..
Proof of Concepts
Example code for exploits and security techniques.
Exploits
- Coerce MS-FAX (Aug 12, 2022)
- Remotely coerce a machine account to authenticate via MS-FAX.
- MS08-67 (Jun 3, 2018)
- Stack overflow in a Windows service that leads to code execution.
- Warbird (Dec 13, 2017)
- Null pointer dereference in Windows that leads to code execution.
- Capcom (Nov 21, 2016)
- Device driver that allows direct code execution.
Security Techniques
- Perfect Loader (Sep 26, 2023)
- Load a dynamic library from memory by modifying the native Windows loader
- Fuse Loader (Sep 15, 2023)
- Load a dynamic library from memory using a fuse mount
- Unobfuscate SMS String (Feb 18, 2022)
- SCCM credential recovery for network access accounts.
- No Strings (Sep 28, 2021)
- String encryption at compile time. (blog)