Model Context Protocol for WinDBG

Buttercup finds and patches software vulnerabilities

DeepAudit：人人拥有的 AI 黑客战队，让漏洞挖掘触手可及。国内首个开源的代码漏洞挖掘多智能体系统。小白一键部署运行，自主协作审计 + 自动化沙箱 PoC 验证。支持 Ollama 私有部署 ，一键生成报告。​让安全不再昂贵，让审计不再复杂。

Linux Process Injection via Seccomp Notifier

A data-only attack based on CVE-2024-0582

Buttercup CRS as submitted to the AIxCC Final Competition

IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations

🚀 The fast, Pythonic way to build MCP servers and clients

A technique to run binaries filelessly and stealthily on Linux by "overwriting" the shell's process with another.

Containers for building the Linux kernel or other software with many different compilers

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted request…

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

crypto-trading-open

A bunch of v8 resources (with a security focus)

ysoserial修改版，着重修改ysoserial.payloads.util.Gadgets.createTemplatesImpl使其可以通过引入自定义class的形式来执行命令、内存马、反序列化回显。

Demo code for post <Restrictions of JNDI Manipulation RCE & Bypass>

📀 Create traditional MSI installers for your Electron app

Codeql学习笔记

Redirect any Windows/MacOS TCP and UDP traffic to HTTP/Socks5 proxy

PoC for popping a system shell against the LnvMSRIO.sys driver

WSUS Unauthenticated RCE

Proof-of-concept of CVE-2025-55188: 7-Zip arbitrary code execution

SharePoint WebPart Injection Exploit Tool