OSEP, CRTL, OSCP | Penetration Tester
PolyEngine. PolyEngine is an evasive PE packer designed for CTF challenges and low-level Windows security education. It focuses on bypassing EDR and AV heuristics through a layered stack of in-memory execution and obfuscation techniques.
145MalDev. Collection of Windows loaders
18Plutus-dogecoin. An automated bitcoin wallet collider that brute forces random wallet addresses
13CVE-2021-43936. CVE-2021-43936 is a critical vulnerability (CVSS3 10.0) leading to Remote Code Execution (RCE) in WebHMI Firmware.
9CVE-2021-43857. Gerapy prior to version 0.9.8 is vulnerable to remote code execution. This issue is patched in version 0.9.8.
7CVE-2017-12617. CVE-2017-12617 is a critical vulnerability leading to Remote Code Execution (RCE) in Apache Tomcat.
4Invoke-Knockout. A DLL library built to bypass AMSI and ETW. Also can be used directly with PS script.
3RazorC2. RazorC2 is a Command & Control server made in ASP NET Core 8 with Razor Pages
2SharpRecycledGate. RecycledGate implementation in C#
2Plutus-Ethereum. Python
1GetSystemPriv. Application for token duplication running chosen local executable file, downloading one from given URL or by running command.
1CVE-2021-43798. CVE-2021-43798 is a vulnerability marked as High priority (CVSS 7.5) leading to arbitrary file read via installed plugins in Grafana application.
1CVE-2022-27434. UNIT4 TETA Mobile Edition 29HF13 was discovered to contain a SQL injection vulnerability via the ProfileName parameter in the errorReporting page.
1RTOVMSetup. Shell
1keys. :key: Cryptocurrency private keys
1CRS-RCE-Exploit. Car Rental System 1.0 suffers from SQL Injection on administrator login page and unsecure upload mechanism allowing to upload malicious files. This allows unauthenticated user to obtain reverse shell to server.
1SharpFreshGate. C# implementation of FreshyCalls
1COAE-Forge. Local AI Playground to learn offensive and defensive machine learning. Designed to expand basics and explain topics on ML from COAE course from HackTheBox.
1