~/hackyfeed
> cat /dev/github | grep security-tools
discovered 30 Mar 2026

CTF-notes

HTML ★ 785 via github-topic
→ View on GitHub

AI Summary: The CTF-notes repository provides a comprehensive collection of resources and structured notes aimed at aiding individuals in preparing for Capture The Flag (CTF) competitions and penetration testing exams, such as the OSCP. It includes detailed checklists, exploitation techniques for various platforms, vulnerability payloads, and methodologies for offensive security. Noteworthy features include organized sections for post-exploitation tactics, memory forensics, and specific vulnerabilities, alongside a dedicated cheat sheet repository for quick reference during assessments.

README

Project tree

.

  • Everything-OSCP(./Everything-OSCP)
    • Checklists(./Everything-OSCP/Checklists)
    • Linux Post exploitation(./Everything-OSCP/Linux Post exploitation)
    • Windows buffer overflow(./Everything-OSCP/Windows buffer overflow)
    • Windows Post exploitation(./Everything-OSCP/Windows Post exploitation)
  • pentestbook(./pentestbook)
    • assets(./pentestbook/assets)
    • physical_access_to_machine(./pentestbook/physical_access_to_machine)
    • styles(./pentestbook/styles)
    • writeups(./pentestbook/writeups)
  • AwesomeXSS(./AwesomeXSS)
    • Database(./AwesomeXSS/Database)
  • resource-threat-hunting(./resource-threat-hunting)
  • Offensive-Security-OSCP-Cheatsheets(./Offensive-Security-OSCP-Cheatsheets)
    • ctfs-walkthroughs(./Offensive-Security-OSCP-Cheatsheets/ctfs-walkthroughs)
    • lab(./Offensive-Security-OSCP-Cheatsheets/lab)
    • memory-forensics(./Offensive-Security-OSCP-Cheatsheets/memory-forensics)
    • offensive-security(./Offensive-Security-OSCP-Cheatsheets/offensive-security)
    • offensive-security-experiments(./Offensive-Security-OSCP-Cheatsheets/offensive-security-experiments)
  • SCADA PLC ICS Pentest PDFs(./SCADA PLC ICS Pentest PDFs)
    • awesome-industrial-control-system-security(./SCADA PLC ICS Pentest PDFs/awesome-industrial-control-system-security)
  • PayloadsAllTheThings(./PayloadsAllTheThings)
    • AWS Amazon Bucket S3(./PayloadsAllTheThings/AWS Amazon Bucket S3)
    • Command Injection(./PayloadsAllTheThings/Command Injection)
    • CRLF Injection(./PayloadsAllTheThings/CRLF Injection)
    • CSRF Injection(./PayloadsAllTheThings/CSRF Injection)
    • CSV Injection(./PayloadsAllTheThings/CSV Injection)
    • CVE Exploits(./PayloadsAllTheThings/CVE Exploits)
    • Directory Traversal(./PayloadsAllTheThings/Directory Traversal)
    • SAML Injection(./PayloadsAllTheThings/SAML Injection)
    • File Inclusion(./PayloadsAllTheThings/File Inclusion)
    • GraphQL Injection(./PayloadsAllTheThings/GraphQL Injection)
    • Insecure Deserialization(./PayloadsAllTheThings/Insecure Deserialization)
    • Insecure Direct Object References(./PayloadsAllTheThings/Insecure Direct Object References)
    • Insecure Management Interface(./PayloadsAllTheThings/Insecure Management Interface)
    • Insecure Source Code Management(./PayloadsAllTheThings/Insecure Source Code Management)
    • JSON Web Token(./PayloadsAllTheThings/JSON Web Token)
    • LaTeX Injection(./PayloadsAllTheThings/LaTeX Injection)
    • LDAP Injection(./PayloadsAllTheThings/LDAP Injection)
    • Methodology and Resources(./PayloadsAllTheThings/Methodology and Resources)
    • NoSQL Injection(./PayloadsAllTheThings/NoSQL Injection)
    • OAuth(./PayloadsAllTheThings/OAuth)
    • Open Redirect(./PayloadsAllTheThings/Open Redirect)
    • Server Side Request Forgery(./PayloadsAllTheThings/Server Side Request Forgery)
    • Server Side Template Injection(./PayloadsAllTheThings/Server Side Template Injection)
    • SQL Injection(./PayloadsAllTheThings/SQL Injection)
    • _template_vuln(./PayloadsAllTheThings/_template_vuln)
    • Type Juggling(./PayloadsAllTheThings/Type Juggling)
    • Upload Insecure Files(./PayloadsAllTheThings/Upload Insecure Files)
    • Web Cache Deception(./PayloadsAllTheThings/Web Cache Deception)
    • Web Sockets(./PayloadsAllTheThings/Web Sockets)
    • XPATH Injection(./PayloadsAllTheThings/XPATH Injection)
    • XSS Injection(./PayloadsAllTheThings/XSS Injection)
    • XXE Injection(./PayloadsAllTheThings/XXE Injection)
  • Bypassing-Web-Application-Firewalls(./Bypassing-Web-Application-Firewalls)
  • Hydra-Cheatsheet(./Hydra-Cheatsheet)
  • Powershell-Cheatsheet(./Powershell-Cheatsheet)
  • Active-Directory-Fun(./Active-Directory-Fun)
  • oscp(./oscp)
    • recon_enum(./oscp/recon_enum)
    • reports(./oscp/reports)
    • templates(./oscp/templates)
  • xapax.github.io(./xapax.github.io)
    • css(./xapax.github.io/css)
    • img(./xapax.github.io/img)
    • js(./xapax.github.io/js)
    • reveng(./xapax.github.io/reveng)
  • Awesome-Hacking-Resources(./Awesome-Hacking-Resources)
  • Books(./Books)
  • Notes VA(./Notes VA)
    • lpeworkshop(./Notes VA/lpeworkshop)
  • OSCPRepo(./OSCPRepo)
    • CheetSheets(./OSCPRepo/CheetSheets)
    • Local Info Enum(./OSCPRepo/Local Info Enum)
    • PDFs&Documents(./OSCPRepo/PDFs&Documents)
    • Priv Esc Checks(./OSCPRepo/Priv Esc Checks)
    • Process&Methodology(./OSCPRepo/Process&Methodology)
    • Reporting(./OSCPRepo/Reporting)
    • Scanning&Recon(./OSCPRepo/Scanning&Recon)
    • Tools(./OSCPRepo/Tools)
    • KeepNotes(./OSCPRepo/KeepNotes)
    • lists(./OSCPRepo/lists)
    • scripts(./OSCPRepo/scripts)
  • OSCP-Materials-master(./OSCP-Materials-master)
    • Cheat Sheets(./OSCP-Materials-master/Cheat Sheets)
    • Linux Privilege Escalation and Post Exploitation(./OSCP-Materials-master/Linux Privilege Escalation and Post Exploitation)
    • Metasploit-Meterpreter-Msfvenom(./OSCP-Materials-master/Metasploit-Meterpreter-Msfvenom)
    • PASSWORD CRACKING and Usefull TOOLS and Commands(./OSCP-Materials-master/PASSWORD CRACKING and Usefull TOOLS and Commands)
    • SHELLCODE and Buffer Over Flow(./OSCP-Materials-master/SHELLCODE and Buffer Over Flow)
    • Understand Privilege Escalation(./OSCP-Materials-master/Understand Privilege Escalation)
    • Window Privilege Escalation and Post Exploitation(./OSCP-Materials-master/Window Privilege Escalation and Post Exploitation)
  • ctf(./ctf)
    • natas(./ctf/natas)
  • metasploit scripts(./metasploit scripts)
  • penbook(./penbook)
    • assets(./penbook/assets)
    • physical_access_to_machine(./penbook/physical_access_to_machine)
    • styles(./penbook/styles)
    • writeups(./penbook/writeups)
  • python-pty-shells-master(./python-pty-shells-master)
  • liodeus.github.io(./liodeus.github.io)
    • assets(./liodeus.github.io/assets)
    • _includes(./liodeus.github.io/_includes)
    • _layouts(./liodeus.github.io/_layouts)
    • _posts(./liodeus.github.io/_posts)
  • OSEP-Code-Snippets(./OSEP-Code-Snippets)
    • AppLocker Bypass PowerShell Runspace(./OSEP-Code-Snippets/AppLocker Bypass PowerShell Runspace)
    • Fileless Lateral Movement(./OSEP-Code-Snippets/Fileless Lateral Movement)
    • Linux Shellcode Encoder(./OSEP-Code-Snippets/Linux Shellcode Encoder)
    • Linux Shellcode Loaders(./OSEP-Code-Snippets/Linux Shellcode Loaders)
    • MiniDump(./OSEP-Code-Snippets/MiniDump)
    • MSSQL(./OSEP-Code-Snippets/MSSQL)
    • PrintSpoofer.NET(./OSEP-Code-Snippets/PrintSpoofer.NET)
    • ROT Shellcode Encoder(./OSEP-Code-Snippets/ROT Shellcode Encoder)
    • Sections Shellcode Process Injector(./OSEP-Code-Snippets/Sections Shellcode Process Injector)
    • Shellcode Process Hollowing(./OSEP-Code-Snippets/Shellcode Process Hollowing)
    • Shellcode Process Injector(./OSEP-Code-Snippets/Shellcode Process Injector)
    • Simple Shellcode Runner(./OSEP-Code-Snippets/Simple Shellcode Runner)
    • XOR Shellcode Encoder(./OSEP-Code-Snippets/XOR Shellcode Encoder)
  • pentest_notebook(./pentest_notebook)
    • Active Directory(./pentest_notebook/Active Directory)
    • Blue Team(./pentest_notebook/Blue Team)
    • Cheatsheets(./pentest_notebook/Cheatsheets)
    • Code snippets(./pentest_notebook/Code snippets)
    • Consultation(./pentest_notebook/Consultation)
    • DFIR(./pentest_notebook/DFIR)
    • Metasploit(./pentest_notebook/Metasploit)
    • Mind Maps(./pentest_notebook/Mind Maps)
    • Mobile Pentest(./pentest_notebook/Mobile Pentest)
    • Networking(./pentest_notebook/Networking)
    • Network Pentest(./pentest_notebook/Network Pentest)
    • Privilege Escalation(./pentest_notebook/Privilege Escalation)
    • SCREENSHOTS(./pentest_notebook/SCREENSHOTS)
    • Scripts(./pentest_notebook/Scripts)
    • Testing Checklists(./pentest_notebook/Testing Checklists)
    • VA SCAN CONFIG(./pentest_notebook/VA SCAN CONFIG)
    • Web Pentest(./pentest_notebook/Web Pentest)
    • WIFI Pentest(./pentest_notebook/WIFI Pentest)
  • Awesome-Advanced-Windows-Exploitation-References(./Awesome-Advanced-Windows-Exploitation-References)
  • Buffer_Overflow(./Buffer_Overflow)
    • Screenshots(./Buffer_Overflow/Screenshots)
  • Cheatsheet-God(./Cheatsheet-God)
  • Linux-Privilege-Escalation(./Linux-Privilege-Escalation)
  • MSF-Venom-Cheatsheet(./MSF-Venom-Cheatsheet)
  • OSCP-Exam-Report-Template(./OSCP-Exam-Report-Template)
  • Red-Team-Infrastructure-Wiki(./Red-Team-Infrastructure-Wiki)
    • images(./Red-Team-Infrastructure-Wiki/images)
  • security-cheatsheets(./security-cheatsheets)
  • Open-Source-Security-List-(./Open-Source-Security-List-)
  • awesome-mitre-attack(./awesome-mitre-attack)
  • escalationserver(./escalationserver)
    • AutoLocalPrivilegeEscalation(./escalationserver/AutoLocalPrivilegeEscalation)
    • BeRoot(./escalationserver/BeRoot)
    • JAWS(./escalationserver/JAWS)
    • kernelpop(./escalationserver/kernelpop)
    • linux-smart-enumeration(./escalationserver/linux-smart-enumeration)
    • mimikatz(./escalationserver/mimikatz)
    • Powerless(./escalationserver/Powerless)
    • PowerLessShell(./escalationserver/PowerLessShell)
    • PowerSploit(./escalationserver/PowerSploit)
    • Privesc(./escalationserver/Privesc)
    • PrivEsc(./escalationserver/PrivEsc)
    • pypykatz(./escalationserver/pypykatz)
  • pentest-book(./pentest-book)
    • exploitation(./pentest-book/exploitation)
    • enumeration(./pentest-book/enumeration)
    • img(./pentest-book/img)
    • mobile(./pentest-book/mobile)
    • others(./pentest-book/others)
    • post-exploitation(./pentest-book/post-exploitation)
    • recon(./pentest-book/recon)
    • sections(./pentest-book/sections)
  • pentest_compilation(./pentest_compilation)
    • Phishing(./pentest_compilation/Phishing)
    • PostExplotation(./pentest_compilation/PostExplotation)
    • Recon(./pentest_compilation/Recon)
    • Shells(./pentest_compilation/Shells)
    • WebVulnerabilities(./pentest_compilation/WebVulnerabilities)
  • PENTESTING-BIBLE(./PENTESTING-BIBLE)
    • 1-part-100-article(./PENTESTING-BIBLE/1-part-100-article)
    • 10-part-100-article(./PENTESTING-BIBLE/10-part-100-article)
    • 11-part-24-article(./PENTESTING-BIBLE/11-part-24-article)
    • 2-part-100-article(./PENTESTING-BIBLE/2-part-100-article)
    • 2(./PENTESTING-BIBLE/2)
    • 3-part-100-article(./PENTESTING-BIBLE/3-part-100-article)
    • 4-part-100-article(./PENTESTING-BIBLE/4-part-100-article)
    • 5-part-100-article(./PENTESTING-BIBLE/5-part-100-article)
    • 6-part-100-article(./PENTESTING-BIBLE/6-part-100-article)
    • 7-part-100-article(./PENTESTING-BIBLE/7-part-100-article)
    • 8-part-100-article(./PENTESTING-BIBLE/8-part-100-article)
    • 9-part-100-article(./PENTESTING-BIBLE/9-part-100-article)
    • latest_articles(./PENTESTING-BIBLE/latest_articles)
    • new(./PENTESTING-BIBLE/new)
  • amr-git-dot.github.io(./amr-git-dot.github.io)
    • _includes(./amr-git-dot.github.io/_includes)
    • _layouts(./amr-git-dot.github.io/_layouts)
    • _pages(./amr-git-dot.github.io/_pages)
    • _sass(./amr-git-dot.github.io/_sass)
    • assets(./amr-git-dot.github.io/assets)
    • _data(./amr-git-dot.github.io/_data)
    • _posts(./amr-git-dot.github.io/_posts)
  • zer1t0.gitlab.io(./zer1t0.gitlab.io)
    • archetypes(./zer1t0.gitlab.io/archetypes)
    • content(./zer1t0.gitlab.io/content)
    • layouts(./zer1t0.gitlab.io/layouts)
    • static(./zer1t0.gitlab.io/static)
  • Active-Directory-Exploitation-Cheat-Sheet(./Active-Directory-Exploitation-Cheat-Sheet)
  • OSEP(./OSEP)
    • Bypass_Defender(./OSEP/Bypass_Defender)
    • Lateral_Movement(./OSEP/Lateral_Movement)
    • MSSQL(./OSEP/MSSQL)
    • Payloads(./OSEP/Payloads)
  • Pentest-Everything(./Pentest-Everything)
    • to-do-wip(./Pentest-Everything/to-do-wip)
    • writeups(./Pentest-Everything/writeups)
    • everything(./Pentest-Everything/everything)
    • resources(./Pentest-Everything/resources)
    • wip-osint(./Pentest-Everything/wip-osint)
  • RedTeaming_CheatSheet(./RedTeaming_CheatSheet)
    • cloud(./RedTeaming_CheatSheet/cloud)
    • coding(./RedTeaming_CheatSheet/coding)
    • infrastructure(./RedTeaming_CheatSheet/infrastructure)
    • windows-ad(./RedTeaming_CheatSheet/windows-ad)
  • tbhm(./tbhm)
    • v4(./tbhm/v4)
  • pronotes(./pronotes)
  • oscp-pre-preparation-plan-and-notes(./oscp-pre-preparation-plan-and-notes)
  • active-directory-pentest(./active-directory-pentest)
  • AD-Attack-Defense(./AD-Attack-Defense)
  • Security-Reference-Guide(./Security-Reference-Guide)
    • blue-defense(./Security-Reference-Guide/blue-defense)
    • code-tools(./Security-Reference-Guide/code-tools)
    • cyber-intelligence(./Security-Reference-Guide/cyber-intelligence)
    • dfir-digital-forensics-and-incident-response(./Security-Reference-Guide/dfir-digital-forensics-and-incident-response)
    • grey-privacy-tor-opsec(./Security-Reference-Guide/grey-privacy-tor-opsec)
    • red-offensive(./Security-Reference-Guide/red-offensive)
    • security-logging(./Security-Reference-Guide/security-logging)
    • training(./Security-Reference-Guide/training)
    • web-app-hacking(./Security-Reference-Guide/web-app-hacking)
  • port-forwarding(./port-forwarding)
  • Checklists(./Checklists)
  • Windows-Privilege-Escalation(./Windows-Privilege-Escalation)
  • Web-CTF-Cheatsheet(./Web-CTF-Cheatsheet)
    • scripts(./Web-CTF-Cheatsheet/scripts)
pentesting malware html