1. Php7 Opcache Override
Security-related PHP7 OPcache abuse tools and demo
2. Wsuspicious
WSuspicious - A tool to abuse insecure WSUS connections for privilege escalations
✭ 157
3. Csp Auditor
Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website
4. Dllpasswordfilterimplant
DLL Password Filter Implant with Exfiltration Capabilities
5. Pywsus
Standalone implementation of a part of the WSUS spec. Built for offensive security purposes.
6. Advanced Binary Analysis
Materials for the Binary Analysis Workshop presented at NorthSec 2020
✭ 43
html7. Malboxes
Builds malware analysis Windows VMs so that you don't have to.
8. Pyrdp
RDP man-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact
9. Dtd Finder
List DTDs and generate XXE payloads using those local DTDs.
10. template-injection-workshop
Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.
11. Cisco2Checkpoint
Tool that assists in migrating firewall rules from Cisco to Checkpoint. Will optimize rules for you (rationalization, reuse merging, etc.).
13. burp-ntlm-challenge-decoder
Burp extension to decode NTLM SSP headers and extract domain/host information
14. security-cheat-sheet
Minimalist cheat sheet for developpers to write secure code
15. break-fast-serial
A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs
16. ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
✭ 32
1-16 of 16 user projects