CVE-2025-8110 PoC

Supershell C2 远控平台，基于反向SSH隧道获取完全交互式Shell

CVE-2026-23744 - Versions 1.4.2 and earlier of MCPJam inspector are vulnerable to remote code execution (RCE). Because the tool listens on 0.0.0.0 by default, an attacker can trigger the installati…

A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.

A tool to dump a git repository from a website

A curated dataset repository of malicious source code samples for security research, red-team testing, and detection tool validation.

PoC tools of Bytecode Jiu-Jitsu presented at Black Hat USA 2024 Briefings

ZoneMinder Second-Order SQL Injection PoC — CVE-2026-27470

Unauthenticated RCE in ZoneMinder Snapshots - Poc Exploit

Extract firmware images from an Android OTA payload.bin file

A fast & natively cross-platform Android OTA payload extractor written in Go

The Python programming language

Proof of concept aiming to reproduce and query the infrared code database (IRDB) used by the Xiaomi *Mi Remote* application.

Kerberos relaying and unconstrained delegation abuse toolkit

PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. This is possible via other protocols as well.

PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

Free Active Directory pentesting tool and Linux CLI for AD enumeration, BloodHound, Kerberoasting, ADCS, DCSync, and attack paths.

Lists who can read any gMSA password blobs and parses them if the current user has access.

C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527

A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.

Run a 1-billion parameter LLM on a $10 board with 256MB RAM

Credentials recovery project

Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.

SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.

Partial python implementation of SharpGPOAbuse

The leading native Python SSHv2 protocol library.

Dirty COW

Python PTY backdoors - full PTY or nothing!