Pinned Repositories
ACL_Edit
Assembly code to use for Windows kernel shellcode to edit winlogon.exe ACL
Babuska-Dolls
BHUSA2017
Content from presentation at BHUSA 2017
Bypassing_CFG_SEH
Using SEH to bypass CFG
DataOnlyShellcode
LoadLibrary-CFG-Bypass
Control Flow Guard bypass using LoadLibrary and IsBadCodePtr
RtlCaptureContext-CFG-Bypass
Internet Explorer Exploit with CFG bypass for Windows 10
tagWnd-Hardening-Bypass
Bypass for the hardening against usage of tagWnd as a kernel read/write primitive
Token-Stealing-Shellcode
Windows-Write-Execute
Find subfolders in the Windows folder which have bad ACL and allow write and execute
MortenSchenk's Repositories
MortenSchenk/BHUSA2017
Content from presentation at BHUSA 2017
MortenSchenk/RtlCaptureContext-CFG-Bypass
Internet Explorer Exploit with CFG bypass for Windows 10
MortenSchenk/Token-Stealing-Shellcode
MortenSchenk/LoadLibrary-CFG-Bypass
Control Flow Guard bypass using LoadLibrary and IsBadCodePtr
MortenSchenk/Bypassing_CFG_SEH
Using SEH to bypass CFG
MortenSchenk/tagWnd-Hardening-Bypass
Bypass for the hardening against usage of tagWnd as a kernel read/write primitive
MortenSchenk/Babuska-Dolls
MortenSchenk/DataOnlyShellcode
MortenSchenk/Windows-Write-Execute
Find subfolders in the Windows folder which have bad ACL and allow write and execute
MortenSchenk/ACL_Edit
Assembly code to use for Windows kernel shellcode to edit winlogon.exe ACL
MortenSchenk/Privilege_Shellcode
Kernel Shellcode to add all privileges in token
MortenSchenk/ACL-nuller
Assembly to NULL ACL on Windows 8.1 x64
MortenSchenk/ACL_null
Assembly code to NULL ACL of winlogon.exe for Windows 8.1 x64
MortenSchenk/ReflectiveDLLScanner
Scans for reflective DLL injected code