LPE / RCE Exploits for various vulnerable "Bloatware" products
☆86Aug 5, 2025Updated 7 months ago
Alternatives and similar repositories for bloatware-pwn
Users that are interested in bloatware-pwn are comparing it to the libraries listed below
Sorting:
- ForsHops☆59Mar 25, 2025Updated 11 months ago
- Repository for the DEF CON 33 talk: Kill Chain Reloaded☆80Aug 3, 2025Updated 7 months ago
- ☆63May 31, 2024Updated last year
- Position-independent Reflective Loader for macOS☆119Feb 19, 2026Updated 2 weeks ago
- Cobalt Strike Beacon Object File to to change the user's desktop wallpaper☆17Sep 15, 2023Updated 2 years ago
- A cmake template for crystal palace☆39Dec 20, 2025Updated 2 months ago
- RPC to WebClient startup☆55Aug 19, 2025Updated 6 months ago
- A simple POC to show how to chain multiple callbacks via tail calls to artificially construct a call stack☆99Dec 22, 2025Updated 2 months ago
- A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes.☆261Sep 23, 2025Updated 5 months ago
- Mentally ill EtwTi parser☆68Jan 11, 2026Updated last month
- Rust crate to obfuscate strings and byte arrays so they are not in memory when not in use.☆19Mar 2, 2026Updated last week
- A set of programs for analyzing common vulnerabilities in COM☆249Sep 8, 2024Updated last year
- An interactive TUI tool to create Brute Ratel C4 profiles based on BURP browsing data.☆31May 23, 2025Updated 9 months ago
- adws enumeration bof☆169Feb 16, 2026Updated 3 weeks ago
- ☆59Feb 19, 2026Updated 2 weeks ago
- Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover☆86Oct 20, 2025Updated 4 months ago
- ☆113Oct 10, 2022Updated 3 years ago
- Python3 implementation of ADRecon with support for NTLM and Kerberos authentication querying LDAP. Generates individual CSV files and a s…☆55Feb 23, 2026Updated 2 weeks ago
- AppLocker-Based EDR Neutralization☆323Dec 19, 2025Updated 2 months ago
- Cobalt Strike UDC2 implementation that provides an Slack C2 channel☆63Jan 5, 2026Updated 2 months ago
- Internal Monologue BOF☆79Dec 28, 2024Updated last year
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆382Dec 13, 2024Updated last year
- Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domai…☆275Dec 27, 2024Updated last year
- Fast service fingerprinting CLI for 120+ protocols (TCP/UDP/SCTP) - built by Praetorian☆174Updated this week
- Playing with packets in C#☆15Aug 16, 2024Updated last year
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆345Nov 19, 2024Updated last year
- ECC Public Key Cryptography☆37Oct 29, 2023Updated 2 years ago
- A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass☆167Sep 22, 2025Updated 5 months ago
- A way to maintain long-term access to Windows LAPS for lateral movement in AD via installing an Offensive LAPS RPC backdoor on a DC.☆29Jun 9, 2025Updated 9 months ago
- Scripts to interact with Microsoft Graph APIs☆44Nov 7, 2024Updated last year
- Proof of Concepts code for Bring Your Own Vulnerable Driver techniques☆211Aug 21, 2025Updated 6 months ago
- Lateral Movement via the .NET Profiler☆100Nov 21, 2024Updated last year
- TypeLib persistence technique☆140Oct 22, 2024Updated last year
- An App Domain Manager Injection DLL PoC on steroids☆212Dec 14, 2023Updated 2 years ago
- Windows protocol library, including SMB and RPC implementations, among others.☆674Jan 21, 2026Updated last month
- Step-by-step documentation on how to decrypt SCCM database secrets offline☆50Oct 20, 2025Updated 4 months ago
- ☆86Jan 21, 2025Updated last year
- Just another C2 Redirector using CloudFlare. Support multiple C2 and multiple domains. Support for websocket listener.☆186Mar 14, 2025Updated 11 months ago
- Hide your P/Invoke signatures through other people's signed assemblies☆211Mar 10, 2024Updated last year