CVE-2025-64155: Fortinet FortiSIEM Argument Injection to Remote Code Execution

CVE-2025-21479 proof-of-concept, I think

A C# tool for extracting information from SCCM PXE boot media.

Clear and obvious name of the exploitation technique can create a false sense of familiarity, even if its true potential was never researched, the technique itself is never mentioned and payloads a…

Lonkero - Wraps around your attack surface. Professional-grade scanner for real penetration testing. Fast. Modular. Rust.

A PowerShell variant of the amazing patch_review.py by kevthehermit

# CVE-2026-20805 PoC Prueba de concepto para la vulnerabilidad de divulgación de información en **Desktop Windows Manager (dwm.exe)** de Microsoft. ## 📋 Resumen de la Vulnerabilidad - **ID:** CVE-2…

A lightweight Windows Prefetch file parser to extract programs' execution history

Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

Make You Happy!

Local Privilege Escalation Affecting Millions of Gaming Laptops

Novel Windows process injection: assembles existing open handles (process & thread), natural RWX regions, and special user APC (NtQueueApcThreadEx2) for stealthy execution. Minimal permissions, no …

AppleKeyStore Use-After-Free: MTE/PAC Panic Analysis - iOS 26.x kernel vulnerability research

HLSL/GLSL library for debugging shaders

Practical setup guides and helpers to connect Burp Suite MCP Server to multiple AI backends (Codex, Gemini, Ollama, ...).

EDRStartupHinder: A red team tool to prevent Antivirus and EDR from running.

Windows Session Hijacking via COM

SEP firmware panic via AppleKeyStore - iOS/macOS 26.x kernel vulnerability

CVE-2025-68428 Proof of Concept

Hunt Smarter, Hunt Harder

Create, delete or list Shadows Copies using the VSS API using C++, C# or Python. Working on Windows 11

A Claude Code plugin that iteratively refines product specifications by debating between multiple LLMs until all models reach consensus.

Analysis of CVE-2025-43529 (WebKit UAF) + CVE-2025-14174 (ANGLE OOB) exploit chain - iOS Safari

All-in-one macOS binary analysis: Mach-O parsing, ARM64 disassembly, code signatures, and debugging.

Beacon Object File (BOF) port of DumpGuard for extracting NTLMv1 hashes from sessions on modern Windows systems.

Galago extracts encryption keys from ARM64 Android native libraries through controlled emulation.

Python tool to automatically perform SPN-less RBCD attacks.

A collection of methods to learn who the owner of an IP address is.

A collection of servers which are deliberately vulnerable to learn Pentesting MCP Servers.