HeavenQAQ

0day

各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC 该项目将不断更新

bypass-av-note

免杀技术大杂烩---乱拳也打不死老师傅

CVE-2021-4034

polkit pkexec Local Privilege Vulnerability to Add custom commands

CVE-2022-21907

HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2022-21907

CVE-2022-2333

SXF VPN RCE

ENScan

基于爱企查的一款企业信息查询工具，为了更快速的获取企业的信息，省去收集的麻烦过程，web端于plat平台上线

GoBypass

Golang免杀生成工具

HeavenQAQ

HeavenQAQ.github.io

this is a test for hexo.

hutool

🍬A set of tools that keep Java sweet.

JavaSec

a rep for documenting my study, may be from 0 to 0.1

JNDIExploit-0x727

一款用于JNDI注入利用的工具，大量参考/引用了Rogue JNDI项目的代码，支持直接植入内存shell，并集成了常见的bypass 高版本JDK的方式，适用于与自动化工具配合使用。

JSPHorse

JSPHorse Project Backup

KillDefender

A small POC to make defender useless by removing its token privileges and lowering the token integrity

logmap

Log4j2 jndi injection fuzz tool

ShortPayload

通过字节码相关的技术，将Java反序列化Payload进行极致缩小，最高可以达到64.8%的缩小比例

SpoolFool

Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)

Spring-Core-RCE

Spring Core RCE

spring-rce-vulnerable-app

Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228) and the possible Spring RCE vulnerability.

spring-rce-war

test

vulnerability-paper

收集的文章