An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about DevSecOps in Cybersecurity.

Web Application Pentesting Lab with over 40 plus vulnerability, which covers all the owasp top 10 issues.

Compromise a web application and delve deeper into the network to access hosts that you cannot directly reach from your attack host using different approaches.

Python-based keylogger for ethical use, capturing keystrokes and emailing logs. Features include retry logic for email delivery, log file management, and cross-platform support (Windows/Linux). Configurable for auto-start via systemd or Startup folder. Designed for educational purposes, penetration testing with consent, and self-monitoring.

A hands-on simulation of attacking a vulnerable login page using Python. This repo includes a Flask-based vulnerable login page and Python scripts to exploit weaknesses in regex validation and brute-force login attempts. Perfect for learning web penetration testing basics and ethical hacking techniques.

This repository is designed for educational purposes, with real code, real labs, and real-world logic — but zero bullshit.

Deploy GOAD labs to ESXi

Code from exercises and labs on TryHackMe. TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs on the browser!

Professional Hardware Security Lab Setup | PCB analysis, firmware extraction, and embedded systems testing environment

Cybersecurity portfolio showcasing hands-on offensive tools — ESP8266, Raspberry Pi Pico W, Python & Kali Linux.

Pentest Lab: Recon (Nmap) + DAST (OWASP ZAP baseline/full) against OWASP Juice Shop with reproducible HTML/TXT/PNG evidence and optional SOC correlation.

This project turns a Raspberry Pi 4 into a DShield honeypot to capture and study network probes and brute-force attempts in a safe lab

Educational password security analysis lab demonstrating password cracking techniques using John the Ripper in a controlled VirtualBox environment. Complete setup guide included.

Reproducible lab for CVE-2020-0610 (BlueGate) - Windows RD Gateway UDP/DTLS remote code execution vulnerability. Includes PowerShell scripts, setup guide, and nuclei template validation examples.

A Python-based Intrusion Detection System (IDS) that monitors network traffic to detect port scans and SSH brute force attacks. Built using Scapy and validated with Wireshark in an isolated virtual network environment.

CVE-2016-15042 lab: Dockerized WordPress PoC for unauthenticated file upload in Frontend File Manager <4.0 and N‑Media Post Front‑end Form <1.1

What's Been Set Up: Complete Codebase - All components implemented and tested Git Repository - Initialized with proper commit history Documentation - Comprehensive guides and API docs GitHub Workflows - CI/CD pipeline with security testing Community Files - Contributing guide, issue templates, PR templates Open Source License

Detect TCP SYN port scanning with Suricata → Filebeat → Elasticsearch → Kibana. Includes local rules, Kibana dashboard (NDJSON export), and backup scripts.

Snort → Splunk home-lab that detects Nmap portscans and visualizes alerts (top sources/ports, timeline, last 50). Includes SPL & helper scripts

Collection of practical codes for Savitribai Phule Pune University's Information Security Laboratory (310258) .