Reversec Labs ORG

The Leading Security Assessment Framework for Android.

Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.

The iOS Security Testing Framework

SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.

A graph-based tool for visualizing effective access and resource relationships in AWS environments.

Automated Attack Simulation in the Cloud, complete with detection use cases.

DNS Rebinding Exploitation Framework

No description.

No description.

Cross Platform Kernel Fuzzer Framework

Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely

A repository of code signing certificates known to have been leaked or stolen, then abused by threat actors

No description.

WePWNise generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.

CAPTCHA22 is a toolset for building, and training, CAPTCHA cracking models using neural networks.

Tools for decoding TPM SPI transaction and extracting the BitLocker key from them.

macOS Kernel Fuzzer

Enumeration and reconnaissance activities in the Microsoft Azure Cloud.

A meterpreter extension for applying hooks to avoid windows defender memory scans

The Android Agent for the Drozer Security Assessment Framework.

Code and exercises for a workshop on z3 and angr

No description.

Simple Prompt Injection Kit for Evaluation and Exploitation

SharpClipHistory is a .NET application written in C# that can be used to read the contents of a user's clipboard history in Windows 10 starting from the 1809 Build.

No description.

Suite of tools to facilitate attacks against the Jamf macOS management platform.

PEAS is a Python 2 library and command line application for running commands on an ActiveSync server e.g. Microsoft Exchange.

A command line tool for creating malicious outlook rules

One Token To Rule Them All https://labs.reversec.com/posts/2012/07/incognito-v20-released

No description.

Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessments

No description.

No description.

A public cloud security knowledgebase - https://www.secwiki.cloud/

No description.

This script can be used to gain access to a victim's Samsung Account if they have a specific version of Samsung Members installed on their Samsung Device, and if the victim's device is from the US or Korea region.

An example vulnerable app that integrates an LLM

Sniff and attack networks that use IP-in-IP or VXLAN encapsulation protocols.

No description.

No description.

No description.

A Burp extension to enable modification of FIX messages when relayed from MitM_Relay

No description.

No description.

No description.

Tools that can be used to interact with the KeyWe Smart Lock device.

Rust implementation of IceKube download functionality

No description.

No description.

No description.

No description.

No description.

No description.

No description.

No description.

PoC Code for Vulnerabilities Found in MEGAFEIS-branded Smart Locks & their Mobile Companion App: DBD+

No description.

No description.

PoC code for the LPE and RCE (CVE-2024-31903) attacks against the IBM Sterling B2B Integrator

A minimal chatbot application designed for testing multi-turn targets in Spikee. This tool provides a simple interface to interact with various LLM providers (OpenAI, Anthropic, Gemini, Bedrock, TogetherAI) to facilitate prompt injection and security testing workflows.

No description.

No description.

Scripts and other content to go with Aled Mehta's talk "Tag You're Exposed" at DEF CON Cloud Village 2023

No description.