chiaifan's Stars
nomi-sec/PoC-in-GitHub
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
TideSec/BypassAntiVirus
远控免杀系列文章及配套工具,汇总测试了互联网上的几十种免杀工具、113种白名单免杀方式、8种代码编译免杀、若干免杀实战技术,并对免杀效果进行了一一测试,为远控的免杀和杀软对抗免杀提供参考。
hluwa/frida-dexdump
A frida tool to dump dex in memory to support security engineers analyzing malware.
xiaoy-sec/Pentest_Note
渗透测试常规操作记录
blackorbird/APT_REPORT
Interesting APT Report Collection And Some Special IOC
aleenzz/Cobalt_Strike_wiki
Cobalt Strike系列
gquere/pwn_jenkins
Notes about attacking Jenkins servers
insightglacier/Dictionary-Of-Pentesting
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
wyzxxz/jndi_tool
JNDI服务利用工具 RMI/LDAP,支持部分场景回显、内存shell,高版本JDK场景下利用等,fastjson rce命令执行,log4j rce命令执行 漏洞检测辅助工具
mitre/cti
Cyber Threat Intelligence Repository expressed in STIX 2.0
Neo23x0/yarGen
yarGen is a generator for YARA rules
w-digital-scanner/w12scan
🚀 A simple asset discovery engine for cybersecurity. (网络资产发现引擎)
0x09AL/RdpThief
Extracting Clear Text Passwords from mstsc.exe using API Hooking.
JackOfMostTrades/gadgetinspector
A byte code analyzer for finding deserialization gadget chains in Java applications
ly4k/CurveBall
PoC for CVE-2020-0601- Windows CryptoAPI (Crypt32.dll)
Debian/apt
Mirror of the apt git repository - This is just a mirror of the upstream repository, please submit pull requests there: https://salsa.debian.org/apt-team/apt
Areizen/JNI-Frida-Hook
Script to quickly hook natives call to JNI in Android
TheTwitchy/xxer
A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.
boy-hack/airbug
Airbug(空气洞),收集漏洞poc用于安全产品
biggerwing/nsfocus-rsas-knowledge-base
绿盟科技漏洞扫描器(RSAS)漏洞库
apt69/COMahawk
Privilege Escalation: Weaponizing CVE-2019-1405 and CVE-2019-1322
GraxCode/cafecompare
Java code comparison tool (jar / class)
Ridter/cve-2020-0688
cve-2020-0688
flankerhqd/vendor-android-cves
Collections of my POCs for android vendor CVEs
mhaskar/RCEScanner
Simple python script to extract unsafe functions from php projects
Litch1-v/ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Cherishao/APT-Sample
Pull some Malware samples here for other security researchers/malware analyst's to analyze and play with.
motikan2010/CVE-2020-5398
CVE-2020-5398 - RFD(Reflected File Download) Attack for Spring MVC
beerpwn/CVE
CVE, reports, research
dmgy10/Pentest