Colin O'Flynn's Hacakday talk at Remoticon 2021 support repo.

Last update: Sep 12, 2022

Overview

Hardware Hacking Resources

This repo holds some of the examples used in Colin's Hardware Hacking talk at Remoticon 2021.

You can see the very sketchy glitcher in the dangerous-emfi folder.

You can see the code used on the Raspberry Pi 3 Model B+ in the rpi-glitching folder.

Some specific resources used in the talk:

ChipWhisperer Jupyter Examples
Hardware Hacking Handbook
Colin's ECU Bootloader Work
Thomas Roth R-Pi Pico [NOTE - this link will be updated with a video once available]

Other examples that might be pulled up ad-hoc will be added to this list later.

Owner

Colin O'Flynn

Colin is a huge nerd.

GitHub Repository

POC for CVE-2022-1388

CVE-2022-1388 POC for CVE-2022-1388 affecting multiple F5 products. Follow the Horizon3.ai Attack Team on Twitter for the latest security research: Ho

231 Dec 07, 2022

com_media allowed paths that are not intended for image uploads to RCE

CVE-2021-23132 com_media allowed paths that are not intended for image uploads to RCE. CVE-2020-24597 Directory traversal in com_media to RCE Two CVEs

67 Nov 09, 2022

一款Web在线自动免杀工具

一款利用加载器以及Python反序列化绕过AV的在线免杀工具因为打包方式的局限性，不能跨平台，若要生成exe格式的只能在Windows下运行本项目打包速度有点慢，提交后稍等一会开发环境及运行前端使用Bootstrap框架，后端使用Django框架。

172 Nov 28, 2022

Unauthenticated Sqlinjection that leads to dump data base but this one impersonated Admin and drops a interactive shell

Unauthenticated Sqlinjection that leads to dump database but this one impersonated Admin and drops a interactive shell

16 Nov 09, 2022

Tool to scan for RouterOS (Mikrotik) forensic artifacts and vulnerabilities.

RouterOS Scanner Forensics tool for Mikrotik devices. Search for suspicious properties and weak security points that need to be fixed on the router. T

823 Dec 21, 2022

An ARP Spoofer attacker for windows to block away devices from your network.

arp0_attacker An ARP Spoofer-attacker for Windows -OS to block away devices from your network. INFO Built in Python 3.8.2. arp0_attackerx.py is Upgrad

15 Mar 17, 2022

对安卓APP注入MSF PAYLOAD，并且对手机管家进行BYPASS。

520_APK_HOOK 介绍将msf生成的payload，注入到一个正常的apk文件中，重新打包后进行加固，bypass手机安全管家的检测。项目地址: https://github.com/cleverbao/520apkhook 作者: BaoGuo 优点相比于原始的msf远控，此版本ap

368 Jan 02, 2023

Automatic SQL injection and database takeover tool

sqlmap sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of

25.7k Jan 08, 2023

IDA Frida Plugin for tracing something interesting.

IDAFrida A simple IDA plugin to generate FRIDA script. Edit template for functions or you can use the default template. Select functions you want to t

133 Dec 24, 2022

Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures

Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and auto-completion to your preferred editor once it is configured.

39 Nov 28, 2022

Universal Radio Hacker: Investigate Wireless Protocols Like A Boss

The Universal Radio Hacker (URH) is a complete suite for wireless protocol investigation with native support for many common Software Defined Radios.

9k Jan 03, 2023

An advanced multi-threaded, multi-client python reverse shell for hacking linux systems

PwnLnX An advanced multi-threaded, multi-client python reverse shell for hacking linux systems. There's still more work to do so feel free to help out

212 Dec 24, 2022

A Feature Rich Modular Malware Configuration Extraction Utility for MalDuck

Malware Configuration Extractor A Malware Configuration Extraction Tool and Modules for MalDuck This project is FREE as in FREE 🍺 , use it commercial

103 Dec 18, 2022

log4j burp scanner

log4jscanner log4j burp插件特点如下： 0x01 基于Cookie字段、XFF头字段、UA头字段发送payload 0x02 基于域名的唯一性，将host带入dnslog中插件主要识别五种形式： 1.get请求，a=1&b=2&c=3 2.post请求，a=1&b=2&c=

1 Jun 30, 2022

A secure password generator written in python

gruvbox-factory 🏭 "The main focus when developing gruvbox is to keep colors easily distinguishable, contrast enough and still pleasant for the eyes"

430 Dec 27, 2022

Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API

ScratchABit is an interactive incremental disassembler with data/control flow analysis capabilities. ScratchABit is dedicated to the effor

380 Dec 28, 2022

CVE-2021-22205 Unauthorized RCE

CVE-2021-22205 影响版本： Gitlab CE/EE 13.10.3 Gitlab CE/EE 13.9.6 Gitlab CE/EE 13.8.8 Usage python3 CVE-2021-22205.py target "curl \`whoami\`.dnslog

70 Nov 09, 2022

A Proof-of-Concept Layer 2 Denial of Service Attack that disrupts low level operations of Programmable Logic Controllers within industrial environments. Utilizing multithreaded processing, Automator-Terminator delivers a powerful wave of spoofed ethernet packets to a null MAC address.

Automator-Terminator A Proof-of-Concept Layer 2 Denial of Service Attack that disrupts low level operations of Programmable Logic Controllers (PLCs) w

25 Oct 10, 2022

Password-Manager GUI

PASSWORD-MANAGER This repo contains all the project files. Project Description A Tkinter GUI that allows you to store website info like website name,

1 Dec 08, 2021

Evil-stalker - A simple tool written in python, it is so simple that it is based on google dorks

evil-stalker How to run First of all, you must install the necessary libraries.

6 Nov 16, 2022