Active Directory active-directory
Initial Access
- FileFix: A Simple Social Engineering Trick That Launches PowerShell from the Browser | by IT Guy | Jun, 2025 | Medium phising
Exploitation
- Microsoft Teams and other Electron Apps as LOLbins windows
- Fire Ant: Hypervisor-Level Espionage Targeting VMware ESXi & vCenter | Sygnia vmware
Post Exploitation
- Mimikatz Under The Hood — Improsec | improving security dump-memory
- Zero Day Initiative — Abusing Arbitrary File Deletes to Escalate Privilege and Other Great Tricks (Archive) privilege-escalation
- Escalating Privileges via Third-Party Windows Installers | Mandiant | Google Cloud Blog privilege-escalation
- Deleting Your Way Into SYSTEM: Why Arbitrary File Deletion Vulnerabilities Matter | Mandiant | Google Cloud Blog privilege-escalation
OSINT osin
- ihebski/DefaultCreds-cheat-sheet: One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️ leaked-secrets info-disclose
Phishing phising
MalDev maldev
- Threat Hunting with File Entropy – Practical Security Analytics LLC
- How to Bypass Anti-Virus to Run Mimikatz - Black Hills Information Security, Inc. mimikatz defense-evasion
- Home - Unprotect Project defense-evasion
- Red Team Tactics: Combining Direct System Calls and sRDI to bypass AV/EDR | Outflank direct-syscalls
- Windows X86-64 System Call Table (XP/2003/Vista/7/8/10/2022/11) system-call
- Hell’s Gate Paper about Direct Syscall direct-syscalls
EDR EDR
- Attacking an EDR - Part 3
- Attacking an EDR - Part 2
- Attacking an EDR - Part 1
- Has many stuffs about EDR/AV/Malware in Rust as well as reversing Windows kernel: About Me - 0xflux Red Team Manual | Systems programming maldev reversing EDR
Reversing reversing
- Malware Reverse Engineering for Beginners - Part 2 - Intezer
- Malware Reverse Engineering for Beginners - Part 1: From 0x0 - Intezer
- CrackMy.App - Share and Solve Reverse Engineering Challenges
- Decompile an Electron App: A Step-by-Step Guide | ToDesktop Blog electron
Cryptography
cryptography
- Cryptography Academy
- Cryptography, as well as cryptanalysis and various topics related to the two: Cryptography - Dhole Moments
- Introductory course on cryptography, freely available for programmers of all ages and skill levels: Crypto 101
- (847) Cryptopals Guided Tour - YouTube
AI AI
- Practical Deep Learning for Coders - Practical Deep Learning deep-learning
- Prompt Injection Attacks for Dummies prompt-injection
- Trojan War against SOTA LLMs prompt-injection
- How to Hack AI Agents and Applications · Joseph Thacker llm-hacking
- Prompt Engineering | Kaggle prompt-engineering
- MCP Servers: The New Security Nightmare | Equixly MCP
- harishsg993010/damn-vulnerable-MCP-server: Damn Vulnerable MCP Server MCP
- Hackaprompt 2.0
- The Vulnerable MCP Project: Comprehensive Model Context Protocol Security Database
- microsoft/AI-Red-Teaming-Playground-Labs: AI Red Teaming playground labs to run AI Red Teaming trainings including infrastructure.
- Getting Started with AI Hacking: Part 1 - Black Hills Information Security, Inc.
- How to Hack AI Agents and Applications · Joseph Thacker
- Novel Universal Bypass for All Major LLMs
- CVE-2025-6514 Threatens LLM clients MCP
- How I Used AI to Create a Working Exploit for CVE-2025-32433 Before Public PoCs Existed | Platform Security Blog
- The Silent Exfiltration: Zero‑Click Agentic AI Hack That Can Leak Your Google Drive with One Email | Straiker
- A Copilot Studio Story 2: When AIjacking Leads to Full Data Exfiltration