an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address …

Safari 1day RCE Exploit

POC of GITHUB simple C2 in rust

ArgFuscator.net is an open-source, stand-alone web application that helps generate obfuscated command lines for common system-native executables.

A PoC for Early Cascade process injection technique.

A lengthy, detailed list of exploits, bugs, oversights, and cool/unknown things in the iOS Shortcuts app

kfd, short for kernel file descriptor, is a project to read and write kernel memory on Apple devices.

ChromeStealer is a tool for educational purposes to demonstrate how to extract and decrypt stored passwords from Google Chrome on a Windows system using C/C++.

A Slack bot phishing framework for Red Teaming exercises

CVE-2024-43451 is a Windows NTLM vulnerability that allows an attacker to force authentication and capture NTLM hashes by using malicious shortcuts.

USB Army Knife – the ultimate close access tool for penetration testers and red teamers.

Test AMSI Provider implementation in C#

This repository contains POC scenarios as part of CVE-2025-0411 MotW bypass.

Proof of concept & details for CVE-2025-21298

InVesalius discovered CVE. CVE-2024-42845, CVE-2024-44825

Windows rootkit designed to work with BYOVD exploits

Slides for COM Hijacking AV/EDR Talk on 38c3

POC exploit for CVE-2024-49138

A Beacon Object File (BOF) template for Visual Studio

Folder Or File Delete to Get System Shell on Current Session Desktop

lpe poc for cve-2022-21882

poc for CVE-2023-23388 (LPE in Windows 10/11 bthserv service)

MS Office and Windows HTML RCE (CVE-2023-36884) - PoC and exploit

COM ViewLogger — new malware keylogging technique

Escape macOS Sandbox using sharedfilelistd exploit

(0day) Local Privilege Escalation in IObit Malware Fighter

open source process monitor

Digispark ATTiny85 BadUSB or USB Rubber Ducky scripts for Digispark.