chiaifan

chiaifan's Stars

• nomi-sec/PoC-in-GitHub

  📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

  6.4k427281.2k

• TideSec/BypassAntiVirus

  远控免杀系列文章及配套工具，汇总测试了互联网上的几十种免杀工具、113种白名单免杀方式、8种代码编译免杀、若干免杀实战技术，并对免杀效果进行了一一测试，为远控的免杀和杀软对抗免杀提供参考。

  Language:XSLT4.5k95131.2k

• hluwa/frida-dexdump

  A frida tool to dump dex in memory to support security engineers analyzing malware.

  Language:Python3.9k6860889

• xiaoy-sec/Pentest_Note

  渗透测试常规操作记录

  3.7k783922

• blackorbird/APT_REPORT

  Interesting APT Report Collection And Some Special IOC

  Language:Python2.4k2083506

• aleenzz/Cobalt_Strike_wiki

  Cobalt Strike系列

  2.2k486576

• gquere/pwn_jenkins

  Notes about attacking Jenkins servers

  Language:Python1.9k462321

• insightglacier/Dictionary-Of-Pentesting

  Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

  Language:Shell1.9k472355

• wyzxxz/jndi_tool

  JNDI服务利用工具 RMI/LDAP，支持部分场景回显、内存shell，高版本JDK场景下利用等，fastjson rce命令执行，log4j rce命令执行 漏洞检测辅助工具

  1.9k2719317

• mitre/cti

  Cyber Threat Intelligence Repository expressed in STIX 2.0

  1.7k160170412

• Neo23x0/yarGen

  yarGen is a generator for YARA rules

  Language:Python1.5k9134281

• w-digital-scanner/w12scan

  🚀 A simple asset discovery engine for cybersecurity. (网络资产发现引擎)

  Language:CSS1.3k4582357

• 0x09AL/RdpThief

  Extracting Clear Text Passwords from mstsc.exe using API Hooking.

  Language:C++1.2k333349

• JackOfMostTrades/gadgetinspector

  A byte code analyzer for finding deserialization gadget chains in Java applications

  Language:Java977266221

• ly4k/CurveBall

  PoC for CVE-2020-0601- Windows CryptoAPI (Crypt32.dll)

  Language:Ruby886334270

• Debian/apt

  Mirror of the apt git repository - This is just a mirror of the upstream repository, please submit pull requests there: https://salsa.debian.org/apt-team/apt

  Language:C++530570188

• Areizen/JNI-Frida-Hook

  Script to quickly hook natives call to JNI in Android

  Language:JavaScript529184114

• TheTwitchy/xxer

  A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.

  Language:Python5098087

• boy-hack/airbug

  Airbug(空气洞)，收集漏洞poc用于安全产品

  Language:Python355153101

• biggerwing/nsfocus-rsas-knowledge-base

  绿盟科技漏洞扫描器(RSAS)漏洞库

  Language:HTML3488397

• apt69/COMahawk

  Privilege Escalation: Weaponizing CVE-2019-1405 and CVE-2019-1322

  Language:C++34712078

• GraxCode/cafecompare

  Java code comparison tool (jar / class)

  Language:Java32913536

• Ridter/cve-2020-0688

  cve-2020-0688

  Language:Python32110293

• flankerhqd/vendor-android-cves

  Collections of my POCs for android vendor CVEs

  Language:C25516258

• mhaskar/RCEScanner

  Simple python script to extract unsafe functions from php projects

  Language:Python1956045

• Litch1-v/ysoserial

  A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

  Language:Java1826527

• Cherishao/APT-Sample

  Pull some Malware samples here for other security researchers/malware analyst's to analyze and play with.

  Language:HTML17313168

• motikan2010/CVE-2020-5398

  CVE-2020-5398 - RFD(Reflected File Download) Attack for Spring MVC

  Language:Java842119

• beerpwn/CVE

  CVE, reports, research

  Language:Python16305

• dmgy10/Pentest

  Language:Python9205