Project for tracking publicly disclosed DLL Hijacking opportunities.

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

DOOM-style 3D (raycasting) Game in Python Pygame

A revisited version of XSScon with DOM XSS based vuln research capability

Collection of some common wordlists such as RDP password, user name list, ssh password wordlist for brute force. IP Cameras Default Passwords.

Simple line solver that takes two coordinates and returns its factors, distance, midpoint, and slope.

Simple recreation of Pong using Java

An arguably competent password manager.

Training Software for the game Team Fortress 2

Students will be submitting this project as a qualifier for the 2022 cohort for the Tech Talent Pipeline.

Used Wireshark and Burp Suite to break into a "Members Only" website.

Exploited vulnerabilities in various web applications.

Created a honeynet for malware analysis using MHN-Admin and Dionaea.

Performed a Tab Nabbing attack and privilege escalation to hijack a web server using Kali Linux.

Performed an RCE through a vulnerable HTTP page and used Metasploit to execute a privilege escalation.

Harvested credentials using SQLmap and uploaded a PHP reverse shell script to hijack a web server.

Performed a command injection attack and privilege escalation through a vulnerable web application.

Exploited a File Upload flaw and the “Sudo Baron Samedit” vulnerability to hijack a web server.

Enumerated and infiltrated a WordPress site and performed privilege escalation using Kali Linux.

Compromised a web server using default credentials and abused binary capabilities to do privilege escalation.

Used multiple obfuscated command injections to open reverse shells and perform privilege escalations through exploiting vulnerable Sudo privileges and hijacking Tmux sessions.

Performed RCE through LFI and log poisoning against vulnerable web servers and performed privilege escalation by manipulating process UIDs of binaries with SETUID capabilities.

Performed RCE against a vulnerable Apache Struts2 application and retrieved credentials from Mozilla Firefox password storage to perform privilege escalation.

Created a Python script to cheat a game, used obfuscated command injection to achieve a reverse shell, and manipulated user-created binaries to perform multiple privilege escalations.

Performed RCE by exploiting unsanitized inputs to gain a reverse shell and obtain the flag.

LSASS Credential Dumper that utilizes the Windows API, in-memory RC4 encryption and Base64 encoding, and HTTPS exfiltration.

Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.

A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.

An x86_64 OS kernel from scratch.