..

Proof of Concepts

Example code for exploits and security techniques.

Exploits

• ChangeMachinePassword (May 15, 2024)
  • Arbitrary pointer dereference in LSASS.
• MSRC-VULN-114840 (Dec 5, 2023)
  • Arbitrary pointer dereference in LSASS.
• MSRC-VULN-114839 (Dec 5, 2023)
  • Arbitrary pointer dereference in LSASS.
• CVE-2024-26209 (Mar 17, 2023)
  • Memory leak in LSASS.
• Coerce MS-FAX (Aug 12, 2022)
  • Remotely coerce a machine account to authenticate via MS-FAX.
• MS08-67 (Jun 3, 2018)
  • Stack overflow in a Windows service that leads to code execution.
• Warbird (Dec 13, 2017)
  • Null pointer dereference in Windows that leads to code execution.
• Capcom (Nov 21, 2016)
  • Device driver that allows direct code execution.

Security Techniques

• Exec Remote Process with an Impersonation Token (May 22, 2024)
  • Examples of using an impersonation token instead of explicit credentials to create a process on a remote host via DCOM and MS-WMI.
• LSA Whisperer (Apr 17, 2024)
  • Tools for interacting with authentication packages using their individual message protocols. (blog Medium/GitHub) (docs)
• Unlock Loader (Oct 19, 2023)
  • Example code that may be used in DllMain to unlock the loader lock.
• Perfect Loader (Sep 26, 2023)
  • Load a dynamic library from memory by modifying the native Windows loader. (blog Medium/GitHub)
• Fuse Loader (Sep 15, 2023)
  • Load a dynamic library from memory using a fuse mount. (blog Medium/GitHub)
• FMAPI Check Bypass (Jul 10, 2023)
  • An example bypass of FMAPI’s MiniNT check using a registry transaction.
• Unobfuscate SMS String (Feb 18, 2022)
  • SCCM credential recovery for network access accounts.
• No Strings (Sep 28, 2021)
  • String encryption at compile time. (blog)