Michelski's repositories
Beacon_Source
not a reverse-engineered version of the Cobalt Strike Beacon
Certify
Active Directory certificate abuse.
CppDevShellcode
使用Visral Studio开发ShellCode
CVE-2023-4357-Chrome-XXE
全球首款单文件利用 CVE-2023-4357 Chrome XXE 漏洞 EXP, 实现对访客者本地文件窃取. Chrome XXE vulnerability EXP, allowing attackers to obtain local files of visitors.
decode-js
JS混淆代码的AST分析工具 AST analysis tool for obfuscated JS code
ffuf
Fast web fuzzer written in Go
GitLabBrute
Gitlab 用户发现并爆破 / GitLab User discovered and brute force cracked
impacket
Impacket is a collection of Python classes for working with network protocols.
JDumpSpider
HeapDump敏感信息提取工具
JS-Tap
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application.
kerbrute
A tool to perform Kerberos pre-auth bruteforcing
KRBUACBypass
UAC Bypass By Abusing Kerberos Tickets
MDUT
MDUT - Multiple Database Utilization Tools
okhttp
Square’s meticulous HTTP client for the JVM, Android, and GraalVM.
ollvm-16
Obfuscator-LLVM for LLVM 16.x branch
Parent-process-bypass
Parent process bypass
Parent-process-bypass-2
父进程绕过——2
PetitPotam
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
POC
2023HW漏洞整理,收集整理漏洞EXp/POC,大部分漏洞来源网络,目前收集整理了200多个poc/exp
PPT
关于我对外做过分享的议题PPT
Responder
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
ruler
A tool to abuse Exchange services
shell-analyzer
已集成到 jar-analyzer 中 https://github.com/jar-analyzer/jar-analyzer
Sign-Sacker
Sign-Sacker(签名掠夺者):一款数字签名复制器,可将其他官方exe中数字签名,图标,详细信息复制到没有签名的exe中,作为免杀,权限维持,伪装的一种小手段。
ysoserial0.0.6
ysoserial修改版,着重修改ysoserial.payloads.util.Gadgets.createTemplatesImpl使其可以通过引入自定义class的形式来执行命令、内存马、反序列化回显。