Lists (13)
Stars
Writeup and exploit for CVE-2023-45777, bypass for Intent validation inside AccountManagerService on Android 13 despite "Lazy Bundle" mitigation
Vulnerable app with examples showing how to not use secrets
Writeup and exploit for installed app to system privilege escalation on Android 12 Beta through CVE-2021-0928, a `writeToParcel`/`createFromParcel` serialization mismatch in `OutputConfiguration`
Community curated list of nuclei templates for finding "unknown" security vulnerabilities.
Chrome extension that finds DOM based XSS vulnerabilities
This script automates the generation of obfuscated and encoded XSS payloads to bypass common input filters and WAFs.
PoC and write-up for RCE in @fastify/view via EJS raw template injection
Map visualization and firewall for AWS activity, inspired by Little Snitch for macOS.
A tool for generating multiple types of NTLMv2 hash theft files by Jacob Wilkin (Greenwolf)
Chrome browser extension-based Command & Control
Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
A powerful, modular, lightweight and efficient command & control framework written in Nim.
🕷️ An undetectable, powerful, flexible, high-performance Python library to make Web Scraping Easy and Effortless as it should be!
xforcered / SoaPy
Forked from logangoins/SoaPySoaPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.
Active Directory Auditing and Enumeration
This cheat sheet outlines common enumeration and attack methods for Windows Active Directory using PowerShell.
Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.
A curated list of awesome GraphQL Security frameworks, libraries, software and resources
AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework. The tool generates tailored incident resp…