orzchen's starred repositories
container-escape-check
docker container escape check || Docker 容器逃逸检测
windows-api-function-cheatsheets
A reference of Windows API function calls, including functions for file operations, process management, memory management, thread management, dynamic-link library (DLL) management, synchronization, interprocess communication, Unicode string manipulation, error handling, Winsock networking operations, and registry operations.
Docker-TCP-Scan
旨在以攻促防,针对Docker TCP socket的开源利用工具
woodpecker-framework-release
高危漏洞精准检测与深度利用框架
ysoserial-for-woodpecker
给woodpecker框架量身定制的ysoserial
readme-typing-svg
⚡ Dynamically generated, customizable SVG that gives the appearance of typing and deleting text for use on your profile page, repositories, or website.
dotnet-deserialization
dotnet 反序列化学习笔记
learnjavabug
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
JSP-WebShells
Collect JSP webshell of various implementation methods. 收集JSP Webshell的各种姿势
corretto-8
Amazon Corretto 8 is a no-cost, multi-platform, production-ready distribution of OpenJDK 8
undetected-chromedriver
Custom Selenium Chromedriver | Zero-Config | Passes ALL bot mitigation systems (like Distil / Imperva/ Datadadome / CloudFlare IUAM)
CTF-Java-Gadget
CTF-Java-Gadget专注于收集CTF中Java赛题的反序列化片段
Sec-Interview-4-2023
一个2023届毕业生在毕业前持续更新、收集的安全岗面试题及面试经验分享~
FindEverything
内网渗透过程中搜寻指定文件内容,从而找到突破口的一个小工具
SocialEngineeringPayloads
This is a collection of social engineering tricks and payloads being used for credential theft and spear phishing attacks.
MDUT-Extend-Release
MDUT-Extend(扩展版本)
dirsearch_bypass403
目录扫描+JS文件中提取URL和子域+403状态绕过+指纹识别
Supershell
Supershell C2 远控平台,基于反向SSH隧道获取完全交互式Shell
KillWxapkg
自动化反编译微信小程序,小程序安全评估工具,发现小程序安全问题,自动解密,解包,可还原工程目录,支持Hook,小程序修改
CVE-2024-38077
RDL的堆溢出导致的RCE
ast-hook-for-js-RE
浏览器内存漫游解决方案(探索中...)
GoDhijacking
Red team tool designed for quickly identifying hijackable programs, evading antivirus software, and EDR (Endpoint Detection and Response) systems. 红队工具旨在快速识别可劫持程序、逃避防病毒软件和 EDR(端点检测和响应)系统。