Public researchings of the Google's Android apps protection

POC code for CVE-2024-29510 and demo VulnApp

Official writeups for Business CTF 2024: The Vault Of Hope

A Frida script that disables Flutter's TLS verification

Official writeups for Cyber Apocalypse CTF 2024: Hacker Royale

POC for CVE-2024-23897 Jenkins File-Read

Templates for submissions

A list of interesting payloads, tips and tricks for bug bounty hunters.

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

Hackthebox Business CTF 2023- The Great Escape Writeups

Test tool for CVE-2020-1472 ZeroLogon

This repository explain how to write frida hook scripts and analysis written hooks.

CVE 2023 25690 Proof of concept - mod_proxy vulnerable configuration on Apache HTTP Server versions 2.4.0 - 2.4.55 leads to HTTP Request Smuggling vulnerability.

POC for CVE-2022-39952

📱 objection - runtime mobile exploration

A proof of concept exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager

Abusing VirusTotal API to host our C2 traffic, usefull for bypassing blocking firewall rules if VirusTotal is in the target white list , and in case you don't have C2 infrastructure , now you have …

The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in…

F5 BIG-IP RCE exploitation (CVE-2022-1388)

spring框架RCE漏洞 CVE-2022-22965

Spring4Shell Proof Of Concept/Information

Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit

Spring Core RCE

Simple local scanner for applications containing vulnerable Spring libraries