privilege-escalation

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A collection of hacking / penetration testing resources to make you better!

⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

A collection of links related to Linux kernel security and exploitation

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

📦 Make security testing of K8s, Docker, and Containerd easier.

This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.

Automation for internal Windows Penetrationtest / AD-Security

Linux enumeration tool for pentesting and CTFs with verbosity levels

Privilege Escalation Enumeration Script for Windows

A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.

Fancy reverse and bind shell handler

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

My proof-of-concept exploits for the Linux kernel

ODAT: Oracle Database Attacking Tool

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.