security

eBPF-based Security Observability and Runtime Enforcement

✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for...

Knowledge Base 慢雾安全团队知识库

Популярные HTML / CSS / JavaScript / ECMAScript / TypeScript / React / Vue / Angular / Node вопросы на интервью и ответы на них (https://tinyurl.com/w...

A binary authorization and monitoring system for macOS

The Leading Security Assessment Framework for Android.

Linux Runtime Security and Forensics using eBPF

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

CTF竞赛权威指南

Aya is an eBPF library for the Rust programming language, built with a focus on developer experience and operability.

📃 White paper for Backend developers

:key: Cross-Platform Passwords & Secrets Vault

List of Awesome CobaltStrike Resources

Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.

Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and mana...

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskill...

Applied offensive security with Rust - https://kerkour.com/black-hat-rust

Collection of the cheat sheets useful for pentesting

Web-Security-Learning

Fully featured, open source, privacy friendly email app for Android

An OOB interaction gathering server and client library

Kscan是一款纯go开发的全方位扫描器，具备端口扫描、协议检测、指纹识别，暴力破解等功能。支持协议1200+，协议指纹10000+，应用指纹20000+，暴力破解协议10余种...

Mythril is a symbolic-execution-based securty analysis tool for EVM bytecode. It detects security vulnerabilities in smart contracts built for Ethereu...

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

Tamper Dev is an extension that allows you to intercept and edit HTTP/HTTPS requests and responses as they happen without the need of a proxy. Works a...

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build...

A collected list of awesome security talks

🐊 Policy Controller for Kubernetes

🚗 A curated list of resources for learning about vehicle security and car hacking.

🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.

SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

Knock Subdomain Scan

Hubble - Network, Service & Security Observability for Kubernetes using eBPF

Valet lets you securely store data in the iOS, tvOS, watchOS, or macOS Keychain without knowing a thing about how the Keychain works. It’s easy. We pr...

Static analysis for GitHub Actions

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

An experiment.

Advanced vm/sandbox for Node.js

FEDML - The unified and scalable ML library for large-scale distributed training, model serving, and federated learning. FEDML Launch, a cross-cloud s...

✔️ Secure, simple key-value storage for Android

Secure internet sharing made simple.

🛡 I2P: End-to-End encrypted and anonymous Internet

Boundary enables identity-based access management for dynamic infrastructure.

Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DN...

Dark Web OSINT Tool

Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.

CISO Assistant is a one-stop-shop GRC platform for Risk Management, AppSec, Compliance & Audit, TPRM, Privacy, and Reporting. It supports 130+ global...

Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)

Snoop — инструмент разведки на основе открытых данных (OSINT world)