HeavenQAQ's repositories
0day
各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC 该项目将不断更新
bypass-av-note
免杀技术大杂烩---乱拳也打不死老师傅
CVE-2021-4034
polkit pkexec Local Privilege Vulnerability to Add custom commands
CVE-2022-21907
HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2022-21907
CVE-2022-2333
SXF VPN RCE
ENScan
基于爱企查的一款企业信息查询工具,为了更快速的获取企业的信息,省去收集的麻烦过程,web端于plat平台上线
GoBypass
Golang免杀生成工具
HeavenQAQ.github.io
this is a test for hexo.
hutool
🍬A set of tools that keep Java sweet.
JavaSec
a rep for documenting my study, may be from 0 to 0.1
JNDIExploit-0x727
一款用于JNDI注入利用的工具,大量参考/引用了Rogue JNDI项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。
JSPHorse
JSPHorse Project Backup
KillDefender
A small POC to make defender useless by removing its token privileges and lowering the token integrity
logmap
Log4j2 jndi injection fuzz tool
ShortPayload
通过字节码相关的技术,将Java反序列化Payload进行极致缩小,最高可以达到64.8%的缩小比例
SpoolFool
Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)
Spring-Core-RCE
Spring Core RCE
spring-rce-vulnerable-app
Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228) and the possible Spring RCE vulnerability.
vulnerability-paper
收集的文章