Silky's repositories
SharpKiller
Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8
CVE-2023-30367-mRemoteNG-password-dumper
Original PoC for CVE-2023-30367
Invoke-Brute7z
PowerShell Script to BruteForce 7 Zip password protected files
SharpWinAPI
Custom C# Implementations for WinAPI Functions
csharp-rev-shell
Hacky billo implementation of a encrypted windows reverse shell in C#. Nothing special but evaded CheckPoint and Windows Defender out of the Box
PowerShell-Amsi-Hardware-Breakpoints-PoC
Amsi Hardware Break Points .Net 3.5
Spawn-TrustedInstallerprocess
needs local admin
TangledWinExec
PoCs and tools for investigation of Windows process execution techniques
airgeddon_fritzbox_et_captive_portal_plugin
A captive portal plugin to phish Fritz!Box network credentials
CVE-2020-29254
TikiWiki 21.2 allows to edit templates without the use of a CSRF protection.
CVE-2021-24884
If an authenticated user who is able to edit Wordpress PHP code in any kind, clicks a malicious link, PHP code can be edited through XSS in Formidable Forms 4.09.04.
CVE-2021-40101
Survey XSS combined with CSRF leads to Admin Account Takeover in Concrete5 8.5.4
EnableAllTokenPrivs
enable / disable TokenPrivilege(s)
TokenDuplication
Using Tokenduplication to steal tokens and start new processes
AllAboutBugBounty
All about bug websites (bypasses, payloads, and etc)
Amnesiac
Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with lateral movement within Active Directory environments
Certipy-Docker
Certipy in Docker
colabcat
:smiley_cat: Running Hashcat on Google Colab with session backup and restore.
DavRelayUp
DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the default settings).
GetProcAddress
GetProcAddress implementation in C# walking the PEB using only ReadProcessMemory
Invoke-Stealth
Simple & Powerful PowerShell Script Obfuscator
Joomla
A chain of vulnerabilities to compromise Joomla <3.9.27
p-invoke.net
P/Invoke definitions from the now offline pinvoke.net - Website: https://www.p-invoke.net/
pwndoc
Pentest Report Generator
sandbox-attacksurface-analysis-tools
Set of tools to analyze Windows sandboxes for exposed attack surface.
scripts
A bunch of (mostly Bash) scripts that may be useful. Or not.
The_Shelf
Retired TrustedSec Capabilities