A Beacon Object File (BOF) that talks directly to Windows authentication packages through the LSA untrusted/trusted client interface, without touching LSASS process memory.

A monitoring hub that watches popular open-source repositories and uses AI to detect when commits are patching security vulnerabilities - often before a CVE is even assigned. Findings are published…

Free and Open Source Java project which brings together almost all the modern web tools: JsHint, CssLint, JsMin, Google Closure compressor, YUI Compressor, UglifyJs, Dojo Shrinksafe, Css Variables …

Download any APK by package name. 6 sources, automatic fallback, Cloudflare bypass. CLI + Python API.

I turned The Metasploit Project's Polymorphic XOR Encoder, "Shikata Ga Nai" ("there is no other way") into my own encoder that works on emulated x86/64 for ARM called "Fukahi Tekiō" (不可避適応 or "inev…

Emulating Apple Silicon devices.

GitLab 依赖项扫描的咨询数据库，每天17:00自动更新

Easy to deploy SCOM setup that makes use of Terraform and Ansible.

CVE-2025-55182-POC

CVE-2025-31200 is a zero-day, zero-click RCE in iOS CoreAudio’s AudioConverterService, triggered by a malicious audio file via iMessage/SMS. Exploitation bypassed Blastdoor, enabled kernel escalati…

Obfuscated PowerShell reverse shells for security research and testing purposes.

New generation of wmiexec.py

Repository to keep track of python memory corruption bugs that can be used to potentially bypass audit hooks

A tiny project for generating SnakeYAML deserialization payloads

A collection of my Frida instrumentation scripts for reverse engineering of mobile apps and more.

A collection of Azure AD/Entra tools for offensive and defensive security purposes

Multilayered AV/EDR Evasion Framework

This is a PoC code to exploit the IngressNightmare vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974).

Smart contract audit skills roadmap for beginners, auditors, engineers, etc.

bespoke tooling for offensive security's Windows Usermode Exploit Dev course (OSED)

OSWE, OSEP, OSED, OSEE

Simple (relatively) things allowing you to dig a bit deeper than usual.

Defense Evasion Techniques Repository. This repository contains a collection of techniques designed to bypass Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) systems.

Adversary Emulation Framework

YARA detection rule for CVE-2024-4367 arbitrary javascript execution in PDF.js

CVE-2024-4367 & CVE-2024-34342 Proof of Concept