yhbl's repositories
awd-mode
小型AWD模式竞赛环境 可以配合ctfd使用
awesome-cloud-security
awesome cloud security 收集一些国内外不错的云安全资源,该项目主要面向国内的安全人员
BadCode
恶意代码逃逸源代码 http://payloads.online
cf-backup
云环境利用框架(Cloud exploitation framework)主要用来方便红队人员在获得 AK 的后续工作。
cool
Golang-Gin 框架写的免杀平台,内置多种BypassAV方式。
CrossC2
来自 gloxec 的 CrossC2 frameworkfork 备份 2.0版本
cs2modrewrite
Convert Cobalt Strike profiles to modrewrite scripts
CVE-2023-34039
VMWare Aria Operations for Networks (vRealize Network Insight) Static SSH key RCE (CVE-2023-34039)
fuzzDicts
Web Pentesting Fuzz 字典,一个就够了。
go-shellcode
Load shellcode into a new process
jndi_tool
JNDI服务利用工具 RMI/LDAP,支持部分场景回显、内存shell,高版本JDK场景下利用等,fastjson rce命令执行,log4j rce命令执行 漏洞检测辅助工具
CobaltStrike
CobaltStrike's source code
learnjavabug
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
Leoric
PoC of fighting against force-stop kill process on Android
malleable-c2
Cobalt Strike Malleable C2 Design and Reference Guide
Malleable-C2-Profiles
Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x.
memShell
FilterBased/ServletBased in memory shell for Tomcat and some other middlewares
Point-to-point-communication
java 实现点对点通信
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
rootkit
国科大软件安全原理作业
shadowsocks_install
Auto Install Shadowsocks Server for CentOS/Debian/Ubuntu
shiro_attack
shiro反序列化漏洞综合利用,包含(回显执行命令/注入内存马)
sliver
Adversary Emulation Framework
tabby
A CAT called tabby ( Code Analysis Tool )
teddysunss
https://github.com/teddysun/shadowsocks_install
yhblkey
Config files for my GitHub profile.