DllNotificationInjection - A POC Of A New "Threadless" Process Injection Technique That Works By Utilizing The Concept Of DLL Notification Callbacks In Local And Remote Processes

DllNotificationInection is a POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes. An accompanying blog post with more details is available here: https://shorsec.io/blog/dll-notification-injection/ Ho...

ProcessStomping - A Variation Of ProcessOverwriting To Execute Shellcode On An Executable'S Section

A variation of ProcessOverwriting to execute shellcode on an executable's section What is it For a more detailed explanation you can read my blog post Process Stomping, is a variation of hasherezade’s Process Overwriting and it has the advantage of writing a shellcode payload on a targeted sectio...

cThreadHijack - Beacon Object File (BOF) For Remote Process Injection Via Thread Hijacking

. . . \ /| | | / | || || | | / | | | | \ / \ \ / / \ | | \ \ / | |/ / \ | | | Y \ | /\ / / / // \ Y / | | |/ \ | | || /| \ /\ || /|/| /\ | \ / / / / / / | / / / Beacon Object File BOF for remote process injection, via thread hijacking, without spawning a remote thread...

Microsoft Edge - OpenProcess() ACG Bypass Exploit

Exploit for windows platform in category dos / poc Each Edge Content process MicrosoftEdgeCP.exe needs to call SetProcessMitigationPolicy on itself to enable ACG. The callstack when this happens is: 00 KERNELBASE!SetProcessMitigationPolicy 01 MicrosoftEdgeCP!SetProcessDynamicCodePolicy+0xc0 02...

Microsoft Edge - OpenProcess() ACG Bypass

Microsoft Edge - OpenProcess ACG Bypass Each Edge Content process MicrosoftEdgeCP.exe needs to call SetProcessMitigationPolicy on itself to enable ACG. The callstack when this happens is: 00 KERNELBASE!SetProcessMitigationPolicy 01 MicrosoftEdgeCP!SetProcessDynamicCodePolicy+0xc0 02...

Microsoft Edge - 'OpenProcess()' ACG Bypass

Each Edge Content process MicrosoftEdgeCP.exe needs to call SetProcessMitigationPolicy on itself to enable ACG. The callstack when this happens is: 00 KERNELBASE!SetProcessMitigationPolicy 01 MicrosoftEdgeCP!SetProcessDynamicCodePolicy+0xc0 02 MicrosoftEdgeCP!StartContentProcessExe+0x164 03...

NoMachine < 6.0.80 (x64) - 'nxfuse' Privilege Escalation

from ctypes import from ctypes.wintypes import import struct import sys import os MEMCOMMIT = 0x00001000 MEMRESERVE = 0x00002000 PAGEEXECUTEREADWRITE = 0x00000040 GENERICREAD = 0x80000000 GENERICWRITE = 0x40000000 OPENEXISTING = 0x3 STATUSINVALIDHANDLE = 0xC0000008 shellcodelen = 90 s = “” s +=...

XGI Windows VGA Display Manager 6.14.10.1090 - Arbitrary Write PoC

Exploit for windows platform in category dos / poc Title: XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2015-004.txt 1. Vulnerability Details Affected Vendor: Silicon Integrated Systems Corporation...

VUPlayer-2.49---(.m3u)

VUPlayer 2.49 .M3u Universal buffer overflow exploit w/ DEP bypass Author: mrme Download: http://vuplayer.com/ Tested on Wind0ws XP SP3 /noexecute=alwayson sc = "\x89\xe1\xd9\xee\xd9\x71\xf4\x58\x50\x59\x49\x49\x49\x49" "\x43\x43\x43\x43\x43\x43\x51\x5a\x56\x54\x58\x33\x30\x56"...

Windows-NDPROXY-SYSTEM

Original crash ... null pointer dereference Access violation - code c0000005 !!! second chance !!! 00000038 ?? ??? NDPROXY Local SYSTEM privilege escalation from ctypes import from ctypes.wintypes import import os, sys kernel32 = windll.kernel32 ntdll = windll.ntdll GENERICREAD = 0x80000000...

VUPlayer <= 2.49 - (.m3u) Universal Buffer Overflow Exploit (DEP bypass)

No description provided by source. !/usr/bin/env python VUPlayer =2.49 .M3u Universal buffer overflow exploit w/ DEP bypass Author: mrme Download: http://vuplayer.com/ Tested on Wind0ws XP SP3 /noexecute=alwayson Greetz: Corelan Security Team...

VUPlayer 2.49 - &#039;.m3u&#039; File Universal Buffer Overflow (DEP Bypass) (1)

!/usr/bin/env python VUPlayer =2.49 .M3u Universal buffer overflow exploit w/ DEP bypass Author: mrme Download: http://vuplayer.com/ Tested on Wind0ws XP SP3 /noexecute=alwayson Greetz: Corelan Security Team http://www.corelan.be:8800/index.php/security/corelan-team-members/ DEP AlwaysOn bypass...

Published some of Ring3 at the end of the process of skill-vulnerability warning-the black bar safety net

In response to the XHR call, in 2 0 0 8 年 5 月 5, re-finishing, and some new skills. 2 0 0 8 years 7 months 1 3 to increase a skill. All of OpenProcess/ZwOpenProcess/OpenThread/ZwOpenThread can replace the ZwQuerySystemInformation-ZwOpenProcess-ZwDuplicateObject it. Specific is why your own...