Pinned Repositories
-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server
This vulnerability allows an unauthenticated attacker to remotely execute arbitrary code on a vulnerable Confluence server. The vulnerability exists due to an improper validation of user-supplied input in the Confluence REST API. This allows an attacker to inject malicious code into the Confluence server, which can then be executed by the server
-shell
Msmap is a Memory WebShell Generator.
360tianqingRCE
捕获攻击队0day 360tianqingRCE
AMON-Eye
cve-2024-6387-pocx
Freeze-EDRBypass
Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods
Nimcrypt2
.NET, PE, & Raw Shellcode Packer/Loader Written in Nim
SMBploit
Offensive tool to scan & exploit vulnerabilities in Microsoft Windows over the Samba protocol (SMB) SMBv1/SMBv2 using the Metasploit Framework
thanatos
Mythic C2 agent targeting Linux and Windows hosts written in Rust
x2Ldr
nim免杀过某数字、某绒
r00t7oo2jm's Repositories
r00t7oo2jm/360tianqingRCE
捕获攻击队0day 360tianqingRCE
r00t7oo2jm/AD-description-password-finder
Retrieve AD accounts description and search for password in it
r00t7oo2jm/AMSI-Bypasses
This repository contains several AMSI bypasses. These bypasses are based on some very nice research that has been put out by some awesome people. I really recommend checking them out: https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Korkos-AMSI-and-Bypass.pdf and https://rastamouse.me/memory-patching-amsi-bypass/
r00t7oo2jm/Anti-Virus-Evading-Payloads
During the exploitation phase of a pen test or ethical hacking engagement, you will ultimately need to try to cause code to run on target system computers. Whether accomplished by phishing emails, delivering a payload through an exploit, or social engineering, running code on target computers is part of most penetration tests. That means that you will need to be able to bypass antivirus software or other host-based protection for successful exploitation. The most effective way to avoid antivirus detection on your target's computers is to create your own customized backdoor. Here is a simple way to evade anti-virus software when creating backdoors!
r00t7oo2jm/antiHoneypot
一个拦截 XSSI & 识别Web蜜罐的Chrome扩展
r00t7oo2jm/CallStackSpoofer
A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
r00t7oo2jm/CentOS-WebPanel
Proof of concepts scripts for vulnerabilities in CentOS Web Panel
r00t7oo2jm/CobaltStrike-Malleable-Profile
CobaltStrike Malleable Profile
r00t7oo2jm/cobaltstrike4.5_cdf
cobaltstrike4.5版本破/解、去除checksum8特征、bypass BeaconEye、修复错误路径泄漏stage、增加totp双因子验证等
r00t7oo2jm/EHole
EHole(棱洞)3.0 重构版-红队重点攻击系统指纹探测工具
r00t7oo2jm/FuckThatPacker
A simple python packer to easily bypass Windows Defender
r00t7oo2jm/go-shellcode-loader
GO免杀shellcode加载器混淆AES加密
r00t7oo2jm/GOAD
game of active directory
r00t7oo2jm/GoBP
Bypass Antivirus by Golang
r00t7oo2jm/hashview
A web front-end for password cracking and analytics
r00t7oo2jm/HiddenzHVNC
R.I.P. HIVE/Hiddenz/Mistercoenkel. This is free release for all kids who got scammed/ghosted by gentelman mentioned above. Have fun...
r00t7oo2jm/Logsensor
A Powerful Sensor Tool to discover login panels, and POST Form SQLi Scanning
r00t7oo2jm/MHDDoS
Best DDoS Attack Script Python3, (Cyber / DDos) Attack With 56 Methods
r00t7oo2jm/MYExploit
OAExploit一款基于产品的一键扫描工具。
r00t7oo2jm/nanodump
A crappy LSASS dumper with no ASCII art
r00t7oo2jm/Nginx1.21.5_stack-overflow
1
r00t7oo2jm/NimShellCodeLoader
使用nim编写的shellcode加载器
r00t7oo2jm/PSSW100AVB
A list of useful Powershell scripts with 100% AV bypass (At the time of publication).
r00t7oo2jm/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
r00t7oo2jm/Shellcode-Downloader-CreateThread-Execution
This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and download and execute your C2-shellcode which is hosted on your (C2)-webserver.
r00t7oo2jm/Slient-Doc-Pdf-Exploit-Builder-Fud-Malware-Cve
Vulnerability Disclosure Timeline Closer inspection of the Exploit PDF content reveals the malicious link as well as the URL Download and Execute of the tool used to generate the Exploit PDF from Python encrypted code content which we also implement in couple of our builders. Silent PDF Exploit silent-pdf-exploit-2018silent-pdf-exploit-2018 Silent PDF Exploit There are multiple Exploit PDF in Silent PDF Exploit, a package commonly used by web services to process Exploit PDF File. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted PDF. The exploit for this vulnerability is being used in the wild.
r00t7oo2jm/Slient-Doc-Pdf-Exploit-Builder-Fud-Malware-Cve-1
Vulnerability Disclosure Timeline Closer inspection of the Exploit PDF content reveals the malicious link as well as the URL Download and Execute of the tool used to generate the Exploit PDF from Python encrypted code content which we also implement in couple of our builders.
r00t7oo2jm/spring-spel-0day-poc
spring-cloud / spring-cloud-function,spring.cloud.function.routing-expression,RCE,0day,0-day,POC,EXP
r00t7oo2jm/Taskschedule-Persistence-Download-Cradles
Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged
r00t7oo2jm/TripleCross
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.