zha0's repositories
BamExtensionTableHook
Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when attackers disable standard process notify callbacks.
bin2shellcode
C++ tool and library for converting .bin files to shellcode in multiple output formats.
BloodfangC2
Modern PIC implant for Windows (64 & 32 bit)
Brc4-License-T00ls
AI 生成
Chrome-App-Bound-Encryption-Decryption
Fully decrypt App-Bound Encrypted (ABE) cookies, passwords & payment methods from Chromium-based browsers (Chrome, Brave, Edge) - all in user mode, no admin rights required.
Crystal-Loaders
A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike
CVE-2025-25257
FortiWeb CVE-2025-25257 exploit
CVE-2025-32463_chwoot
sudo Local Privilege Escalation CVE-2025-32463
CVE-2025-47812-poc
Wing FTP Server Remote Code Execution (RCE) Exploit (CVE-2025-47812)
CVE-2025-53770
A sophisticated, wizard-driven Python exploit tool targeting CVE-2025-53770, a critical (CVSS 9.8) unauthenticated remote code execution (RCE) vulnerability in on-premises Microsoft SharePoint Server (2016, 2019, Subscription Edition)
CVE-2025-53770-Exploit
SharePoint WebPart Injection Exploit Tool
CVE-2025-5777
CVE-2025-5777 (CitrixBleed 2) - Critical memory leak vulnerability affecting Citrix NetScaler ADC and Gateway devices
dumping_lsass
The different ways to dump lsass
elfspirit
ELF static analysis and injection framework that parse, manipulate, patch and camouflage ELF files.
Evanesco
Hide any window from screen capture on Windows.
exploit-2
Exploits and advisories
GoldenDMSA
This tool exploits Golden DMSA attack against delegated Managed Service Accounts.
InstagramPrivSniffer
Views Instagram private account's media without login
intelligence
Malware, tooling, logs, IOCs and intelligence
Kanvas
A simple-to-use IR (incident response) case management tool for tracking and documenting investigations.
MS-RPC-Fuzzer
Gain insights into MS-RPC implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By following this approach, a security researcher will hopefully identify interesting RPC services in such a time that would take a manual approach significantly more.
netescape
Malware traffic obfuscation library
OSEPlayground
A collection of useful tools and scripts were developed and gathered throughout the Offensive Security's PEN-300 (OSEP) course.
rabbit.go
Bidirectional TCP tunnel written in go
RiCharEpoint
SharePoint 2025 RCE Exploitation GUI
RingReaper
Simple Linux post-exploitation agent that uses io_uring to stealthily bypass EDR detection by avoiding traditional syscalls.
RtlHijack
Alternative Read and Write primitives using Rtl* functions the unintended way.
winver
Tiny Windows executable that outputs version information about the OS.