Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)

Electron JS Browser To Find XSS Vulnerabilities Automatically

PoCs for public CVE's I have been working on.

Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team.

SharpWMI is a C# implementation of various WMI functionality.

Cobalt Strike Shellcode Generator

Metasploit Framework

multi-platform(cross-platform) version of udp2raw-tunnel, which supports Windows/Mac/BSD natively. Client-Only at the moment.

A Tunnel which Turns UDP Traffic into Encrypted UDP/FakeTCP/ICMP Traffic by using Raw Socket,helps you Bypass UDP FireWalls(or Unstable UDP Environment)

Outlook persistence using VSTO add-ins

Publicly Open Amazon AWS S3 Bucket Viewer

Apache Flink 目录遍历漏洞批量检测 (CVE-2020-17519)

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️🔥

CrackQ: A Python Hashcat cracking queue system

Open Source Cobalt Strike Beacon. Unreleased, in research stages.

A simple Go script to brute force or parse a password-protected PKCS#12 (PFX/P12) file.

Simple (relatively) things allowing you to dig a bit deeper than usual.

SolarWinds Orion Account Audit / Password Dumping Utility

Proof of Concepts

Recovers passwords from pixelized screenshots

Exchange2010 authorized RCE

红队作战中比较常遇到的一些重点系统漏洞整理。

Bitcoin address generator (bech32, segwit, paper wallets, BIP39 seed, etc.)

PoC demonstrating the use of cve-2020-1034 for privilege escalation

The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digi…

PoC para las vulnerabilidades CVE-2020-14750 y cve-2020-14882

My musings in C and offensive tooling

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication