A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP-based reverse shell and indirect NTAPI for various operations.

the LLM vulnerability scanner

Just another Powerview alternative

A comprehensive collection of resources, tools, tips, and guides for preparing and succeeding in the OSCP (Offensive Security Certified Professional) certification.

Authentication Bypass Vulnerability — CVE-2024–4358 — Telerik Report Server 2024

Top Hacking Books for 2024 (plus Resources): FREE and Paid

This project steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer

CVE-2024-52940 - A critical zero-day vulnerability in AnyDesk's "Allow Direct Connections" feature, discovered and registered by Ebrahim Shafiei (EbraSha), exposing public and private IP addresses.…

This repository contains the analysis reports, technical details or any tools created for helping in malware analysis. Additionally, the repo contains extracted TTPs with code along with the detect…

Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 – 9.1.1.1 – Authentication Bypass

Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advanced techniques to dump memory, allowing to access sensitive da…

A resource containing all the tools each ransomware gangs uses

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

Nuke It From Orbit - remove AV/EDR with physical access

SigNoz is an open-source observability platform native to OpenTelemetry with logs, traces and metrics in a single application. An open-source alternative to DataDog, NewRelic, etc. 🔥 🖥. 👉 Open sour…

All-in-One WP Migration and Backup <= 7.86 - Authenticated (Administrator+) Arbitrary PHP Code Injection

A large collection of system log datasets for AI-driven log analytics [ISSRE'23]

Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.

Open Breach and Attack Simulation Platform

LSASS memory dumper using only NTAPIs, creating a minimal minidump, built in Rust with no_std and independent of the C runtime (CRT). It can be compiled as shellcode (PIC), supports XOR encryption,…

A recursive internet scanner for hackers.

Dump cookies and credentials directly from Chrome/Edge process memory

Complete Roadmap for Penetration Testing

This repository is a compilation of all APT simulations that target many vital sectors,both private and governmental. The simulation includes written tools, C2 servers, backdoors, exploitation tech…

Automation tool to testing and confirm the xss vulnerability.

This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.

Deploy stealthy reverse shells using advanced process hollowing with GhostStrike – a C++ tool for ethical hacking and Red Team operations.