Pinned Repositories
Arsenal4BugBounty
Arsenal is just a quick inventory and launcher for bug bounty
Awesome-GPT-Agents
A curated list of GPT agents for cybersecurity
CVE-2023-27372
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
EDRSandblast
EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Notify Routine callbacks, Object Callbacks and ETW TI provider) and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring.
GTFOBins.github.io
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
hacktricks
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
nuts7.github.io
A blog about security, CTF writeups, researches and more
RedTeaming-Tactics-and-Techniques
Red Teaming Tactics and Techniques
nuts7's Repositories
nuts7/CVE-2023-27372
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
nuts7/nuts7.github.io
A blog about security, CTF writeups, researches and more
nuts7/RedTeaming-Tactics-and-Techniques
Red Teaming Tactics and Techniques
nuts7/Arsenal4BugBounty
Arsenal is just a quick inventory and launcher for bug bounty
nuts7/GTFOBins.github.io
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
nuts7/Awesome-GPT-Agents
A curated list of GPT agents for cybersecurity
nuts7/EDRSandblast
EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Notify Routine callbacks, Object Callbacks and ETW TI provider) and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring.
nuts7/hacktricks
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
nuts7/HellHall-Tartarus
Performing Indirect Clean Syscalls
nuts7/impacket
Impacket is a collection of Python classes for working with network protocols.
nuts7/linux-dotfiles
My dotfiles
nuts7/NetExec
The Network Execution Tool
nuts7/nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
nuts7/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
nuts7/SharpCollection
Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.
nuts7/The-Hacker-Recipes
This project is aimed at freely providing technical guides on various hacking topics: Active Directory services, web services, servers, intelligence gathering, physical intrusion, phishing, mobile apps, iot, social engineering, etc.
nuts7/Unprotect_Submission
Repository to publish your evasion techniques and contribute to the project
nuts7/VX-API
Collection of various malicious functionality to aid in malware development
nuts7/EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.