therealwolf's Projects
Repository including some useful frida script for iOS Reversing
iOS Frida Scripts
Purposely vulnerable ActiveX Control to teach about exploitation in a browser-based environment.
A hacked up idevicerestore wrapper, which allows specifying SEP and Baseband for restoring
Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.
A repository with 3 tools for pwn'ing websites with .git repositories available
A custom Google search (to bypass some limitations on google and VPNs)
Gospider - Fast web spider written in Go
List of commands and techniques to while conducting any kind of hacking :)
HackSys Extreme Vulnerable Windows Driver
Homebrew Tap - Pen Test Tools
Tutorials and Things to Do while Hunting Vulnerability.
Bypass Apple ID lockout for all IOS via USB
IDA Plugin for Searching ROP Chains
A set of exploitation/reversing aids for IDA
.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
:dart: Advanced debugging skills used in the iOS project development process, involves the dynamic debugging, static analysis and decompile of third-party libraries. iOS ้กน็ฎๅผๅ่ฟ็จไธญ็จๅฐ็้ซ็บง่ฐ่ฏๆๅทง๏ผๆถๅไธๆนๅบๅจๆ่ฐ่ฏใ้ๆๅๆๅๅ็ผ่ฏ็ญ้ขๅ
Latest ios RCE Vulnerability disclosed by Google Security Researcher
JNDI-Exploitation-Kit๏ผA modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection๏ผ
It embeds the executable file or payload inside the jpg file. The method the program uses isn't exactly called one of the steganography methods. For this reason, it does not cause any distortion in the JPG file. The JPG file size and payload do not have to be proportional.The JPG file is displayed normally in any viewing application or web application. It can bypass various security programs such as firewall, antivirus. If the file is examined in detail, it is easier to detect than steganography methods. However, since the payload in the JPG file is encrypted, it cannot be easily decrypted. It also uses the "garbage code insertion/dead-code insertion" method to prevent the payload from being caught by the antivirus at runtime.
A next-generation crawling and spidering framework.
A kernel driver to practice writing exploits against, as well as some example exploits using public techniques.
Methods for attacking KeePass 2.X databases, including extracting of encryption key material from memory.
A tool for analyzing private (and public) key files, including support for Android APK files.
KeyLeak is a repository that shows quick wins for API keys leaked by the application.
Me, Myself & I
a series tutorial for linux exploit development to newbie.
A Course on Intermediate Level Linux Exploitation
A bunch of links related to Linux kernel fuzzing and exploitation