Pinned Repositories
CVE-2023-27372
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
EDRSandblast
EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Notify Routine callbacks, Object Callbacks and ETW TI provider) and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring.
GTFOBins.github.io
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
nuts7.github.io
A blog about security, CTF writeups, researches and more
RedTeaming-Tactics-and-Techniques
Red Teaming Tactics and Techniques
The-Hacker-Recipes
This project is aimed at freely providing technical guides on various hacking topics: Active Directory services, web services, servers, intelligence gathering, physical intrusion, phishing, mobile apps, iot, social engineering, etc.
Unprotect_Submission
Repository to publish your evasion techniques and contribute to the project
nuts7's Repositories
nuts7/CVE-2023-27372
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
nuts7/RedTeaming-Tactics-and-Techniques
Red Teaming Tactics and Techniques
nuts7/nuts7.github.io
A blog about security, CTF writeups, researches and more
nuts7/GTFOBins.github.io
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
nuts7/EDRSandblast
EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Notify Routine callbacks, Object Callbacks and ETW TI provider) and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring.
nuts7/nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
nuts7/The-Hacker-Recipes
This project is aimed at freely providing technical guides on various hacking topics: Active Directory services, web services, servers, intelligence gathering, physical intrusion, phishing, mobile apps, iot, social engineering, etc.
nuts7/Unprotect_Submission
Repository to publish your evasion techniques and contribute to the project
nuts7/Arsenal4BugBounty
Arsenal is just a quick inventory and launcher for bug bounty
nuts7/Awesome-GPT-Agents
A curated list of GPT agents for cybersecurity
nuts7/hacktricks
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
nuts7/linux-dotfiles
My dotfiles
nuts7/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
nuts7/SharpCollection
Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.
nuts7/VX-API
Collection of various malicious functionality to aid in malware development
nuts7/EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.