Pinned Repositories
.NETWebShell
.net 命令执行的webshell
AttackJNDI
绕过JEP290,无视JDK版本进行JNDI注入,但是需要Gadget
BurpShiroPassiveScan
一款基于BurpSuite的被动式shiro检测插件
CobaltStrikeReflectiveLoader
Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities.
CVE-2021-4035
PoC for PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)
CVE-2021-44077
Proof of Concept Exploit for ManageEngine ServiceDesk Plus CVE-2021-44077
hacktricks
ShiroExploit
ShiroExploit 是一款 Shiro 可视化利用工具,集成密钥爆破,命令回显内存马注入等功能
weblogic_exploit
weblogic漏洞利用工具
xray-crack
xray社区高级版证书生成,支持到 1.2.0 版本
bravery9's Repositories
bravery9/adPEAS
Powershell tool to automate Active Directory enumeration.
bravery9/Blackbone
Windows memory hacking library
bravery9/Blackout
kill anti-malware protected processes ( BYOVD) (Microsoft Won )
bravery9/BloodHound
Six Degrees of Domain Admin
bravery9/capa-rules
Standard collection of rules for capa: the tool for enumerating the capabilities of programs
bravery9/CVE-2023-36874_BOF
Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE
bravery9/DarkWidow
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing
bravery9/DllNotificationInjection
A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.
bravery9/EDRSandblast-GodFault
EDRSandblast-GodFault
bravery9/glider
glider is a forward proxy with multiple protocols support, and also a dns/dhcp server with ipset management features(like dnsmasq).
bravery9/Godzilla-Suo5MemShell
使用 Godzilla 一键注入 Suo5 内存马
bravery9/HexDnsEchoT
命令执行不回显但DNS协议出网的命令回显场景解决方案(修改为使用ceye接收请求,添加自定义DNS服务器)
bravery9/Home-Grown-Red-Team
bravery9/Java-Js-Engine-Payloads
Java Js Engine Payloads All in one
bravery9/java-memshell-generator
一款支持高度自定义的 Java 内存马生成工具
bravery9/js
js
bravery9/JYso
It can be either a JNDIExploit or a ysoserial. JYso是一个可以用于 jndi 注入攻击和生成反序列化数据流的工具。
bravery9/KrakenMask
Sleep obfuscation
bravery9/Learning-EDR-and-EDR_Evasion
I will be uploading all the codes which I created with the help either opensource projects or blogs. This is a step by step EDR learning path for me.
bravery9/malware
malware written for educational purposes
bravery9/MSSqlPwner
bravery9/ReflectiveDLLInjector
This program is used to perform reflective DLL Injection to a remote process specified by the user.
bravery9/SCMUACBypass
bravery9/SharpSystemTriggers
Collection of remote authentication triggers in C#
bravery9/SpringBoot-Scan
针对SpringBoot的开源渗透框架,以及Spring相关高危漏洞利用工具
bravery9/sysplant
Your syscall factory
bravery9/TGSThief
My implementation of the GIUDA project in C++
bravery9/VcenterKit
Vcenter综合渗透利用工具包 | Vcenter Comprehensive Penetration and Exploitation Toolkit
bravery9/vscode-maudit
Simple source code security audit helper
bravery9/WSPCoerce
PoC to coerce authentication from Windows hosts using MS-WSP