..

Proof of Concepts

Example code for exploits and security techniques.

Exploits

• Coerce MS-FAX (Aug 12, 2022)
  • Remotely coerce a machine account to authenticate via MS-FAX.
• MS08-67 (Jun 3, 2018)
  • Stack overflow in a Windows service that leads to code execution.
• Warbird (Dec 13, 2017)
  • Null pointer dereference in Windows that leads to code execution.
• Capcom (Nov 21, 2016)
  • Device driver that allows direct code execution.

Security Techniques

• Perfect Loader (Sep 26, 2023)
  • Load a dynamic library from memory by modifying the native Windows loader
• Fuse Loader (Sep 15, 2023)
  • Load a dynamic library from memory using a fuse mount
• Unobfuscate SMS String (Feb 18, 2022)
  • SCCM credential recovery for network access accounts.
• No Strings (Sep 28, 2021)
  • String encryption at compile time. (blog)