Nicolas Krassas's repositories
CVE-2024-20931
CVE-2024-20931, this is the bypass of the patch of CVE-2023-21839
citrix_cve-2023-4966
Citrix CVE-2023-4966 from assetnote modified for parallel and file handling
ysoserial.net-docker
ysoserial.net docker image
awesome-industrial-protocols
Security-oriented list of resources about industrial network protocols.
BypassAV
This map lists the essential techniques to bypass anti-virus and EDR
Caro-Kann
Encrypted shellcode Injection to avoid Kernel triggered memory scans
CVE-2022-33679
One day based on https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html
CVE-2022-36537
POC of CVE-2022-36537
CVE-2022-41040-metasploit-ProxyNotShell
the metasploit script(POC) about CVE-2022-41040. Microsoft Exchange are vulnerable to a server-side request forgery (SSRF) attack. An authenticated attacker can use the vulnerability to elevate privileges.
DonPAPI
Dumping DPAPI credz remotely
ExecIT
Execute shellcode files with rundll32
JNDI-Injection-Exploit-Plus
60+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.
JNDIExploit
对原版https://github.com/feihong-cs/JNDIExploit 进行了实用化修改
nanodump
The swiss army knife of LSASS dumping
RichFaces
A collection of exploits created or modified by me
Weblogic-1
WebLogic vulnerability exploration from beginner to expert.
WeblogicEnvironment
WeblogicEnvironment docker setup for research