scanfsec

create-react-app-project

nextjs-project

vue-project

test

pystinger

bypass firewall by webshell 一款使用webshell进行流量转发的出网工具

PrintSpoofer

Abusing Impersonation Privileges on Windows 10 and Server 2019

SyncDog

Make bloodhound sync with cobaltstrike.

cobalt_strike_extension_kit

Tired of typing execute-assembly everytime you use Cobalt Strike? Clone this.

CrossC2

generate CobaltStrike's cross-platform payload

SysWhispers

AV/EDR evasion via direct system calls.

AggressorCNA

Cobalt Strike Aggressor Scripts

CVE-2018-15982

Aggressor Script to launch IE driveby for CVE-2018-15982.

scanfsec.github.io

Blog

Fake-flash.cn

www.flash.cn 的钓鱼页，中文+英文

xray

xray 安全评估工具

BlogPic

BlogPic

n1ctf-2019

C3

Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.

ctftool

Interactive CTF Exploration Tool

ticket_converter

A little tool to convert ccache tickets into kirbi (KRB-CRED) and vice versa based on impacket.

AVIator

Antivirus evasion project

exploits

Some of my exploits.

WinPwn

Automation for internal Windows Penetrationtest / AD-Security - Still much work to do

SdoKeyCrypt-sys-local-privilege-elevation

CVE-2019-9729

self-morphing-csharp-binary

C# binary that mutates its own code, encrypts and obfuscates itself on runtime

jenkins_unauthenticated_remote_code_execution

Jenkins RCE PoC. From unauthenticated user to remote code execution - it's a hacker's dream! (Chaining CVE-2019-1003000, CVE-2018-1999002, and more)

ExecScript

在目标主机上执行php、asp、aspx 插件

Intranet_Penetration_Tips

2018年初整理的一些内网渗透TIPS，后面更新的慢，所以公开出来希望跟小伙伴们一起更新维护~

Exchange2domain

CVE-2018-8581

PrivExchange

Exchange your privileges for Domain Admin privs by abusing Exchange