Projects

My projects can all be found on GitHub, or at least the ones which want to be found. Here's some of my personal highlights:

Bluffy the AV Slayer

A joint project by mez0 and I - code is on GitHub and a nice write up is on ad-995.group on obfuscating shellcode to avoid static AV detection.

Five Word Phrase

Five word phrase can be found on this site!

From XKCD, the site correcthorsebatterystaple.net hosted a live version of the tool. This went down seemingly on the 7th of June. Seeing as its core functionality was less than 5 lines of JavaScript I decided to have my own copy. Which is here.

Arpy

Arpy can be found on GitHub.

Finding a new IP address without shouting is a pain, mostly involving being carefully quiet while trying to spot gaps in tcpdump which you can pop into. This seemed like something which could be automated, and arpy is my best-effort good-enough effort to do so.

It was also a fun excuse to play with Scapy, which is 1000% awesome to work with.

I've written a blog on writing Arpy and mucking around with Scapy - Arpy, the silent IP guesstimator.

Shelby

Shelby can be found on GitHub.

Mez0 and I were really impressed with how PoshC2 displays a helpful easily accessible list of available web shells, tuned to match your current IP address. Shelby is our re-interpretation of doing this, and was rather helpful during both OSCP and generic Hack the Box ramblings.

creds.ninja

creds.ninja is currently visitable online. At creds.ninja, as you might imagine.

creds.ninja's source code can be found on GitHub

Mez0 and I also liked the look and fluidity of ippsec.rocks and had a burning desire to have easily accessible default application credentials. So we harvested some from around the Internet, led by Daniel Miessler's Seclists, and popped it online. Plus we got to play with JavaScript which is always a fun and engaging experience.