This is your work, valued

Madrid, Spain

Alvaro Muñoz

Elite
@pwntester

ysoserial.net. Deserialization payload generator for a variety of .NET formatters

3.8k

octo.nvim. Edit and review GitHub issues and pull requests from the comfort of your favorite editor

3.3k

SerialKillerBypassGadgetCollection. Collection of bypass gadgets to extend and wrap ysoserial payloads

389

cheatsheets. random brain dumps

350

0day. 各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC 该项目将不断更新

265

JRE8u20_RCE_Gadget. JRE8u20_RCE_Gadget

255

DupeKeyInjector. DupeKeyInjector

134

S2-046-PoC. S2-046-PoC

112

codeql.nvim. CodeQL plugin for Neovim

111

BlockingServer. Web Server that serves a single file and keeps the connection open until user releases it.

75

codeql_grehack_workshop. GreHack 2021 CodeQL for Java workshop

73

XMLDecoder. RCE Exploit PoC for XMLDecoder

63

dotnet-deserialization-scanner. .NET Deserialization Passive Scanner

47

SpringBreaker. Exploit PoC for Spring RCE issue (CVE-2011-2894)

44

ysoserial. A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

42

dotfiles. Lua

36

ViewStatePayloadGenerator. ViewState Payload Generator

26

nvim-lsp. Nvim LSP client configurations

24

nautilus.nvim. A nice and cobaltish neovim theme

20

XStreamServer. RCE Exploit PoC for Spring based RESTFul APIs using XStream as Unmarshaler

20

JVMDeserialization. PoC for Scala and Groovy

14

XStreamPOC. POC for XStream RCE

13

RSA_RESTing. Demos for RSA talk: RESTing on your laurels will get you owned

12

pwntester-blog. Pwntester Blog

7

OWASP-GoatDroid-Dolphis. OWASP GoatDroid Exploit Apps

6

OGNLInjection. OGNL Expression Injection Tescase

5

cobalt2.vim. Color scheme for vim

4

EpicTreasure. Python

3

jdeserialize. Automatically exported from code.google.com/p/jdeserialize

3

bug-bounty-reference. Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

3

codeql. CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security (code scanning), LGTM.com, and LGTM Enterprise

3

how2heap. A repository for learning various heap exploitation techniques.

3

StaticInitializerPayload. Java

3

crane.nvim. Lua

3

pwntester.github.io. pwntester Blog

2

gh-cdr. gh-cdr

2

cobange. Neovim color scheme

2

test-project. Dockerfile

2

angr-dev. Some helper scripts to set up an environment for angr development.

2

pwntools. C

2

XQueryInjection. XQuery Injection Testcases

2

csaw2016_rock. Python

2

RestletXMLDecoder. Restlet API consuming XML serialized Java Objects. Vulnerable to XXE and RCE (if third party libraries like GroovyShell are found in the classpath)

2

cm-editor-syntax-highlight-obsidian. A plugin for [Obsidian](https://obsidian.md) which allows syntax highlighting for code blocks in the editor.

1

nDPI. Open Source Deep Packet Inspection Software Toolkit

1

gh-mrva.

1

RawTherapee. A powerful cross-platform raw photo processing program

1

ESPHomeGeniusStandingDesk. C++

1

azure-cli. Azure Command-Line Interface

1

ossec-hids. OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

1

airbyte. Airbyte is an open-source EL(T) platform that helps you replicate your data in your warehouses, lakes and databases.

1

obsidian-things-logbook. Sync your Things 3 Logbook with Obsidian

1

simple-binary-encoding. Simple Binary Encoding (SBE) - High Performance Message Codec

1