A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
☆18Mar 13, 2024Updated last year
Alternatives and similar repositories for awesome-threat-modelling
Users that are interested in awesome-threat-modelling are comparing it to the libraries listed below
Sorting:
- AWS X-Ray for Covert Command & Control☆45Oct 13, 2025Updated 4 months ago
- Checklist intended to be used as a baseline for assessing, designing, and testing the security of a MAM (Application Wrapping) solution☆20Sep 2, 2015Updated 10 years ago
- Making transparency normal!☆24Dec 18, 2023Updated 2 years ago
- Repository for Endpoint Security Testing☆35Jul 26, 2018Updated 7 years ago
- Generate and Permutate Context Aware Dictionaries for Application Testing☆11Aug 16, 2016Updated 9 years ago
- Apache HTTP-Server 2.4.49-2.4.50 Path Traversal & Remote Code Execution PoC (CVE-2021-41773 & CVE-2021-42013)☆12Aug 22, 2025Updated 6 months ago
- Eclipse plugin suite providing integration with security testing tools.☆11Apr 23, 2016Updated 9 years ago
- ☆10Nov 30, 2020Updated 5 years ago
- A Pythonic framework for threat modeling☆1,110Feb 24, 2026Updated last week
- Tools related to work with Attack Flow (https://github.com/center-for-threat-informed-defense/attack-flow)☆44Jun 6, 2022Updated 3 years ago
- Infrastructure-as-code for a serverless knowledge base using Amazon Bedrock, Aurora PostgreSQL (with pgvector), Lambda, and S3. This setu…☆19Mar 23, 2025Updated 11 months ago
- ☆10Jun 30, 2016Updated 9 years ago
- Collection of self-made Red Team tools that have come in handy☆12Aug 25, 2024Updated last year
- A fast python tool for creating permutations of alphanumerics☆11Mar 22, 2020Updated 5 years ago
- ☆10Nov 24, 2018Updated 7 years ago
- The ultimate tool to crafting your ARM shell code☆10Aug 7, 2015Updated 10 years ago
- Consolidated demo and source links from Bryant Zadegan and Ryan Lester's Black Hat / DEF CON talk "Abusing Bleeding Edge Web Standards fo…☆11Aug 19, 2017Updated 8 years ago
- libflutter.so(s) modified for traffic intercepting removing certificate pinning validation. Dart version is 2.10.5☆12Jul 11, 2021Updated 4 years ago
- Script to mass deauthenticate multiple wireless clients.☆12Jan 1, 2017Updated 9 years ago
- Simply runs through a wordlist of default/common group IDs and parses each hash to a separate file. Then it runs through the hashes with …☆10Feb 15, 2017Updated 9 years ago
- Adds a guard to disable ObjectInputStream.readObject☆11Dec 6, 2015Updated 10 years ago
- This application contains intentional security vulnerabilities and should never be deployed in production environments or exposed to the …☆16Apr 25, 2025Updated 10 months ago
- Test Azure environment for MFA misconfigurations☆12Jan 13, 2023Updated 3 years ago
- Security Scanning Samples with cnspec, cnquery, and Mondoo Platform☆16Feb 25, 2026Updated last week
- Musings from the brainpan.☆10Jan 8, 2019Updated 7 years ago
- Miscellaneous parsing scripts for penetration testing☆12Jul 17, 2023Updated 2 years ago
- gRPC / gRPC-Web Pentest Practicing Lab☆10Aug 29, 2023Updated 2 years ago
- PoC: process watcher patterns to make killing a process hard.☆11Aug 1, 2018Updated 7 years ago
- ☆10Jan 22, 2016Updated 10 years ago
- ☆10Jul 6, 2016Updated 9 years ago
- Distributed parallelization of tasks☆41Jan 21, 2014Updated 12 years ago
- Outputs vs. outcomes: what's the different and why does it matter?☆16Apr 14, 2025Updated 10 months ago
- A Pawn p-code interpreter written in C++☆25Oct 13, 2022Updated 3 years ago
- A Frida MCP server to enable autonomous AI assistance for Android instrumentation☆33Feb 8, 2026Updated last month
- Examples for the series of blog posts on Understanding Non Blocking I/O with Python☆10May 31, 2015Updated 10 years ago
- WIP: A set of policies based on Catalyze.io's open sourced and vetted policies for HIPPA compliance.☆13Dec 26, 2014Updated 11 years ago
- Custom Fortify SCA rules to detect common JSSE certification validation flaws☆11Nov 18, 2015Updated 10 years ago
- ☆11Oct 3, 2021Updated 4 years ago
- My solutions in Python for Corelan's Exploit Writing Tutorials☆13Jun 2, 2016Updated 9 years ago