Pinned Repositories
Abusing-Roku-APIs
A fun repository on how to externally issue commands to Roku devices utilizing the External Control Protocol (ECP). The repository covers how to enumerate devices, issue commands via "curl," and designing custom scripts to mess with friends and family!
All-Things-S7
A repository dedicated to all things S7 - Wireshark dissectors, nmap enumeration scripts, and exploits. Dive into the world of Siemens automation with everything from protocol analysis to cross-site scripting exploitation on TIA portal.
Anti-Virus-Evading-Payloads
During the exploitation phase of a pen test or ethical hacking engagement, you will ultimately need to try to cause code to run on target system computers. Whether accomplished by phishing emails, delivering a payload through an exploit, or social engineering, running code on target computers is part of most penetration tests. That means that you will need to be able to bypass antivirus software or other host-based protection for successful exploitation. The most effective way to avoid antivirus detection on your target's computers is to create your own customized backdoor. Here is a simple way to evade anti-virus software when creating backdoors!
apache2.c
Download powershell string
CimSweep
CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.
commando-vm
Complete Mandiant Offensive VM (Commando VM), the first full Windows-based penetration testing virtual machine distribution. The security community recognizes Kali Linux as the go-to penetration testing platform for those that prefer Linux. Commando VM is for penetration testers that prefer Windows. We know that building a Windows penetration testing environment can be tedious - we aim to streamline and simplify this process. Commando VM includes over 140 tools.
CVE-2021-3156
Sudo heap-based buffer overflow privilege escalation commands and mitigations.
CVE-2021-40444
CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit
CVE-2023-38831-winrar-exploit
CVE-2023-38831 winrar exploit generator
d3c3ptic0n
Config files for my GitHub profile.
d3c3ptic0n's Repositories
d3c3ptic0n/All-Things-S7
A repository dedicated to all things S7 - Wireshark dissectors, nmap enumeration scripts, and exploits. Dive into the world of Siemens automation with everything from protocol analysis to cross-site scripting exploitation on TIA portal.
d3c3ptic0n/Abusing-Roku-APIs
A fun repository on how to externally issue commands to Roku devices utilizing the External Control Protocol (ECP). The repository covers how to enumerate devices, issue commands via "curl," and designing custom scripts to mess with friends and family!
d3c3ptic0n/Anti-Virus-Evading-Payloads
During the exploitation phase of a pen test or ethical hacking engagement, you will ultimately need to try to cause code to run on target system computers. Whether accomplished by phishing emails, delivering a payload through an exploit, or social engineering, running code on target computers is part of most penetration tests. That means that you will need to be able to bypass antivirus software or other host-based protection for successful exploitation. The most effective way to avoid antivirus detection on your target's computers is to create your own customized backdoor. Here is a simple way to evade anti-virus software when creating backdoors!
d3c3ptic0n/commando-vm
Complete Mandiant Offensive VM (Commando VM), the first full Windows-based penetration testing virtual machine distribution. The security community recognizes Kali Linux as the go-to penetration testing platform for those that prefer Linux. Commando VM is for penetration testers that prefer Windows. We know that building a Windows penetration testing environment can be tedious - we aim to streamline and simplify this process. Commando VM includes over 140 tools.
d3c3ptic0n/CVE-2021-3156
Sudo heap-based buffer overflow privilege escalation commands and mitigations.
d3c3ptic0n/CVE-2021-40444
CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit
d3c3ptic0n/CVE-2023-38831-winrar-exploit
CVE-2023-38831 winrar exploit generator
d3c3ptic0n/d3c3ptic0n
Config files for my GitHub profile.
d3c3ptic0n/DNS-Fender
A Proof-of-Concept tool utilizing open DNS resolvers to produce an amplification attack against web servers. Using Shodan APIs and native Linux commands, this tool is in development to cripple web servers using spoofed DNS recursive queries.
d3c3ptic0n/drupwn
Drupal enumeration & exploitation tool
d3c3ptic0n/Enumerating-ICS-SCADA-Devices
A compilation of scripts and scans for discovering and enumerating industrial control and SCADA devices. Utilizing open-source tools, I have compiled scans and scripts for targeting Operational Technology (OT) devices and hosts!
d3c3ptic0n/FortiOS-Backdoor
Unauthenticated SSL VPN User Password Modification for FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10.
d3c3ptic0n/gobuster
Directory/file & DNS busting tool written in Go
d3c3ptic0n/h8mail
Email OSINT and password breach hunting. Use h8mail to find passwords through different breach and reconnaissance services, or the infamous Breached Compilation torrent
d3c3ptic0n/ibombshell
Tool to deploy a post-exploitation prompt at any time
d3c3ptic0n/joomscan
OWASP Joomla Vulnerability Scanner Project
d3c3ptic0n/LinEnum
Scripted Local Linux Enumeration & Privilege Escalation Checks
d3c3ptic0n/MS17-010
MS17-010
d3c3ptic0n/nikto
Nikto web server scanner
d3c3ptic0n/owtf
Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp
d3c3ptic0n/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
d3c3ptic0n/polarbearrepo
d3c3ptic0n/Red-Teaming-Toolkit
A collection of open source and commercial tools that aid in red team operations.
d3c3ptic0n/Red-Teaming-TTPs
Useful Techniques, Tactics, and Procedures for red teamers and defenders, alike!
d3c3ptic0n/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
d3c3ptic0n/sqlmap
Automatic SQL injection and database takeover tool
d3c3ptic0n/Striker
Striker is an offensive information and vulnerability scanner.
d3c3ptic0n/TheFatRat
Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack,dll . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV software protection .
d3c3ptic0n/WindowsKiller
Generates a flood of Router Advertisements (RA) with random source MAC addresses and IPv6 prefixes. Computers, which have stateless autoconfiguration enabled by default (every major OS), will start to compute IPv6 suffix and update their routing table to reflect the accepted announcement. This will cause 100% CPU usage on Windows and platforms, preventing to process other application requests.
d3c3ptic0n/zirikatu
Fud Payload generator script