Reach 125K+ monthly visitors
Advertise on TrendshiftPentesting
A simple tool wrapper to automate the enumeration, fingerprinting, and PSK extraction of an IPSec VPN gateway.
Decrypt VMware vTPM-encrypted .vmem/.vmsn/.vmss/.nvram from the VM password, and flatten the .vmem to a Volatility-ready image.
Complete QEMU/KVM virtualization lab for Arch Linux with Windows 11, Kali Linux, Ubuntu, Metasploitable2, networking, TPM 2.0, UEFI, VirtIO, and cybersecurity lab setup.
Memory-injection-resistant smart contract audit agent — a reference implementation of a secure AI agent
Self-hosted AI security lab with fresh LXD workspaces and OpenCode-powered authorized testing
VulnScan (Windows Installer and Runs Locally). A locally run vulnerability scanner with port scanning, CVE lookup, VirusTotal integration, and PDF reports
A single archive of public exploit PoCs and vulnerability research writeups. At the time I post these, none have been reported. Feel free to report them yourself and take credit for the CVE if handed out lulz
Advanced OPSEC fork of Donut. Features a Custom in-memory CLR Host, Tail-Jump ETW bypasses, and zero-patch AMSI evasion for stealthy shellcode generation.
Code and data for our paper "Onelogon: Taking over Active Directory Accounts via Netlogon" (WOOT’26).
A foundational C library for building operationally credible offensive capabilities
One-command security scanner. 40+ rules for secrets, OWASP and deps. Scanned React: F grade.
Unauthenticated RCE PoC for CVE-2026-48908 — SP Page Builder for Joomla (≤ 6.6.1): arbitrary file upload via asset.uploadCustomIcon. Self-cleaning, token-guarded. Authorized testing only.
A web pentest agent ensemble for Claude Code — every finding is independently verified and QA-gated.
IOC enrichment + PE static analysis in one self-contained Windows CLI. Zero dependencies.
Curated security auditors for the backend stack — Supabase, Firebase, Hasura, Strapi, Directus, Payload, Convex, n8n, Ollama & more. Keyless, active-probe, MIT.
Six-layer call-stack spoofing via .pdata lacunae — defeats ETW-Ti, kernel callbacks, CET shadow stack, and return-address validation in a single composite chain.
BruceButBetter — DIY Flipper Zero on ESP32-S3 N16R8. Downstream Bruce fork: Sub-GHz, NFC/RFID, IR, WiFi/BLE, NRF24 & Si5351 in one device. Browser flasher included.