JINX's starred repositories
Execute-CMD-From-HKCU
Executes whatever commands are stored in HKCU\Software\Microsoft\exe as a silent CMD window
360SafeBrowsergetpass
这是一个一键辅助抓取360安全浏览器密码的CobaltStrike脚本以及解密小工具,用于节省红队工作量,通过下载浏览器数据库、记录密钥来离线解密浏览器密码。
Antivirus_R3_bypass_demo
分别用R3的0day与R0的0day来干掉杀毒软件
hide_execute_memory
隐藏可执行内存
LandrayExploit
蓝凌OA漏洞利用工具/前台无条件RCE/文件写入
JNDI-Inject-Exploit
解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用,探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入
Binary-Learning
二进制安全相关的学习笔记,感谢滴水逆向的所有老师辛苦教学。
Fastjson-pentest
Fastjson反序列化环境,存在漏洞演示版本
MySQL_Fake_Server
MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize
JustC2file
Burp插件,Malleable C2 Profiles生成器;可以通过Burp代理选中请求,生成Cobalt Strike的profile文件(CSprofile)
ShellCodeFramework
绕3环的shellcode免杀框架
ImpulsiveDLLHijack
C# based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during Red Team Operations to evade EDR's.
wmiexec-RegOut
Modify version of impacket wmiexec.py, get output(data,response) from registry, don't need SMB connection, also bypassing antivirus-software in lateral movement like WMIHACKER.
log4jscanner
A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.
LinuxCheck
Linux应急处置/信息搜集/漏洞检测工具,支持基础配置/网络流量/任务计划/环境变量/用户信息/Services/bash/恶意文件/内核Rootkit/SSH/Webshell/挖矿文件/挖矿进程/供应链/服务器风险等13类70+项检查
javaweb-codereview
javaweb-codereview