CVE-2024-7593 Ivanti Virtual Traffic Manager 22.2R1 / 22.7R2 Admin Panel Authentication Bypass PoC [EXPLOIT]

Privilege Escalation Enumeration Script for Windows

PoC - Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (Scanner and Exploit)

This repo is for WMIOps, a powershell script which uses WMI for various purposes across a network.

Defeating Windows User Account Control

My notes while studying for the PNPT from TCM Security.

A tool to abuse Exchange services

netshell features all in version 2 powershell

An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer

Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)

Credentials recovery project

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

Please no pull requests for this repository. Thanks!

A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.

IOXIDResolver.py from AirBus Security

Red Teaming Tactics and Techniques

Cloud security and auditing notes

Take a list of domains and probe for working HTTP and HTTPS servers

EDRSandblast-GodFault

Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environmen…

UAC Bypass By Abusing Kerberos Tickets

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.

Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark

A tool to scan Kubernetes cluster for risky permissions

📦 Find and install kubectl plugins

POC FortiOS SSL-VPN buffer overflow vulnerability

📱 objection - runtime mobile exploration

Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and fore…