Pinned Repositories
All-Defense-Tool
本项目集成了全网优秀的攻防武器工具项目,包含自动化利用,子域名、目录扫描、端口扫描等信息收集工具,各大中间件、cms漏洞利用工具,爆破工具、内网横向及免杀、社工钓鱼以及应急响应等资料。
AttackFastjson
Fastjson姿势技巧集合
awesome-cybersecurity-blueteam-cn
网络安全 · 攻防对抗 · 蓝队清单,中文版
Awesome-POC
一个各类漏洞POC知识库
cf
Cloud Exploitation Framework 云环境利用框架,方便红队人员在获得 AK 的后续工作
cicd_git_rce
CVE-2019-16097
CVE-2019-16097 PoC
Exchange-AD-Privesc
Exchange privilege escalations to Active Directory
S4UTomato
Escalate Service Account To LocalSystem via Kerberos
SharpCollection
Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.
jimmysax's Repositories
jimmysax/S4UTomato
Escalate Service Account To LocalSystem via Kerberos
jimmysax/SharpCollection
Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.
jimmysax/All-Defense-Tool
本项目集成了全网优秀的攻防武器工具项目,包含自动化利用,子域名、目录扫描、端口扫描等信息收集工具,各大中间件、cms漏洞利用工具,爆破工具、内网横向及免杀、社工钓鱼以及应急响应等资料。
jimmysax/AttackFastjson
Fastjson姿势技巧集合
jimmysax/awesome-cybersecurity-blueteam-cn
网络安全 · 攻防对抗 · 蓝队清单,中文版
jimmysax/Awesome-POC
一个各类漏洞POC知识库
jimmysax/cf
Cloud Exploitation Framework 云环境利用框架,方便红队人员在获得 AK 的后续工作
jimmysax/cicd_git_rce
jimmysax/CVE-2019-16097
CVE-2019-16097 PoC
jimmysax/Exchange-AD-Privesc
Exchange privilege escalations to Active Directory
jimmysax/FastJsonParty
FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本),主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
jimmysax/GIUDA
Ask a TGS on behalf of another user without password
jimmysax/HIKVISION_iSecure_Center-RCE
HIKVISION iSecure Center RCE 海康威视综合安防管理平台任意文件上传 POC&EXP(一键getshell)
jimmysax/JavaStudy
jimmysax/JavaVulDebug
Java漏洞调试分析集合
jimmysax/git_rce
Exploit PoC for CVE-2024-32002
jimmysax/LDAPShell
A wrapper of ldap_shell.py module which in ntlmrelayx
jimmysax/MemoryShell
JavaWeb MemoryShell Inject/Scan/Killer/Protect Research & Exploring
jimmysax/msmap
Msmap is a Memory WebShell Generator.
jimmysax/NacosExploit
NacosExploit 命令执行 内存马等利用
jimmysax/noPac
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
jimmysax/OSCP
OSCP Cheat Sheet
jimmysax/PLtools
整理一些内网常用渗透小工具
jimmysax/POC
2023HW漏洞整理,收集整理漏洞EXp/POC,大部分漏洞来源网络,目前收集整理了100多个poc/exp
jimmysax/pocList
forked常见的poc
jimmysax/ProxyVulns
[ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed RawIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains. [ProxyShell] CVE-2021-34473 & CVE-2021-34523 & CVE-2021-31207 Exploit Chains.
jimmysax/redteam_vul
红队作战中比较常遇到的一些重点系统漏洞整理。
jimmysax/SharpProxyLogon
C# POC for CVE-2021-26855 aka ProxyLogon, supports the classically semi-interactive web shell as well as shellcode injection
jimmysax/supplier
主流供应商的一些攻击性漏洞汇总
jimmysax/WindowsElevation
Windows Elevation(持续更新)