DummyKitty's Projects
代码审计知识点整理-Java
Code execution via Python package installation.
x64 binary obfuscator
ARL官方仓库备份项目:ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。傻瓜式导入url即可实现批量getshell。批量自动化测试。例如:Thinkphp,Struts2,weblogic。出现的最新漏洞进行实时跟踪并且更新例如:log4jRCE,向日葵RCE 等等.
This repo includes ChatGPT prompt curation to use ChatGPT better.
Base64 encode/decode
C++ self-Injecting dropper based on various EDR evasion techniques.
Cloud Exploitation Framework 云环境利用框架,方便安全人员在获得 AK 的后续工作
Cobalt Strike is a powerful threat emulation tool that provides a post-exploitation agent and covert channels ideal for Adversary Simulations and Red Team exercises. With Cobalt Strike, companies can emulate the tactics and techniques of a quiet long-term embedded threat actor in an IT network. Malleable C2 lets you change your network indicators to look like different malware each time. These tools complement Cobalt Strike's solid social engineering process, its robust collaboration capability, and unique reports designed to aid blue team training.
Cobaltstrike4.1 Source
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security (code scanning), LGTM.com, and LGTM Enterprise
CodeQLpy是一款基于CodeQL实现的半自动化代码审计工具,目前仅支持java语言。实现从源码反编译,数据库生成,脆弱性发现的全过程,可以辅助代码审计人员快速定位源码可能存在的漏洞。
Deployment template for docker target machine in ctf for CTFd and other platforms that support dynamic flags
S2-062 (CVE-2021-31805) / S2-061 / S2-059 RCE
CVE-2021-43297 POC,Apache Dubbo<= 2.7.13时可以实现RCE
Windows HTTP协议栈远程代码执行漏洞 CVE-2022-21907
PoC for CVE-2022-40684 - Authentication bypass lead to Full device takeover (Read-only)
fortinet auth bypass analyze and exploit
CVE-2023-21707 EXP
This repository presents a proof-of-concept of CVE-2023-7028
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
This script is designed to demonstrate the exploitation of vulnerabilities in PAN-OS firewalls. It sends a specially crafted payload to the firewall's API endpoint to execute arbitrary commands.
a signal handler race condition in OpenSSH's server (sshd)
basic concept for the latest windows wifi driver CVE
some prompt about cyber security
一键生成免杀木马的 shellcode 免杀框架
:knife: Scan memory for secrets and more. Maybe eventually a full /proc toolkit.