hakaioffsec / CVE-2024-21338
Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.
☆275Updated 5 months ago
Related projects: ⓘ
- CWE-781: Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code☆310Updated 2 months ago
- ☆203Updated last month
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆227Updated 3 months ago
- CPP AV/EDR Killer☆329Updated 9 months ago
- Oracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability☆211Updated 4 months ago
- Process injection alternative☆275Updated 2 weeks ago
- Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver☆228Updated 2 months ago
- ☆290Updated 2 years ago
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆259Updated 5 months ago
- not a reverse-engineered version of the Cobalt Strike Beacon☆326Updated 5 months ago
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆269Updated last month
- ☆233Updated last year
- ☆169Updated last year
- DeadPotato is a windows privilege escalation utility from the Potato family of exploits, leveraging the SeImpersonate right to obtain SYS…☆302Updated last month
- Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.☆373Updated last year
- Bypassing UAC with SSPI Datagram Contexts☆335Updated 11 months ago
- Use hardware breakpoint to dynamically change SSN in run-time☆227Updated 5 months ago
- micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.☆147Updated last month
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆439Updated 3 months ago
- Reflective DLL Injection Made Bella☆170Updated last week
- ☆242Updated 7 months ago
- UAC Bypass By Abusing Kerberos Tickets☆469Updated last year
- LPE exploit for CVE-2023-36802☆156Updated 11 months ago
- ☆98Updated last month
- RCE exploit for CVE-2023-3519☆218Updated last year
- LPE exploit for CVE-2023-21768☆473Updated last year
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆387Updated 7 months ago
- Exploit for CVE-2023-29360 targeting MSKSSRV.SYS driver☆136Updated 11 months ago
- PoCs for Kernelmode rootkit techniques research.☆333Updated 2 weeks ago
- shellcode loader for your evasion needs☆257Updated 3 months ago