Awrrays's starred repositories
360SafeBrowsergetpass
这是一个一键辅助抓取360安全浏览器密码的CobaltStrike脚本以及解密小工具,用于节省红队工作量,通过下载浏览器数据库、记录密钥来离线解密浏览器密码。
Java-Rce-Echo
Java RCE 回显测试代码
JNDI-Inject-Exploit
解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用,探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入
Java-Deserialization-Cheat-Sheet
The cheat sheet about Java Deserialization vulnerabilities
phishing_kits
Exposing phishing kits seen from phishunt.io
SharpRDPLog
Windows rdp相关的登录记录导出工具,可用于后渗透中Windows服务器的信息收集阶段。输出内容包括:本地rdp端口、mstsc缓存、cmdkey缓存、登录成功、失败日志事件。
Active-Directory-Exploitation-Cheat-Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
JNDI-Exploit-Kit
JNDI-Exploitation-Kit(A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection)
cheatsheets
Collection of knowledge about information security
Red-Team-Infrastructure-Wiki
Wiki to collect Red Team infrastructure hardening resources
KernelBhop
Cheat that uses a driver instead WinAPI for Reading / Writing memory.
burp-log4shell
Log4Shell scanner for Burp Suite
FinalShellDecodePass
FinalShellDecodePass 加密解密
WAF-bypass-Cheat-Sheet
Another way to bypass WAF Cheat Sheet (draft)
Information_Security_Books
信息安全方面的书籍
RedTeam-OffensiveSecurity
Tools & Interesting Things for RedTeam Ops
shiro-550-with-NoCC
Shiro-550 不依赖CC链利用工具
My-Presentation-Slides
Collections of Orange Tsai's public presentation slides.
security-paper
(与本人兴趣强相关的)各种安全or计算机资料收集
OffensiveAutoIt
Offensive tooling notes and experiments in AutoIt v3 (https://www.autoitscript.com/site/autoit/)