Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

We show in this work how publicly available LLMs can be socially engineered to transform novices into capable attackers, challenging the foundational principle that exploitation requires technical expertise. To that end, we propose RSA (Role-assignment, Scenario-pretexting, and Action-solicitation), a pretexting strategy that manipulates LLMs into generating functional exploits despite their safety mechanisms

..we learned to think like an attacker—understanding how Impacket tools construct their LDAP queries

..we learned to think like a log parser having an existential crisis - handling every possible variation those queries might take after going through the transformation gauntlet

Tampered Syscalls Via Hardware BreakPoints: Used to bypass userland hooks while simultaneously spoofing the invoked syscall's arguments.
Ghostly Hollowing: A hybrid technique between Process Hollowing and Process Ghosting.

A modern Windows desktop application for exploring and managing Windows Management Instrumentation (WMI) namespaces, classes, instances, properties, and methods. Built with WPF and .NET 8.0.

ProfileHound - BloodHound OpenGraph collector for user profiles stored on domain machines. Make informed decisions about looting secrets by identifying active user profiles on domain machines.

Execute PE files in-memory using Cobalt Strike's Beacon, eliminating child processes and consoles for stealthy operations and efficient output handling.

An enhanced proof-of-concept exploit for CVE-2025-52691 (SmarterMail Arbitrary File Upload RCE) with APT-level features like stealth obfuscation, persistence, exfiltration, and interactive mode. For educational and authorized testing only. Credits to the original PoC by yt2w/CVE-2025-52691.

WordPress Mobile builder Plugin <= 1.4.2 is vulnerable to a high priority Broken Authentication

Repository created to share information about tactics, techniques and procedures used by threat actors. Initially with ransomware groups and evolving to other types of threats.

A sleek, modern web-based front-end for signal intelligence tools.
Unified interface for pager decoding, 433MHz sensors, ADS-B aircraft tracking, satellite monitoring, WiFi reconnaissance, and Bluetooth scanning.

POST /module/ps_checkout/ExpressCheckout HTTP/1.1
Host: localhost:3000
Content-Length: 72

{"orderID":"1","order":{"payer":{"email_address":"presta@example.com"}}}

RACE Toolkit is the tool released alongside our Airoha research. You can find more about that in our blog post.

This repository contains a Python-based command-line toolkit for interacting with devices that expose the RACE protocol over various transports (BLE GATT, Bluetooth Classic RFCOMM, USB HID). It is primarily intended for further security research into the Airoha ecosystem and for end-users to check whether their devices are affected by the vulnerabilities.

Modern C2 Platform with Cloudflare Tunnel Integration | WinRM & SSH Remote Management | Real-time Terminal & Remote Desktop | Built with FastAPI & React

MSFinger is a high-performance network fingerprinting tool designed for internal network reconnaissance. It rapidly identifies Microsoft services, detects security configurations, and highlights potential vulnerabilities across SMB, LDAP, and LDAPS protocols.