Skip to content
View nth347's full-sized avatar
🐒
Working from home
🐒
Working from home
53 followers · 105 following

Achievements

Achievement: Pull SharkAchievement: Starstruck

Achievements

Achievement: Pull SharkAchievement: Starstruck

Block or report nth347

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
nth347/README.md

👋 Hi there, I'm Hưng (nth347)

💻 Offensive Security | Application Security | Security Research

💣 Offensive Security

  • Offensive Security Program Development
  • Red Team Operations & Adversary Simulation
  • Custom Malware & Offensive Tooling Development
  • AV/EDR Evasions, In-Memory Execution
  • Hybrid AD/Azure Compromise
  • Executive Reporting & Stakeholder Briefing

🛡️ Application Security

  • Application Security Engineering
  • Review/Pentest Web, API & Mobile
  • Security Threat Modeling
  • DevSecOps Design
  • Security Control Engineering
  • Secure Coding Standards & Developer Training Program

🔬 Security Research

  • Java-specific Vulnerabilities
  • 1-day Analysis

💻 Technologies

  • Programming Languages: C/C++, C#/.NET, Java, PHP, Python, Rust, Golang
  • Scripting Languages: Bash, PowerShell

🐞 CVEs

🧩 Contributions

🏆 Certifications

Popular repositories Loading

  1. CVE-2021-3129_exploit CVE-2021-3129_exploit Public

    Exploit for CVE-2021-3129

    Python 68 26

  2. Zimbra-RCE-exploit Zimbra-RCE-exploit Public

    RCE exploit for attack chain in "A Saga of Code Executions on Zimbra" post

    Python 36 5

  3. Java-SSTI-demo Java-SSTI-demo Public

    Java SSTI vulnerability demos based on Spring Boot and various template engines (Thymeleaf, FreeMarker, Velocity)

    Java 5

  4. CVE-2018-20148_exploit CVE-2018-20148_exploit Public

    Exploit for CVE-2018-20148 - WordPress PHAR deserialization via XMLRPC

    Python 4 2

  5. CVE-2020-28032_PoC CVE-2020-28032_PoC Public

    PoC for CVE-2020-28032 (It's just a POP chain in WordPress < 5.5.2 for exploiting PHP Object Injection)

    PHP 4 2

  6. CVE-2019-9081_PoC CVE-2019-9081_PoC Public

    PoC for CVE-2019-9081

    PHP 1 2