Appshark is a static taint analysis platform to scan vulnerabilities in an Android app. Prerequisites Appshark requires a specific version…
Vulnerable client-server application (VuCSA) is made for learning/presenting how to perform penetration tests of non-http thick clients. It is written…
Jscythe abuses the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code, even…
The CI/CD-Goat project allows engineers and security practitioners to learn and practice CI/CD security through a set of 10 challenges,…
Want to use SSH for reverse shells? Now you can using reverse_SSH. Manage and connect to reverse shells with native…
Ermir is an Evil/Rogue RMI Registry, it exploits unsecure deserialization on any Java code calling standard RMI methods on it…
Threatest is a Go framework for testing threat detection end-to-end. Threatest allows you to detonate an attack technique, and verify…
Hyper-converged infrastructure (HCI) claims to simplify IT by merging storage, computation, and typically a virtualization environment in a single system…
Sandman is a backdoor that is meant to work on hardened networks during red team engagements. Sandman works as a…
Whids is a Open Source EDR For Windows with artifact collection driven by detection. The detection engine is built on…