SQL interface for Ghidra program databases — query functions, xrefs, types, decompilation with standard SQL

SDK for automating Ghidra from Python, Rust, and C++. Decompile, rename, annotate, inspect symbols/types/xrefs, and manage project lifecycle programmatically - treat Ghidra like infrastructure, not…

My software engineering notes.

Reverse Engineering 4 Fun & Profit

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Scripts and examples for "From Day Zero to Zero Day" by Eugene Lim.

Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules

A knowledge base of best practices for application security

Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.

Kernel mode WinDbg extension and PoCs for token privilege investigation.

Native WebGPU implementation. Mirror of https://dawn.googlesource.com/dawn. File bugs here: https://crbug.com/dawn/new

Understand Human Behavior to Align True Needs

Hardcore Debugging

HVNC for Cobalt Strike

Pentesting cheatsheet with all the commands I learned during my learning journey. Will try to to keep it up-to-date.

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats. Supports: ZIP, 7zip, PDF, ISO, IMG, CAB, VHD, VHDX

Meticulously curated security notes with Emphasis on Application Security, DevSecOps, Cloud Computing, and Penetration Testing.

DynamicSyscalls is a library written in .net resolves the syscalls dynamically (Has nothing to do with hooking/unhooking)

Open-Source Remote Administration Tool For Windows C# (RAT)

Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab