cnmsec's Projects
Golang 版SigThief
Burp插件,可以通过Burp代理选中请求,生成Cobalt Strike的profile文件
KCon is a famous Hacker Con powered by Knownsec Team.
Extract credentials from lsass remotely
Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x.
《深入理解恶意代码与病毒样本》
JD京东抢购、京东抢茅台Windows端、开箱即用无需配置环境。开发在即(开源协议采用Apache License)抢茅台外挂,茅台脚本
a webshell resides in the memory of java web server
A little tool to play with Windows security
mpass移动开发框架ios端抓包hook脚本
Updated ConfuserEX, an open-source, free obfuscator for .NET applications
notion 中文化
修改开源nps_golang反向代理项目实现vnc私人远程控制
Compiled tools for internal assessments
OSWE, OSEP, OSED, OSEE
A repository with my notable code snippets for Offensive Security's PEN-300 (OSEP) course.
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
[ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed RawIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains. [ProxyShell] CVE-2021-34473 & CVE-2021-34523 & CVE-2021-31207 Exploit Chains.
Java basic practice for beginners: string
Materials for the workshop "Red Team Ops: Havoc 101"
Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation
:books: 网安类绝版图书
Security Conference Archive
实战沉淀字典
Command and Control Framework written in C#.
SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.
Shellcode library as a Go package
基于Golang实现的Shellcode内存加载器,共实现3中内存加载shellcode方式,UUID加载,MAC加载和IPv4加载,目前能过主流杀软(包括Windows Defender)
各种漏洞poc、Exp的收集或编写
✨Spark is a web-based, cross-platform and full-featured Remote Administration Tool (RAT) written in Go that allows you control all your devices anywhere. Spark是一个Go编写的,网页UI、跨平台以及多功能的远程控制和监控工具,你可以随时随地监控和控制所有设备。