DummyKitty's Projects
代码审计知识点整理-Java
Code execution via Python package installation.
x64 binary obfuscator
本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。傻瓜式导入url即可实现批量getshell。批量自动化测试。例如:Thinkphp,Struts2,weblogic。出现的最新漏洞进行实时跟踪并且更新例如:log4jRCE,向日葵RCE 等等.
This repo includes ChatGPT prompt curation to use ChatGPT better.
Base64 encode/decode
C++ self-Injecting dropper based on various EDR evasion techniques.
Cloud Exploitation Framework 云环境利用框架,方便安全人员在获得 AK 的后续工作
Cobalt Strike is a powerful threat emulation tool that provides a post-exploitation agent and covert channels ideal for Adversary Simulations and Red Team exercises. With Cobalt Strike, companies can emulate the tactics and techniques of a quiet long-term embedded threat actor in an IT network. Malleable C2 lets you change your network indicators to look like different malware each time. These tools complement Cobalt Strike's solid social engineering process, its robust collaboration capability, and unique reports designed to aid blue team training.
Cobaltstrike4.1 Source
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security (code scanning), LGTM.com, and LGTM Enterprise
CodeQLpy是一款基于CodeQL实现的半自动化代码审计工具,目前仅支持java语言。实现从源码反编译,数据库生成,脆弱性发现的全过程,可以辅助代码审计人员快速定位源码可能存在的漏洞。
Deployment template for docker target machine in ctf for CTFd and other platforms that support dynamic flags
S2-062 (CVE-2021-31805) / S2-061 / S2-059 RCE
CVE-2021-43297 POC,Apache Dubbo<= 2.7.13时可以实现RCE
Windows HTTP协议栈远程代码执行漏洞 CVE-2022-21907
PoC for CVE-2022-40684 - Authentication bypass lead to Full device takeover (Read-only)
fortinet auth bypass analyze and exploit
CVE-2023-21707 EXP
This repository presents a proof-of-concept of CVE-2023-7028
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
This script is designed to demonstrate the exploitation of vulnerabilities in PAN-OS firewalls. It sends a specially crafted payload to the firewall's API endpoint to execute arbitrary commands.
some prompt about cyber security
:knife: Scan memory for secrets and more. Maybe eventually a full /proc toolkit.
CobaltStrike Server With Docker
Docker images with PHP and xdebug installed, configured and ready to debug and profile applications in modern IDEs.
DongTai is an interactive application security testing(IAST) product that supports the detection of OWASP WEB TOP 10 vulnerabilities, multi-request related vulnerabilities (including logic vulnerabilities, unauthorized access vulnerabilities, etc.), third-party component vulnerabilities, etc.
Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.