ucsb-seclab / popkorn-artifactView external linksLinks
☆86Aug 16, 2025Updated 6 months ago
Alternatives and similar repositories for popkorn-artifact
Users that are interested in popkorn-artifact are comparing it to the libraries listed below
Sorting:
- This repo contains EXPs about Vulnerable Windows Driver☆47May 22, 2024Updated last year
- A tool that is used to hunt vulnerabilities in x64 WDM drivers☆435Dec 7, 2025Updated 2 months ago
- An adaptation of timwhitez's proxycall that uses kernelbase.dll!Beep.☆16Nov 1, 2023Updated 2 years ago
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆27Sep 15, 2023Updated 2 years ago
- Vulnerable driver research tool, result and exploit PoCs☆228Nov 1, 2023Updated 2 years ago
- Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions☆53Dec 21, 2021Updated 4 years ago
- Finds imports that could be exploited, still requires manual analysis.☆29Nov 9, 2022Updated 3 years ago
- PoCs for Kernelmode rootkit techniques research.☆429Nov 4, 2025Updated 3 months ago
- ☆78Oct 18, 2022Updated 3 years ago
- A CIA tradecraft technique to asynchronously detect when a process is created using WMI.☆137Feb 2, 2026Updated 2 weeks ago
- ☆149Jan 25, 2024Updated 2 years ago
- Classic Process Injection with Memory Evasion Techniques implemantation☆72Oct 28, 2023Updated 2 years ago
- A mechanism that trampoline hooks functions in x86/x64 systems.☆21Oct 9, 2024Updated last year
- msFuzz is a coverage-guided fuzzer for Windows kernel drivers that utilizes Intel PT and leverages constraint and dependency analysis to …☆217Dec 24, 2025Updated last month
- Windows Thread Pool Injection Havoc Implementation☆33Mar 23, 2024Updated last year
- Quick python script to replace the NtAPI functions within SysWhispers' assembly and header files with random strings☆28May 30, 2022Updated 3 years ago
- Admin to Kernel code execution using the KSecDD driver☆264Apr 19, 2024Updated last year
- Volatility 3 plugins to extract a module as complete as possible☆12Jun 13, 2023Updated 2 years ago
- LPE of CVE-2024-26230☆23Sep 1, 2024Updated last year
- Supporting PoCs and scripts for my talk "OverLAPS: Overriding LAPS Logic"☆22Oct 12, 2025Updated 4 months ago
- ☆12Aug 10, 2019Updated 6 years ago
- CloudFlare Worker Shell☆14Aug 29, 2020Updated 5 years ago
- A simple PoC to invoke an encrypted shellcode by using an hidden call☆116Nov 19, 2022Updated 3 years ago
- A remote unauthenticated DOS POC exploit that targets the authentication implementation of Havoc.☆36Nov 16, 2023Updated 2 years ago
- ☆125Sep 5, 2024Updated last year
- Snapshot-based coverage-guided windows kernel fuzzer☆323Dec 16, 2021Updated 4 years ago
- PoC module to demonstrate automated lateral movement with the Havoc C2 framework.☆307Dec 9, 2023Updated 2 years ago
- ☆61Oct 24, 2025Updated 3 months ago
- Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post☆130Jan 14, 2023Updated 3 years ago
- ☆13Dec 29, 2022Updated 3 years ago
- PatchFuzz: Fuzzing for JavaScript Engine Incomplete Security Patches☆19Dec 17, 2025Updated 2 months ago
- ☆15Feb 9, 2022Updated 4 years ago
- A JXA script for enumerating running processes, printed out in a json, parent-child tree.☆14Jan 28, 2022Updated 4 years ago
- Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution☆42Oct 11, 2025Updated 4 months ago
- WTSRM☆216Aug 7, 2022Updated 3 years ago
- Sleep obfuscation☆267Dec 13, 2024Updated last year
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆408Jan 11, 2026Updated last month
- ☆42Jun 23, 2024Updated last year
- BoltWire v6.03 vulnerable to "Improper Access Control"☆13Oct 31, 2023Updated 2 years ago