📦 Make security testing of K8s, Docker, and Containerd easier.

Official Black Hat Arsenal Security Tools Repository

[WIP] 整理过去的分享，从零开始的Kubernetes攻防 🧐

A powerful browser crawler for web vulnerability scanners

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

Quark Agent - Your AI-powered Android APK Analyst

An AI-powered Personal Identifiable Information (PII) scanner.

For educational purposes only, samples of 400+ classic/modern trojan builders including screenshots.

HTTP Request Smuggling Detection Tool

🔓A curated list of modern Android exploitation conference talks.

BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text.

memory search and patch tool on debuggable apk without root & ndk

Rubyfu, where Ruby goes evil!

Zero-dollar attack surface management tool

Query and report user logons relations from MS Windows Security Events

As hackers, we put a premium on function over elegance as time is always scarce. When you need to quickly create a solution to a problem, style concerns come secondary.

This tool can decrypt a BitLocker-locked partition with the TPM vulnerability

Shadow-Box: Lightweight and Practical Kernel Protector for x86 (Presented at BlackHat Asia 2017/2018, beVX 2018 and HITBSecConf 2017)

Memory modification tool for re-signed ipa supports iOS apps running on iPhone and Apple Silicon Mac without jailbreaking.

Configure Your Macbook For Blackhat