☆90Aug 16, 2025Updated 6 months ago
Alternatives and similar repositories for popkorn-artifact
Users that are interested in popkorn-artifact are comparing it to the libraries listed below
Sorting:
- This repo contains EXPs about Vulnerable Windows Driver☆47May 22, 2024Updated last year
- A tool that is used to hunt vulnerabilities in x64 WDM drivers☆441Dec 7, 2025Updated 3 months ago
- An adaptation of timwhitez's proxycall that uses kernelbase.dll!Beep.☆16Nov 1, 2023Updated 2 years ago
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆27Sep 15, 2023Updated 2 years ago
- Vulnerable driver research tool, result and exploit PoCs☆229Nov 1, 2023Updated 2 years ago
- A CIA tradecraft technique to asynchronously detect when a process is created using WMI.☆138Feb 2, 2026Updated last month
- Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions☆53Dec 21, 2021Updated 4 years ago
- A mechanism that trampoline hooks functions in x86/x64 systems.☆21Oct 9, 2024Updated last year
- Finds imports that could be exploited, still requires manual analysis.☆29Nov 9, 2022Updated 3 years ago
- PoCs for Kernelmode rootkit techniques research.☆435Nov 4, 2025Updated 4 months ago
- ☆78Oct 18, 2022Updated 3 years ago
- ☆149Jan 25, 2024Updated 2 years ago
- Classic Process Injection with Memory Evasion Techniques implemantation☆73Oct 28, 2023Updated 2 years ago
- msFuzz is a coverage-guided fuzzer for Windows kernel drivers that utilizes Intel PT and leverages constraint and dependency analysis to …☆218Dec 24, 2025Updated 2 months ago
- Quick python script to replace the NtAPI functions within SysWhispers' assembly and header files with random strings☆28May 30, 2022Updated 3 years ago
- Windows Thread Pool Injection Havoc Implementation☆33Mar 23, 2024Updated last year
- Admin to Kernel code execution using the KSecDD driver☆264Apr 19, 2024Updated last year
- LPE of CVE-2024-26230☆23Sep 1, 2024Updated last year
- PoC module to demonstrate automated lateral movement with the Havoc C2 framework.☆308Dec 9, 2023Updated 2 years ago
- CloudFlare Worker Shell☆14Aug 29, 2020Updated 5 years ago
- ☆12Aug 10, 2019Updated 6 years ago
- Supporting PoCs and scripts for my talk "OverLAPS: Overriding LAPS Logic"☆22Oct 12, 2025Updated 4 months ago
- A simple PoC to invoke an encrypted shellcode by using an hidden call☆116Nov 19, 2022Updated 3 years ago
- Automated (kinda) deployment of MalRDP infrastructure with Terraform & Ansible☆12Sep 15, 2023Updated 2 years ago
- POC exploit for CVE-2025-21333 heap-based buffer overflow. It leverages WNF state data and I/O ring IOP_MC_BUFFER_ENTRY☆228Apr 12, 2025Updated 10 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆411Jan 11, 2026Updated last month
- My implementation of the GIUDA project in C++☆189Jul 25, 2023Updated 2 years ago
- ☆101Oct 7, 2023Updated 2 years ago
- ☆123Oct 9, 2023Updated 2 years ago
- freeBokuLoader fork which targets and frees Metsrv's initial reflective DLL package☆35Mar 28, 2023Updated 2 years ago
- ☆125Sep 5, 2024Updated last year
- Snapshot-based coverage-guided windows kernel fuzzer☆325Dec 16, 2021Updated 4 years ago
- ☆61Oct 24, 2025Updated 4 months ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆360Aug 11, 2024Updated last year
- A remote unauthenticated DOS POC exploit that targets the authentication implementation of Havoc.☆37Nov 16, 2023Updated 2 years ago
- Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post☆130Jan 14, 2023Updated 3 years ago
- A JXA script for enumerating running processes, printed out in a json, parent-child tree.☆14Jan 28, 2022Updated 4 years ago
- PatchFuzz: Fuzzing for JavaScript Engine Incomplete Security Patches☆19Dec 17, 2025Updated 2 months ago
- ☆13Dec 29, 2022Updated 3 years ago