APT39 is an Iranian cyber espionage group responsible for the widespread theft of personal information, setting it apart from other Iranian threat groups.

Mimikatz HashClash. Contribute to caseysmithrc/MimkatzCollider development by creating an account on GitHub.

Endgame security researchers demonstrated a new fileless attack technique at Black Hat 2018. Learn from Nick Lewis how this attack can bypass Windows Driver Signature Enforcement.

In this blog, Sunil Yadav, our lead trainer for "Advanced Web Hacking " training class, will discuss a case study where a Server-Side Request Forgery (SSRF) vulnerability was identified and exploited

tl;dr version Using some simple managed code debugging techniques, you can easily pull out hard-coded credentials from a binary claiming t...

Posted by James Forshaw, Project Zero And we’re back again for another blog in my series on Windows Exploitation tricks. This time I’ll...

A C# implementation of PrivExchange by @_dirkjan. Contribute to panagioto/SharpExchangePriv development by creating an account on GitHub.

AMSI bypass stager generator. Contribute to airman604/amsi_bypassr development by creating an account on GitHub.

Hook native API with C#. Contribute to citronneur/detours.net development by creating an account on GitHub.

UAC, specifically Admin-Approval mode, has been known to be broken ever since it was first released in Windows Vista. Most of the research of bypassing UAC has focused on abusing bad elevated application behavior, auto elevation or shared registry and file…

In this tutorial, I explain how to dynamically create a 1D array by passing the size in from the command line. Also I show how we can manipulate the dynamica...

CVE-2019-1003000-Jenkins-RCE-POC. GitHub Gist: instantly share code, notes, and snippets.