Stars
New exploitation tricks for hardened .NET Remoting servers
Offensive GPO dumping and analysis tool that leverages and enriches BloodHound data
Small and highly portable detection tests based on MITRE's ATT&CK.
chsrc 全平台通用换源工具与框架. Change Source everywhere for every software
proof-of-concept for generating Java deserialization payload | Proxy MemShell
Playwright is a framework for Web Testing and Automation. It allows testing Chromium, Firefox and WebKit with a single API.
A byte code analyzer for finding deserialization gadget chains in Java applications
A helpful Java Deserialization exploit framework.
A tool to exploit .NET DCOM for EoP and RCE. Is fixed in latest versions of the .NET.
Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)
A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
Resources About Windows Security. 1100+ Open Source Tools. 3300+ Blog Post and Videos.
Set of tools to analyze Windows sandboxes for exposed attack surface.
Workshop for finding software vulnerabilities using open source tools, which includes a Goat-like Python and C application
SharpDecryptPwd source, To Decrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etc
Additional resources for leaking and exploiting ObjRefs via HTTP .NET Remoting (CVE-2024-29059)
Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll
🔨 List all IP ranges from: Google (Cloud & GoogleBot), Bing (Bingbot), Amazon (AWS), Microsoft, Oracle (Cloud), GitHub, Facebook (Meta), OpenAI (GPTBot) and other with daily updates.
Prototype Pollution and useful Script Gadgets
Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
Simple scripts to backup your Synology NAS: configuration (in DSS file), all MySQL/MariaDB databases and home directory.