clandestination's repositories
InfoSecUberWik
A massive curated list of curated lists of various info sec/pen testing tools, resources, and tricks covering multiple verticals.
Spring4Shell-cURL
cURL configs for exploiting Spring4Shell
Dynamic-DTD
A python Flask app that generates dynamic DTDs for easy out-of-band data exfiltration.
heap-exploitation
This book on heap exploitation is a guide to understanding the internals of glibc's heap and various attacks possible on the heap structure.
jwtjuggler
JWTJuggler (JOT JUGGLER): JWT & Authentication Testing Harness
AH2021Workshop
Malware development for red teaming workshop
amber
Reflective PE packer.
CredSniper
CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens.
exploit-writing-for-oswe
Tips on how to write exploit scripts (faster!)
herpaderping
Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
lnk2pwn
Malicious Shortcut(.lnk) Generator
offat
Tests your API automatically for common API vulnerabilities. Project is still Work In Progress. PRs are appreciated.
Smapper
a drop-in replacement for Nmap powered by shodan.io
Spray365
Spray365 makes spraying Microsoft accounts (Office 365 / Azure AD) easy through its customizable two-step password spraying approach. The built-in execution plan features options that attempt to bypass Azure Smart Lockout and insecure conditional access policies.