Giter VIP home page Giter VIP logo

πŸ‘¨β€πŸ’» Β About Me

I am a passionate Offensive Security Engineer from afine, committed to finding πŸ‘Ύ bugs and developing πŸ€– software that enhances our work in security. My main areas of interest are 🍎 macOS internals and πŸ•ΈοΈ web application security. I also have experience in πŸ’  Active Directory and creating 🦠 malware to bypass πŸ›‘οΈ EDRs.

πŸ”­ Projects I am proud of

I created some tools helpful for Offensive Security work, but there are two that I am the most proud of, they are:

  • Crimson - this was my first big thing. Currently, I am not focusing on this tool. However, it is still powerful. My friends and I are using it to this day. This is also a great place to start your journey with Application Security.
  • Snake&Apple - The code repository for the Snake&Apple article series documents my macOS security research.

πŸ› CVE I am proud of

As my daily work and some part of my free time research, I am looking for bugs πŸ›. I have caught many of them so far, and some have even received a public CVE. I am particularly proud of these two:

πŸ“– Blog

In my free time, I also run a blog about - guess what πŸ˜†

Medium

πŸŽ–οΈ Certs & CTFs & Courses

I have participated in multiple CTFs, completed various courses, and obtained certifications through various platforms. Below are links that demonstrate some of these small accomplishments:

  • Certs - OSCEΒ³, eWPTxv2, OSCP, OST2-Arch1001
  • Pentesterlab - various web hacking courses & CTFs.
  • RPISEC/MBE - Modern Binary Exploitation - CSCI 4968
  • HTB - CTFs & Pro Labs
  • CS50 - Harvard University - Introduction to Computer Science

πŸ“« Social Media

You can reach me here:

X LinkedIn Mastodon

πŸ’° Funding

If you enjoy my work and want to help me grow, you can sponsor me using any of the below options:

Github-sponsors Patreon BuyMeACoffee

❗By subscribing to my Patreon, you will receive access to all of my published articles.

Karol Mazurek's Projects

rdp-thief icon rdp-thief

RDP THIEF - inject dll to remote desktop process (mstsc.exe) and steal user credentials.

rdpthief icon rdpthief

Extracting Clear Text Passwords from mstsc.exe using API Hooking.

responder icon responder

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

robber icon robber

Robber is open source tool for finding executables prone to DLL hijacking

rustscan icon rustscan

πŸ€– The Modern Port Scanner πŸ€–

sam-the-admin icon sam-the-admin

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

sandman icon sandman

Sandman is a NTP based backdoor for red team engagements in hardened networks.

sanitizers icon sanitizers

AddressSanitizer, ThreadSanitizer, MemorySanitizer

scshell icon scshell

Fileless lateral movement tool that relies on ChangeServiceConfigA to run command

sharprdp icon sharprdp

Remote Desktop Protocol .NET Console Application for Authenticated Command Execution

sharprdpthief icon sharprdpthief

A C# implementation of RDPThief to steal credentials from RDP.

sharpup icon sharpup

SharpUp is a C# port of various PowerUp functionality.

shcheck icon shcheck

A basic tool to check security headers of a website

slowloris icon slowloris

Low bandwidth DoS tool. Slowloris rewrite in Python.

smersh icon smersh

Smersh is a pentest oriented collaborative tool used to track the progress of your company's missions.

smuggler icon smuggler

Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3

spiderfoot icon spiderfoot

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

spraykatz icon spraykatz

Credentials gathering tool automating remote procdump and parse of lsass process.

subdomainizer icon subdomainizer

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

subjack icon subjack

Subdomain Takeover tool written in Go

sudomy icon sudomy

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

sunzip icon sunzip

Provide secure unzip against zip bomb :bomb:.

svn-extractor icon svn-extractor

simple script to extract all web resources by means of .SVN folder exposed over network.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.