Robust Cobalt Strike shellcode loader with multiple advanced evasion features

Bunch of Python scripts made to host fake printer-like services

A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.

Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.

LSASS Credential Dumper that utilizes the Windows API, in-memory RC4 encryption and Base64 encoding, and HTTPS exfiltration.

Performed RCE by exploiting unsanitized inputs to gain a reverse shell and obtain the flag.

Created a Python script to cheat a game, used obfuscated command injection to achieve a reverse shell, and manipulated user-created binaries to perform multiple privilege escalations.

Performed RCE against a vulnerable Apache Struts2 application and retrieved credentials from Mozilla Firefox password storage to perform privilege escalation.

Performed RCE through LFI and log poisoning against vulnerable web servers and performed privilege escalation by manipulating process UIDs of binaries with SETUID capabilities.

Used multiple obfuscated command injections to open reverse shells and perform privilege escalations through exploiting vulnerable Sudo privileges and hijacking Tmux sessions.

Compromised a web server using default credentials and abused binary capabilities to do privilege escalation.

Enumerated and infiltrated a WordPress site and performed privilege escalation using Kali Linux.

Exploited a File Upload flaw and the “Sudo Baron Samedit” vulnerability to hijack a web server.

Performed a command injection attack and privilege escalation through a vulnerable web application.

Harvested credentials using SQLmap and uploaded a PHP reverse shell script to hijack a web server.

Performed an RCE through a vulnerable HTTP page and used Metasploit to execute a privilege escalation.

Performed an RCE by exploiting the "Shellshock" vulnerability and hijacked a webserver.

Performed a Tab Nabbing attack and privilege escalation to hijack a web server using Kali Linux.

Created a honeynet for malware analysis using MHN-Admin and Dionaea.

Exploited vulnerabilities in various web applications.

Used Wireshark and Burp Suite to break into a "Members Only" website.

An arguably competent password manager.

Simple recreation of Pong using Java

Simple line solver that takes two coordinates and returns its factors, distance, midpoint, and slope.