadget-chains)
-
-[PHPGGC: PHP Generic Gadget Chains](https://github.com/ambionics/phpggc)
-* PHPGGC is a library of unserialize() payloads along with a tool to generate them, from command line or programmatically. When encountering an unserialize on a website you don't have the code of, or simply when trying to build an exploit, this tool allows you to generate the payload without having to go through the tedious steps of finding gadgets and combining them. Currently, the tool supports: Doctrine, Guzzle, Laravel, Monolog, Slim, SwiftMailer.
-
-[psychoPATH - LFI](https://github.com/ewilded/psychoPATH/blob/master/README.md)
-* This tool is a highly configurable payload generator detecting LFI & web root file uploads. Involves advanced path traversal evasive techniques, dynamic web root list generation, output encoding, site map-searching payload generator, LFI mode, nix & windows support plus single byte generator.
-
-[Service-Oriented-Architecture](https://en.wikipedia.org/wiki/Service-oriented_architecture)
-
-[Microservices](https://en.wikipedia.org/wiki/Microservices)
-
-[Representational State Transfer - Wikipedia](https://en.wikipedia.org/wiki/Representational_state_transfer)
-
-[AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump)
-* Security Tool to Look For Interesting Files in S3 Buckets
-
-[tplmap](https://github.com/epinna/tplmap)
-* Code and Server-Side Template Injection Detection and Exploitation Tool
-
-[Self XSS we’re not so different you and I - Mathias Karlsson](https://www.youtube.com/watch?v=l3yThCIF7e4)
-
-[The Tale of a Fameless but Widespread Web Vulnerability Class - Veit Hailperin](https://www.youtube.com/watch?v=5qA0CtS6cZ4)
-* Two keys components account for finding vulnerabilities of a certain class: awareness of the vulnerability and ease of finding the vulnerability. Cross-Site Script Inclusion (XSSI) vulnerabilities are not mentioned in the de facto standard for public attention - the OWASP Top 10. Additionally there is no public tool available to facilitate finding XSSI. The impact reaches from leaking personal information stored, circumvention of token-based protection to complete compromise of accounts. XSSI vulnerabilities are fairly wide spread and the lack of detection increases the risk of each XSSI. In this talk we are going to demonstrate how to find XSSI, exploit XSSI and also how to protect against XSSI.
+[The Website Obesity Crisis](http://idlewords.com/talks/website_obesity.htm)
 
+[HUNT Burp Suite Extension](https://github.com/bugcrowdlabs/HUNT)
+* HUNT Logo  HUNT is a Burp Suite extension to: 1. Identify common parameters vulnerable to certain vulnerability classes. 2. Organize testing methodologies inside of Burp Suite.
 
 
 
+## Wireless Stuff
 
+[LTE Security - How good is it?](http://csrc.nist.gov/news_events/cif_2015/research/day2_research_200-250.pdf)
 
+[UAV Transponders & Tracker Kits - UST](http://www.unmannedsystemstechnology.com/company/sagetech-corporation/)
 
+[Emulation and Exploration of BCM WiFi Frame Parsing using LuaQEMU](https://comsecuris.com/blog/posts/luaqemu_bcm_wifi/)
 
+[Fluxion](https://github.com/wi-fi-analyzer/fluxion)
+* Fluxion is a remake of linset by vk496 with (hopefully) less bugs and more functionality. It's compatible with the latest release of Kali (rolling). The attack is mostly manual, but experimental versions will automatically handle most functionality from the stable releases.
 
-## Wireless Stuff
 
-[LTE Security - How good is it?](http://csrc.nist.gov/news_events/cif_2015/research/day2_research_200-250.pdf)
 
-[UAV Transponders & Tracker Kits - UST](http://www.unmannedsystemstechnology.com/company/sagetech-corporation/)
+[ESP8266 deauther](https://github.com/spacehuhn/esp8266_deauther)
+* Deauthentication attack and other exploits using an ESP8266!
 
-[Emulation and Exploration of BCM WiFi Frame Parsing using LuaQEMU](https://comsecuris.com/blog/posts/luaqemu_bcm_wifi/)
\ No newline at end of file