Free · Open Source · Updated Daily

Your infosec gym.
Train like it's a discipline.

Community-driven notes, checklists, and techniques across pentest, malware dev, reverse engineering, web hacking, and more. No paywall. No signup.

Browse on GitHub Today's Feed →
40+Categories
500+Resources
DailyCVE Feed
176 ★GitHub Stars
Daily Digest — live now SANS ISC · The Hacker News · Schneier · PortSwigger · NVD CVEs · KitPloit · Telegram channels · X/Twitter — committed every day at 06:00 UTC
Read Today's →
Offensive Security
🎯
Pentest & Methodology
15 resources · checklists included
toolschecklistsmethodologypassword-cracking
🏰
Active Directory
Attack paths, LAPS/PAM abuse, Kerberos
kerberoastingLAPSbloodhoundPAM
🌐
Web Hacking
21 techniques — SQLi to SSTI
SQLiXSSSSRFSSTIJWTXXE
🦠
Malware Development
Process injection, shellcode, AV evasion
shellcodeprocess-injectionAV-bypasspayloads
🔬
Reverse Engineering
ELF, x86, crackmes, GDB
ELFx86crackmesGDBGhidra
📊
Enumeration
Port-by-port — SSH to WinRM
SMBLDAPDNSKerberosRPC
⬆️
Privilege Escalation
Linux & Windows techniques
linuxwindowsSUIDUAC-bypass
🔴
Red Teaming
C2, AV bypass, covert infrastructure
Cobalt StrikeC2AV-bypassOPSEC
📱
Mobile Security
Android & iOS — Frida, objection, cert pinning
FridaobjectionSSL-pinningOWASP-MobileiOS
🖥️
Thin Client & Kiosk
Locked-down breakout — Citrix, RDP, GPO
CitrixAppLockerkioskGPO-bypass
💥
Exploitation
x86, CPU internals, virtual memory
x86assemblyvirtual-memoryshellcode
🚪
Post Exploitation
File transfer, pivoting, tunnelling
pivotingtunnellingfile-transfer
☁️
Cloud Hacking
AWS, GCP, Azure attack surface
AWSGCPAzureIAM
🏭
ICS / OT Security
SCADA, PLCs, Modbus, critical infra
ModbusDNP3SCADAStuxnetPurdue
AI & Emerging Threats
🤖
AI Security
LLM attacks, jailbreaks, model theft
prompt-injectionjailbreakdata-poisoningOWASP-LLM
🕸️
AI Agent Security
Indirect injection, tool poisoning, agent hijacking
agentsMCPtool-chainingmemory-poisoningRAG
Defensive Security
🛡️
SOC & Detection
Blue team techniques, alerting
detectionSIEMalerts
🚨
Incident Response
IR playbooks, triage checklists
playbooktriagecontainment
🔍
Forensics
Digital & network forensics
disk-forensicsmemorynetwork
🕵️
Threat Hunting
Proactive detection techniques
MITREIOCbehavioral
Reference & Skills
🔎
OSINT
Collection, tooling, tradecraft
reconnaissanceSOCMINTgeolocation
⚙️
Programming
C, C++, Python, Nim, Assembly
CPythonNimAssembly
🔐
Cryptography
Theory, LFSR, applied crypto
LFSRsymmetricasymmetric
📡
Hardware & RF
Firmware, MOSFET, Bluetooth
firmwareBluetoothUbertoothSDR
🔭
Vulnerability Analysis
Fuzzing, static analysis, CVE research
AFL++GhidrafuzzingCVSSPoC
🖼️
Steganography
Hide & find data in images, audio, text
LSBzstegsteghideCTFspectrogram
Compliance & Risk
📋
Compliance & Risk Assessment
ISO 27001, NIST, PCI-DSS, SOC 2, GDPR
ISO-27001NIST-CSFPCI-DSSGDPRCIS
🏆
CTF Techniques
Competitive hacking challenge skills
pwnrevcryptowebsteg

Add your knowledge to the gym

Found a great writeup, tool, or technique? Submit it in 30 seconds. The bot reads the form, routes it to the right category, and closes the issue automatically. No PR needed.

Submit a Resource →