A collection of links related to Korean products hacking

A minimal TLS 1.2 client implementation in a pure Bash script

recon data for public bug bounty programs. due to extreme abuse via automated tools & requests from multiple threat intelligence teams, this project has been archived & moved.

一个支持节点与订阅链接的 Linux 命令行代理工具 | A command-line tool for one-click proxy in your research and development without installing v2ray or anything else (only for linux)

A library for detecting known secrets across many web frameworks

ctf writeup and log

Tiny SHell Go - An open-source backdoor written in Go

A small utility to modify the dynamic linker and RPATH of ELF executables

Proof of concept code for Datadog Security Labs referenced exploits.

KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Porting Windows Dynamic Link Libraries to Linux

a "Proof of Concept or GTFO" mirror with an extensive index with also whole issues or individual articles as clean PDFs.

A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon

開源的正體中文 Web Hacking 學習資源 - 程式安全 2021 Fall

Grafana Unauthorized arbitrary file reading vulnerability

This is a repo which documents real bugs in real software to illustrate trends, learn how to prevent or find them more quickly.

Idapython script to carve binary for internal RPC structures

Tools for fuzzing RDP

oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

一款快速修改HTTP数据包头的Burp Suite插件

Indicators from Amnesty International's investigations

A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 20…

A Pin Tool for tracing API calls etc

利用链、漏洞检测工具

OffensivePH - use old Process Hacker driver to bypass several user-mode access controls

PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. This is possible via other protocols as well.

Another Windows Local Privilege Escalation from Service Account to System

Windows Privilege Escalation from User to Domain Admin.