Raspberry Pi Pico Arduino core, for all RP2040 and RP2350 boards

PoC for popping a system shell against the LnvMSRIO.sys driver

Device OS (Firmware) for Particle Devices

Views Instagram private account's media without login

A high-speed forensic timeline engine for Windows forensic artifact CSV output built for DFIR investigators. Quickly consolidate CSV output from processed triage evidence for Eric Zimmerman (EZ Too…

Exploits and advisories

Alternative Read and Write primitives using Rtl* functions the unintended way.

Malware, tooling, logs, IOCs and intelligence

The different ways to dump lsass

Deserialization payload generator for a variety of .NET formatters

SharePoint 2025 RCE Exploitation GUI

AI 生成

A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike

SharePoint WebPart Injection Exploit Tool

Malware traffic obfuscation library

A sophisticated, wizard-driven Python exploit tool targeting CVE-2025-53770, a critical (CVSS 9.8) unauthenticated remote code execution (RCE) vulnerability in on-premises Microsoft SharePoint Serv…

A Post-exploitation Toolset for Interacting with the Microsoft Graph API

Modern PIC implant for Windows (64 & 32 bit)

This tool exploits Golden DMSA attack against delegated Managed Service Accounts.

Hide any window from screen capture on Windows.

C++ tool and library for converting .bin files to shellcode in multiple output formats.

Gain insights into MS-RPC implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By following this approach, a security researcher will hopefully…

FortiWeb CVE-2025-25257 exploit

Fully decrypt App-Bound Encrypted (ABE) cookies, passwords & payment methods from Chromium-based browsers (Chrome, Brave, Edge) - all in user mode, no admin rights required.

CVE-2025-5777 (CitrixBleed 2) - Critical memory leak vulnerability affecting Citrix NetScaler ADC and Gateway devices

ELF static analysis and injection framework that parse, manipulate, patch and camouflage ELF files.

Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when attackers disable standard process notify callbacks.

Simple Linux post-exploitation agent that uses io_uring to stealthily bypass EDR detection by avoiding traditional syscalls.

Tiny Windows executable that outputs version information about the OS.