Virtual whiteboard for sketching hand-drawn like diagrams

GPT-powered chat for documentation, chat with your documents

ANTLR (ANother Tool for Language Recognition) is a powerful parser generator for reading, processing, executing, or translating structured text or binary files.

Type Analyzer for JavaScript

安卓Java层多功能追踪脚本

体系化、实战化、step by step、目标清晰且具体的一个打怪升级、成长路径规划图

Prompt Engineering, Generative AI, and LLM Guide by Learn Prompting | Join our discord for the largest Prompt Engineering learning community

pinduoduo backdoor

拼多多apk内嵌提权代码，及动态下发dex分析

Maybe the most detailed analysis of pdd backdoors

Samples and Unpacker of malicious backdoors and exploits developed and used by Pinduoduo

Exploit for CVE-2022-20452, privilege escalation on Android from installed app to system app (or another app) via LazyValue using Parcel after recycle()

CodeQL extractor for java, which don't need to compile java source

Recent Fuzzing Paper

KCon is a famous Hacker Con powered by Knownsec Team.

Binary instrumentation framework based on FRIDA

An automated tool for the detection of regexes' slow-matching vulnerabilities.

Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron applications.

Debug in-production Electron based app

Oversecured Vulnerable Android App

《深入理解CodeQL》Finding vulnerabilities with CodeQL.

基于frida的安卓hook框架，提供了很多frida自身不支持的功能，将hook安卓变成简单便捷，人人都会的事情

《Java安全-只有Java安全才能拯救宇宙》Only Java Security Can Save The Universe.

“冰蝎”动态二进制加密网站管理客户端

🚀Vulfocus 是一个漏洞集成平台，将漏洞环境 docker 镜像，放入即可使用，开箱即用。

The new Windows Terminal and the original Windows console host, all in the same place!

日常笔记。

超级SQL注入工具（SSQLInjection）是一款基于HTTP协议自组包的SQL注入工具,采用C#开发，直接操作TCP会话来进行HTTP交互，支持出现在HTTP协议任意位置的SQL注入，支持各种类型的SQL注入，支持HTTPS模式注入；支持以盲注、错误显示、Union注入等方式来获取数据；支持Access/MySQL/SQLServer/Oracle/PostgreSQL/DB2/SQL…

Pre-Built Vulnerable Environments Based on Docker-Compose

Server-Side Template Injection and Code Injection Detection and Exploitation Tool