0vercl0k

rp

rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM/ARM64 binaries.

wtf

wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows and Linux user-mode (experimental!).

CVE-2021-31166

Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.

stuffz

Basically a script thrift shop

CVE-2022-21971

PoC for CVE-2022-21971 "Windows Runtime Remote Code Execution Vulnerability"

windbg-scripts

A bunch of JavaScript extensions for WinDbg.

CVE-2021-24086

Proof of concept for CVE-2021-24086, a NULL dereference in tcpip.sys triggered remotely.

CVE-2021-28476

PoC for CVE-2021-28476 a guest-to-host "Hyper-V Remote Code Execution Vulnerability" in vmswitch.sys.

kdmp-parser

A Windows kernel dump C++ parser library with Python 3 bindings.

udmp-parser

A Cross-Platform C++ parser library for Windows user minidumps with Python 3 bindings.

symbolizer

A fast execution trace symbolizer for Windows.

zenith

Zenith exploits a memory corruption vulnerability in the NetUSB driver to get remote-code execution on the TP-Link Archer C7 V5 router for Pwn2Own Austin 2021.

rp-bf.rs

rp-bf: A library to bruteforce ROP gadgets by emulating a Windows user-mode crash-dump

snapshot

WinDbg extension written in Rust to dump the CPU / memory state of a running VM

paracosme

Paracosme is a zero-click remote memory corruption exploit that compromises ICONICS Genesis64 which was demonstrated successfully on stage during the Pwn2Own Miami 2022 competition.

fuzzing-ida75

Repository of the findings found by wtf when fuzzing IDA75.

CVE-2022-28281

PoC for CVE-2022-28281 a Mozilla Firefox Out of bounds write.

CVE-2022-21974

PoC for CVE-2022-21974 "Roaming Security Rights Management Services Remote Code Execution Vulnerability"

CVE-2021-32537

PoC for CVE-2021-32537: an out-of-bounds memory access that leads to pool corruption in the Windows kernel.

lockmem

This utility allows you to lock every available memory regions of an arbitrary process into its working set.

pwn2own2023-miami

Writeups, PoCs of the bugs I found while preparing for the Pwn2Own Miami 2023 contest targeting UaGateway from the OPC UA Server category.

udmp-parser-rs

A Rust crate for parsing Windows user minidumps.

inject

Yet another Windows DLL injector.

KEPaboo

Neutralize KEPServerEX anti-debugging techniques

kdmp-parser-rs

A KISS Rust crate to parse Windows kernel crash-dumps created by Windows & its debugger.

longue-vue

Longue vue is an exploit chain that can compromise over the internet NETGEAR DGND3700v2 devices.

teesee-calc

Visualize and compare total compensation (TC) packages over time.

0vercl0k

gflags-rs

Utility that lets you interact with Microsoft Windows Global Flags and particularly PageHeap, made to learn Rust

bochscpu