Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.gg/vv4MH284Hc

A Precise and General Dynamic Deobfuscation Method for PowerShell Scripts

xAST评价体系，让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".

利用阿里云oss对象存储，来转发http流量实现（cs）Cobalt Strike、msf 上线等 这之间利用阿里云的相关域名进行通信。

Corax for Java: A general static analysis framework for java code checking.

Phosphor: Dynamic Taint Tracking for the JVM

AutoGeaconC2: 一键读取Profile自动化生成geacon实现跨平台上线CobaltStrike

Obfuscate Go binaries and packages

CodeQLpy是一款基于CodeQL实现的半自动化代码审计工具，目前仅支持java语言。实现从源码反编译，数据库生成，脆弱性发现的全过程，可以辅助代码审计人员快速定位源码可能存在的漏洞。

CodeQL extractor for java, which don't need to compile java source

Runtime code generation for the Java virtual machine.

WebGoat is a deliberately insecure application

obfuscated any constant encryption in compile time on any platform

Unfixed Windows PowerShell Filename Code Execution POC

收集云沙箱上线C2的ip，如微X、奇XX、3X0、virustX等

VTI的PoC检测工具

An implementation of an indirect system call

A tool to kill antimalware protected processes

Command line tool to edit resources of exe

面向开发人员梳理的代码安全指南

An implementation and proof-of-concept of Process Forking.

PrintNightmare , Local Privilege Escalation of CVE-2021-1675 or CVE-2021-34527

提取DC日志，快速获取域用户对应IP地址

添加计划任务方法集合

A faster, simpler way to drive browsers supporting the Chrome DevTools Protocol.

破解CS4.0

UAC Bypass By Abusing Kerberos Tickets

Dumping LSASS with a duplicated handle from custom LSA plugin

一个漏洞POC知识库 目前数量 1000+