I'm snovvcrash and I do ethical penetration testing, red teaming, offensive tooling developement and cybersecurity researching. This is a GitBook of mine whose purpose is keeping my pentest notes on hand. It's far from being perfect in terms of organization (that's why I call it "promiscuous") and, basically, I'm logging it for myself, but it turned out that hosting it online makes it most convenient to access. So, if you find it handy too, feel free to use it... responsibly, of course!
Stay Ahead in Data Security, Gavernance, Privacy and Compliance. Explore expert insights on governance and data privacy at our blog. Stay informed with our thought-provoking articles, news, and industry updates.
Explore our Knowledge Center for comprehensive data and governance resources. Access articles, guides, and insights to enhance your security practices.
The Ethernaut is a Web3/Solidity based wargame played in the Ethereum Virtual Machine. Each level is a smart contract that needs to be 'hacked'. The game is 100% open source and all levels are contributions made by other players.
A portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware, and more. It's fully open-source and customizable, so you can extend it in whatever way you like.
Welcome to Google's Bug Hunting community, learn more about hunting & reporting bugs you’ve found in Google products.
Whether you've just started your hacker journey or you're just looking for some new challenges, the Hacker101 CTF has something for you.
The cybersecurity upskilling platform. Hack The Box gives individuals, businesses and universities the tools they need to continuously improve their cybersecurity capabilities — all in one place.
Browse all public vulnerabilities.
The world’s first bug bounty platform for AI/ML. huntr provides a single place for security researchers to submit vulnerabilities, to ensure the security and stability of AI/ML applications, including those powered by Open Source Software (OSS).
Learn to harness next-gen technologies to build the bridges that will lead us to a better tomorrow.
My name is Brandon Marshall (aka Marsh) I am currently working as an Offensive Security Researcher. A majority of my time is spent developing internal Red Team tooling, reverse engineering, and exploit creation.
Microsoft offers cash awards for finding and reporting certain types of vulnerabilities and exploitation techniques.
Build skills that open doors. See all you can do with documentation, hands-on training, and certifications to help you get the most from Microsoft products.
Get the lastest from Mithril Security.
The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.
Atomic Red Team™ is library of tests mapped to the MITRE ATT&CK framework. Security teams can use Atomic Red Team to quickly, portably, and reproducibly test their environments.
Research from Assetnote.
Penetration Testing and Red Teaming blogs, webcasts, and podcasts created by the pen testers and security analysts of Black Hills Information Security.
Censys helps organizations, individuals, and researchers find and monitor every server on the Internet to reduce exposure and improve security.
Top auditors compete to keep high severity bugs out of production. Start a public or private audit within 48 hours.
Email surveillance violates our fundamental rights and makes free speech risky. This guide will teach you email self-defense in 40 minutes with GnuPG.
exploit.education provides a variety of resources that can be used to learn about vulnerability analysis, exploit development, software debugging, binary analysis, and general cyber security issues.
GitHub Security Lab researchers find vulnerabilities in key, widely-used open source projects. We then coordinate the disclosure of those vulnerabilities to security teams at those projects. We only publish vulnerabilities here after they’ve been announced by the affected projects' development teams and patches are available. See our disclosure policy below for more information.
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Blog from GitHub Security Lab.
Do you want to challenge your vulnerability hunting skills? We created these CTF challenges to allow you to do exactly that, while helping you to quickly learn CodeQL.
The CodeQL Bug Bounty program operated by the GitHub Security Lab aims at scaling the security research community’s work across open source projects. The All For One protects against future vulnerabilities by coding and eradicating a pattern, while the Bug Slayer fixes existing occurrences of this pattern. A bounty hunter can apply to both programs sequentially to maximize their positive impact on open source projects, and their gain.
The page where you will find each hacking trick/technique/whatever related to CI/CD & Cloud I have learnt in CTFs, real life environments, researching, and reading researches and news.
On Immunefi, hackers secure web3, save funds from theft, and get paid the world's largest bug bounties.