frohoff
building things, breaking things, building things that break things. ysoserial night janitor. journeyman ctf plumber. he/him
San Diego, CA
Pinned Repositories
appseccali-marshalling-pickles
Slide deck from AppSecCali 2015 Talk "Marshalling Pickles: how deserializing objects will ruin your day"
ciphr
CLI crypto swiss-army knife for performing and composing encoding, decoding, encryption, decryption, hashing, and other various cryptographic operations on streams of data from the command line; mostly intended for ad hoc, infosec-related uses.
grepcidr
from http://www.pc-tools.net/unix/grepcidr/
inspector-gadget
Primitive tool for exploring/querying Java classes via the Tinkerpop Gremlin graph traversal language
jdk8u-dev-jdk
jdk8u-jdk
marshalsec
owaspsd-deserialize-my-shorts
Slide deck from OWASP SD Talk "Deserialize My Shorts: Or How I Learned to Start Worrying and Hate Java Object Deserialization"
ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
frohoff's Repositories
frohoff/burp-plugin-requestutils
Plugin for manipulating requests in PortSwigger Burp Suite Pro v1.5+
frohoff/gitlabhq
Project management and code hosting application. Follow us on twitter @gitlabhq
frohoff/jsdetox
A Javascript malware analysis tool
frohoff/multiplexd
run ssh, https, and openvpn on the same port
frohoff/pacemaker
Heartbleed (CVE-2014-0160) client exploit
frohoff/rest-client
Simple HTTP and REST client for Ruby, inspired by microframework syntax for specifying actions.
frohoff/reverse-proxy-auth-plugin
frohoff/burp-debug
frohoff/CTF-Scoreboard
A scoreboard for Security CTF events
frohoff/dotfiles
frohoff/git
Git Source Code Mirror - This is a publish-only repository and all pull requests are ignored. Please follow Documentation/SubmittingPatches procedure for any of your improvements.
frohoff/ircbots
frohoff/JavaPayload
JavaPayload is a collection of pure Java payloads to be used for post-exploitation from pure Java exploits or from common misconfigurations (like not password protected Tomcat manager or debugger port).
frohoff/JMD
Java bytecode analysis/deobfuscation tool
frohoff/libbf
Library for binary file manipulation
frohoff/serialization
Extender module for BurpSuite to decode and re-encode JAVA Object Serialization for security testing
frohoff/sparring
Network simulation for malware analysis.
frohoff/sqlmap
Automatic SQL injection and database takeover tool
frohoff/stripe-ctf-2.0
Capture the Flag: Web Edition https://stripe.com/blog/capture-the-flag-20
frohoff/BytecodeParser
A Java library to parse JVM bytecode, simulate the stack and extract as much information as possible
frohoff/courier
send electronic mail with scala
frohoff/fast-serialization
FST: fast java serialization drop in-replacement http://ruedigermoeller.github.io/fast-serialization/
frohoff/jquery.tocify.js
A jQuery Table of Contents plugin that can be themed with Twitter Bootstrap or jQueryUI.
frohoff/pivot-php-app
frohoff/rails
Ruby on Rails
frohoff/speech-synthesis
Speech Synthesis polyfill
frohoff/spray-template
SBT template project for quickly getting started with spray-server