Stars
Take a screenshot without injection for Cobalt Strike
Some Service DCOM Object and SeImpersonatePrivilege abuse.
A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅
云资产管理工具 目前工具定位是云安全相关工具,目前是两个模块 云存储工具、云服务工具, 云存储工具主要是针对oss存储、查看、删除、上传、下载、预览等等 云服务工具主要是针对rds、服务器的管理,查看、执行命令、接管等等
自动化反编译微信小程序,小程序安全评估工具,发现小程序安全问题,自动解密,解包,可还原工程目录,支持Hook,小程序修改
Weekly Go Online Meetup via Bilibili|Go 夜读|通过 bilibili 在线直播的方式分享 Go 相关的技术话题,每天大家在微信/telegram/Slack 上及时沟通交流编程技术话题。
一个 CLASS 文件混淆工具,支持方法名/字段名/参数名引用分析和重命名混淆方式,支持字符串提取/AES加密运行时解密/整型异或混淆/垃圾代码花指令混淆/等方式,支持方法和字段的隐藏,支持INVOKE指令改反射调用,配置简单,容易上手
Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing.
AADInternals PowerShell module for administering Azure AD and Office 365
PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager
Pentesting cheatsheet with all the commands I learned during my learning journey. Will try to to keep it up-to-date.
Citrix Virtual Apps and Desktops (XEN) Unauthenticated RCE
Kscan是一款纯go开发的全方位扫描器,具备端口扫描、协议检测、指纹识别,暴力破解等功能。支持协议1200+,协议指纹10000+,应用指纹20000+,暴力破解协议10余种。
riverPass 是一个用Go编写的瑞数WAF绕过工具。它利用了WebSocket协议,将请求发送的自身浏览器中,从而绕过了瑞数WAF的检测。
《Golang学习资源大全-只有Go语言才能改变世界》Only Golang Can Change The World.
《Go语言安全-只有Go安全才能拯救地球》Only Golang Security Can Save The Earth.
Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.