security
Cryptofile
A set of tools for file encryption, including a secure file explorer and an automatic encryptor.
// OPERATOR IDENTIFIED
Pentest · AppSec · Purple Team
// OPERATOR IDENTIFIED
Pentest, AppSec & Purple Team
security
A set of tools for file encryption, including a secure file explorer and an automatic encryptor.
monitoring
A shell script with a collection of security recon tools for CTFs and bug bounty.
api
An HTTP API in C to manage tasks, integrated with a simple HTML/JavaScript frontend.
iot
An HTTP server on the Raspberry Pi Pico W to monitor networks and firewalls via Wi-Fi.
web
A full-stack system for device management integrated with INSS, using FastAPI.
web
Django version of the SINGED application for device management.
web
A modern and responsive e-commerce platform specialized in fruits.
web
A Golang web scraping tool built for studies and data extraction.
web
An Anime.js web app to visualize neural networks learning progress.
web
A web tool to create and study flashcards interactively.
api
An API boilerplate built with Ruby on Rails.
Multi-layered challenge with deep enumeration and chained unique vulnerabilities across several technologies.
Exploit vulnerabilities in malicious TensorFlow models to achieve RCE, escalate privileges, and capture flags.
XWiki RCE exploitation and Privilege Escalation via Netdata (CVE-2024-32019).
Java Heapdump extraction and exploitation.
PHP injection and CVE-2023-46818 exploitation chain.
Roundcube email service exploitation for initial access and privilege escalation.
Credential reuse, insecure SUID binary and PHP config abuse leading to root compromise.
IDOR, credential reuse, authenticated Cacti RCE and Docker API abuse leading to full host compromise.
Active Directory compromise via DNS poisoning, NTLM relay, Kerberos abuse and WinRM access.
pgAdmin authenticated RCE followed by AD CS abuse (ESC6 + ESC16) to obtain Domain Admin access.
OAuth CSRF leading to admin takeover, DLL upload abuse, SQLite extension execution and binary hijacking.
SQL Server credential abuse, password reuse and BadSuccessor AD exploitation to gain Domain Admin.
// EXTERNAL NETWORKS