An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about DevSecOps in Cybersecurity.

Compromise a web application and delve deeper into the network to access hosts that you cannot directly reach from your attack host using different approaches.

Python-based keylogger for ethical use, capturing keystrokes and emailing logs. Features include retry logic for email delivery, log file management, and cross-platform support (Windows/Linux). Configurable for auto-start via systemd or Startup folder. Designed for educational purposes, penetration testing with consent, and self-monitoring.

A hands-on simulation of attacking a vulnerable login page using Python. This repo includes a Flask-based vulnerable login page and Python scripts to exploit weaknesses in regex validation and brute-force login attempts. Perfect for learning web penetration testing basics and ethical hacking techniques.

Deploy GOAD labs to ESXi

This repository is designed for educational purposes, with real code, real labs, and real-world logic — but zero bullshit.

Code from exercises and labs on TryHackMe. TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs on the browser!

Professional Hardware Security Lab Setup | PCB analysis, firmware extraction, and embedded systems testing environment

Pentest Lab: Recon (Nmap) + DAST (OWASP ZAP baseline/full) against OWASP Juice Shop with reproducible HTML/TXT/PNG evidence and optional SOC correlation.

This project turns a Raspberry Pi 4 into a DShield honeypot to capture and study network probes and brute-force attempts in a safe lab

Reproducible lab for CVE-2020-0610 (BlueGate) - Windows RD Gateway UDP/DTLS remote code execution vulnerability. Includes PowerShell scripts, setup guide, and nuclei template validation examples.

CVE-2016-15042 lab: Dockerized WordPress PoC for unauthenticated file upload in Frontend File Manager <4.0 and N‑Media Post Front‑end Form <1.1

Multi Edit Wiki

Educational pentesting lab – Red Team exercises with Kali Linux, Metasploitable2, Nessus, Burp Suit, Wireshark, tcpdump, Nmap, Metasploit Framework, SET, Hydra, sqlmap, aircrack-ng and vulnerable apps. Step-by-step reports, commands, and captures.

What's Been Set Up: Complete Codebase - All components implemented and tested Git Repository - Initialized with proper commit history Documentation - Comprehensive guides and API docs GitHub Workflows - CI/CD pipeline with security testing Community Files - Contributing guide, issue templates, PR templates Open Source License

Security Operations Center: pfSense firewall, Security Onion IDS/IPS, Splunk SIEM, Wazuh EDR and Microsoft Defender for Endpoint — multi-layered threat monitoring, detection and incident response

Snort → Splunk home-lab that detects Nmap portscans and visualizes alerts (top sources/ports, timeline, last 50). Includes SPL & helper scripts

Detect TCP SYN port scanning with Suricata → Filebeat → Elasticsearch → Kibana. Includes local rules, Kibana dashboard (NDJSON export), and backup scripts.

A Python-based Intrusion Detection System (IDS) that monitors network traffic to detect port scans and SSH brute force attacks. Built using Scapy and validated with Wireshark in an isolated virtual network environment.

🐍 Capture and analyze network probes and brute-force attacks by transforming a Raspberry Pi into a DShield honeypot for safe cybersecurity research.