Explore 10 curated tools and resources
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Abusing the COM Registry Structure: CLSID, LocalServer32, & InprocServer32
An exploration of a new method to abuse DCOM for remote payload execution and lateral movement.
A report on detecting lateral movement through tracking event logs, updated to include analysis of various tools and commands used by attackers.
A post-exploitation framework designed to operate covertly on heavily monitored environments.
A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.
Research project on bypassing default Falco ruleset with Dockerfile for sshayb/fuber:latest image.
A blog post about abusing exported functions and exposed DCOM interfaces for pass-thru command execution and lateral movement
Cheat sheet with common enumeration and attack methods for Windows Active Directory.
TeamTNT is modifying its malicious shell scripts after they were made public by security researchers.
A proxy aware C2 framework for penetration testing, red teaming, post-exploitation, and lateral movement with modular format and highly configurable payloads.