Windows Local Privilege EscalationWindows Local Privilege Escalation (LPE) that allows an attacker to achieve kernel memory space access from user-land, elevated processes, thus leading to a Admin-To-Kernel LPE vulnerability. Works by manipulating Windows Access Tokens and a specifically crafted input buffer to a IOCTL function.
Rust COFF LoaderCustom implementation of Cobalt Strike's beacon_inline_execute written in Rust. Explores COFF (Common Object File Format) and how it can be dynamically loaded using relocations in the loader's memory. Led to research project and presentation at Ekoparty 2023.
Game Hacking in RustDLL made in Rust as a fun project based on PwnAdventure3. Explores process memory hooking using detour and trampoline hooking, as well as reading structure pointers to achieve what's needed in the game.
CLR Hosting in RustNative Rust implementation of the CLR hosting interfaces, which is the Core Language Runtime used by .NET to load managed binaries in native processes. Allows .NET managed binaries to be loaded in Rust native processes.
Advanced Process InjectionTool made using modern C++ that abuses the Windows API to achieve Remote Process Injection based on DLL files. Circumvents common detections by not using common Windows API calls like LoadLibrary and CreateRemoteThread, instead using advanced techniques such as Dynamic Memory Mapping.
Microsoft Word subDoc InjectionTool made with Go that injects a hidden malicious subdoc field in Microsoft Word documents. Commonly used to steal NTLMv2 hashes by using the SMB protocol. Based on research into Microsoft Office exploitation techniques.
Desktop Automation ToolSoftware for automation and simulation of repetitive human tasks in Desktop environments. Developed with C++ using Windows API features and frameworks for better system integration.
Anti-Cheat BypassSoftware for bypassing security routines implemented in Valve Anti-Cheat (VAC). Techniques based on Remote Process Hook Hijacking, Memory Hacking and DLL Injection abusing the dynamic linking of Windows processes.
C2 Disruption ToolSolution used as a disruptive measure against C2 hosts using the popular NjRat malware. By abusing bugs and lack of secure connection implementation in NjRat, it's possible to launch an amplified Denial-of-Service (DoS) attack at the application layer.