Ashupup's repositories
Alaris
A protective and Low Level Shellcode Loader that defeats modern EDR systems.
awesome-pentest-note
Penetration Test ☞ Experience/thought/summary
BOFs
Collection of Beacon Object Files
BypassAnti-Virus
免杀姿势学习、记录、复现。
GetWindowsCredentials
通过WindowsAPI获取用户凭证,并保存到文件中
Hackaspx
《ASPX安全-只有ASPX安全才能拯救.NET》Only ASPX Security Can Save The NET.
iatHijackGenerate
白加黑的快速生成器(针对IAT类型)
inject-assembly
Inject .NET assemblies into an existing process
jasypt
jasypt Decrypt Encrypt
JavaFileDict
Java应用的一些配置文件字典,来源于公开的字典与平时收集
JavaSec
Java安全 学习记录
JNDI-Inject-Exploit
解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用,探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入
JNDIExploit
对原版https://github.com/feihong-cs/JNDIExploit 进行了实用化修改
learnjavabug
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
Log4j2-CVE-2021-44228
Remote Code Injection In Log4j
ManualRsrcDataFetching
Get your data from the resource section manually, with no need for windows apis
Mutants_Sessions_Self-Deletion
Writeup of Payload Techniques in C involving Mutants, Session 1 -> Session 0 migration, and Self-Deletion of payloads.
PengCode
EXE转ShellCode工具
Process-Injection
汇总了目前可以找到的所有的进程注入的方式,完成了x86/x64下的测试,不断更新中
ReZeroBypassAV
从零开始学免杀
RPCSCAN
RPC远程主机信息匿名扫描工具
SecBooks
安全类各家文库大乱斗
SharkExec
内网渗透|红队工具|C#内存加载|cobaltstrike
SharpCollection
Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.
Shellcode-Loader
Open repository for learning dynamic shellcode loading (sample in many programming languages)
supplier
主流供应商的一些攻击性漏洞汇总
TFirewall
防火墙出网探测工具,内网穿透型socks5代理
Web-Fuzzing-Box
Web Fuzzing Box - Web 模糊测试字典与一些Payloads,主要包含:弱口令暴力破解、目录以及文件枚举、Web漏洞...字典运用于实战案例:https://gh0st.cn/archives/2019-11-11/1