Tools & Research
Open-source security tooling, upstream contributions, and exploit research I've published. Everything here is public.
wined — Windows exploitation toolkit
Automation suite for x86/x64 Windows exploit development — ROP gadget filtering, bad-char/codecave/IAT/PPR discovery, null-free shellcode generation, WinDBG helpers, and fuzzing templates.
feroxbuster — content scraping
Parses page contents — directory listings and scraped href/src links — to discover additional content during recursive fuzzing.
feroxbuster — link filtering
Adds a no-state option, filters query strings from scraped links, and fixes custom header handling.
nuclei — local OAST listener
A local/office HTTP callback listener so OAST-based templates run fully on-prem — no interactsh or external infrastructure required.
nuclei-templates — HPE AutoPass fix
Fixes fixed-port URL expansion in the HPE AutoPass template so it targets the correct service.
NetExec — SMB spider_plus
Overhaul of the SMB spider_plus module — recursively spiders shares and downloads matching files for offline triage.
GraphRunner — Azure AD attributes
New post-exploitation module to enumerate Azure AD user attributes through the Microsoft Graph API.
SharpHound — Self-member edge
Fixes missing collection of the Add/Remove Self-As-Member group edge so BloodHound surfaces those AddSelf attack paths.
impacket — CVE-2020-17049 (Bronze Bit)
Implements the Kerberos Bronze Bit (CVE-2020-17049) constrained delegation bypass in impacket.
impacket — shadow credentials
Adds shadow-credential set and clear support to the LDAP shell for Active Directory abuse workflows.
PEASS-ng — linPEAS / winPEAS
Fixes to the privilege-escalation enumeration suite — release fetching and Internet Explorer enumeration.
GTFOBins — new entries
Added several GTFOBins entries — nginx, unsquashfs, dmidecode, pkg, and snap — documenting local privilege-escalation vectors.
PEzor — install & build fixes
Repairs to the open-source shellcode/PE packer install — Go deprecation, zsh, beacon.h, and pathing fixes.
BRC4-BOF-Artillery
Fixes to the Brute Ratel C4 BOF collection — registry-set null handling and compilation errors.
bloodyAD — AD/LDAP findings
Reported AD/LDAP issues — distinguished-name handling, LogonHours, binary-object setting, and genericAll inheritance.
BloodHound CE — query converter
Parses a legacy BloodHound custom-queries list and imports the queries into BloodHound CE through its API.
CVE-2024-23897 — Jenkins file read
Proof-of-concept for the Jenkins CLI arbitrary file-read vulnerability (CVE-2024-23897).
CVE-2024-42327 — Zabbix RCE
Privilege escalation to remote code execution in Zabbix (CVE-2024-42327).
CVE-2023-40028 — Ghost CMS file read
Arbitrary file-read proof-of-concept for Ghost CMS (CVE-2023-40028).
CVE-2021-44967 — LimeSurvey RCE
Remote code execution proof-of-concept for LimeSurvey (CVE-2021-44967).
No tools match the current filters.