zhzhdoai

excalidraw

Virtual whiteboard for sketching hand-drawn like diagrams

ghidra

Ghidra is a software reverse engineering (SRE) framework

yudao-cloud

ruoyi-vue-pro 全新 Cloud 版本，优化重构所有功能。基于 Spring Cloud Alibaba + MyBatis Plus + Vue & Element 实现的后台管理系统 + 用户小程序，支持 RBAC 动态权限、多租户、数据权限、工作流、三方登录、支付、短信、商城、CRM、ERP、AI 大模型等功能。你的 ⭐️ Star ⭐️，是作者生发的动力！

sec-chart

安全思维导图集合

hakrawler

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

CTF-All-In-One

CTF竞赛权威指南

InjectLib

基于Ruby编写的命令行注入版本

YiShaAdmin

基于 .NET Core MVC 的权限管理系统，代码易读易懂、界面简洁美观

bindiff

Quickly find differences and similarities in disassembled code

Parallels

Parallels Desktop for mac

2023Hvv

2023 HVV情报速递~

JYso

It can be either a JNDIExploit or a ysoserial.

JDumpSpider

HeapDump敏感信息提取工具

Spartacus

Spartacus DLL/COM Hijacking Toolkit

twiki

T Wiki 云安全知识文库，可能是国内首个云安全知识文库？

RealBlindingEDR

Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...

FastJsonParty

FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本)，主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用

h2csmuggler

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

decode-js

JS混淆代码的AST分析工具 AST analysis tool for obfuscated JS code

learn-java-asm

:bug: Java ASM

ParallelsLab

Xtools

Xtools 是一款 Sublime Text 插件，同时是一款简单的资产处理、命令行调用工具。

ctf-book

CTF竞赛权威指南(Pwn篇) 相关资源

mysql-jdbc-tricks

JDBC Attack Tricks

Bypass_JVM_Verifier

Bypass JVM Class ByteCode Verifier , 对抗反编译器

SpringBootAdmin-thymeleaf-SSTI

SpringBootAdmin-thymeleaf-SSTI which can cause RCE

codehawk

CodeHawk Abstract Interpretation Engine and Analyzers

reverse_debug_frida

逆向调试利器：Frida

CVE-2022-42475

An exploit for CVE-2022-42475, a pre-authentication heap overflow in Fortinet networking products

CVE-2021-44228

Utilize Tai-e to identify the Log4shell (a.k.a. CVE-2021-44228) Vulnerability