Silky's repositories
SharpKiller
Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8
shellphishSS
Phishing Tool for Instagram, Facebook, Twitter, Snapchat, Github, Yahoo, Protonmail, Google, Spotify, Netflix, Linkedin, Wordpress, Origin, Steam, Microsoft, InstaFollowers Phisher
CVE-2020-15906
Writeup of CVE-2020-15906
CVE-2023-30367-mRemoteNG-password-dumper
Original PoC for CVE-2023-30367
Invoke-Brute7z
PowerShell Script to BruteForce 7 Zip password protected files
Compile-C-to-Wasm-
Compile C to Wasm and display an Image in the Browser
Spawn-TrustedInstallerprocess
needs local admin
TangledWinExec
PoCs and tools for investigation of Windows process execution techniques
airgeddon_fritzbox_et_captive_portal_plugin
A captive portal plugin to phish Fritz!Box network credentials
CVE-2020-29254
TikiWiki 21.2 allows to edit templates without the use of a CSRF protection.
CVE-2021-24884
If an authenticated user who is able to edit Wordpress PHP code in any kind, clicks a malicious link, PHP code can be edited through XSS in Formidable Forms 4.09.04.
CVE-2021-40101
Survey XSS combined with CSRF leads to Admin Account Takeover in Concrete5 8.5.4
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
TokenDuplication
Using Tokenduplication to steal tokens and start new processes
CVE-2020-29669
Macally WIFISD2
AllAboutBugBounty
All about bug websites (bypasses, payloads, and etc)
colabcat
:smiley_cat: Running Hashcat on Google Colab with session backup and restore.
cvebase.com
cvebase is a community-driven vulnerability data platform to discover the world's top security researchers and their latest disclosed vulnerabilities & PoCs
DavRelayUp
DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the default settings).
Invoke-Stealth
Simple & Powerful PowerShell Script Obfuscator
Joomla
A chain of vulnerabilities to compromise Joomla <3.9.27
metasploit-framework
Metasploit Framework
PIL-RCE-Ghostscript-CVE-2018-16509
PoC + Docker Environment for Python PIL/Pillow Remote Shell Command Execution via Ghostscript CVE-2018-16509
privilege-escalation-awesome-scripts-suite
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
pwndoc
Pentest Report Generator
sandbox-attacksurface-analysis-tools
Set of tools to analyze Windows sandboxes for exposed attack surface.
scripts
A bunch of (mostly Bash) scripts that may be useful. Or not.