kernel-exploit
There are 27 repositories under kernel-exploit topic.
hardenedlinux/linux-exploit-development-tutorial
a series tutorial for linux exploit development to newbie.
bcoles/kasld
Kernel Address Space Layout Derandomization (KASLD) - A collection of various techniques to infer the Linux kernel base virtual address as an unprivileged local user, for the purpose of bypassing Kernel Address Space Layout Randomization (KASLR).
kkent030315/anycall
x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration
kkent030315/evil-mhyprot-cli
A PoC for Mhyprot2.sys vulnerable driver that allowing read/write memory in kernel/user via unprivileged user process.
A2nkF/macOS-Kernel-Exploit
macOS Kernel Exploit for CVE-2019-8781.
Lazenca/Kernel-exploit-tech
Linux Kernel exploitation Tutorial.
RKX1209/kernel_exploit_world
Tutorial for writing kernel exploits
0xflux/Hells-Hollow
Hells Hollow Windows 11 Rootkit technique to Hook the SSDT via Alt Syscalls
kkent030315/anymapper
x64 Windows kernel driver mapper, inject unsigned driver using anycall
TuxSH/universal-otherapp
Userland -> Kernel11 -> Arm9 otherapp for 3DS system versions 1.0 to <= 11.15
kkent030315/MsIoExploit
Exploit MsIo vulnerable driver
A2nkF/unauthd
A local privilege escalation chain from user to kernel for MacOS < 10.15.5. CVE-2020–9854
V-i-x-x/win11-kernel-execution-syscall-hijack
Executing Kernel Routines via Syscall Table Hijack (Kernel Code Execution)
BullyWiiPlaza/tcpgecko
The Nintendo Wii U TCP Gecko Installer engine homebrew application for game modding and research
c3r34lk1ll3r/CVE-2017-5123
PoC CVE-2017-5123 - LPE - Bypassing SMEP/SMAP. No KASLR
JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201
Glass Cage is a zero-click PNG-based RCE chain in iOS 18.2.1, exploiting WebKit (CVE-2025-24201) and Core Media (CVE-2025-24085) to achieve sandbox escape, kernel-level access, and device bricking. Triggered via iMessage, it enables full compromise with no user interaction.
thieveshkar/Offensive-Security-Forensics-Portfolio
A portfolio demonstrating advanced blue and red team skills, including: SSH MFA implementation, Volatility-based memory forensics to detect code injection, Splunk threat hunting (BOTS v3), Wireshark C2 analysis, and kernel exploitation walkthroughs (LinPEAS, VulnHub).
kkent030315/libinject
A dll injector static library for Win x64 processes with handle elevation supported
n3rada/DirtyPipe
Working Dirty Pipe (CVE-2022-0847) exploit tool with root access and file overwrites.
vnescape/NT_el3vate
A Windows utility to elevate any process to nt authority\system using physical memory.
c3r34lk1ll3r/CVE-2017-11176
Code execution for CVE-2017-11176
dr4xp/sudo-chroot
Sudo Vulnerability Local PrivEsc (CVE-2025-32463) POC with Python
nuts7/kernsec
Kernsec is quick & dirty script to print kernel protections, useful informations of kernel exploitation/pwn in Kernel Land
pmihsan/Linux-Privilege-Escalation-Tools
Collection of Linux PrivEsc Tools
AgricareBot/Offensive-Security-Forensics-Portfolio
💻 Showcase practical cybersecurity skills in forensics, threat hunting, and penetration testing through this comprehensive ethical hacking portfolio.
DrAbdoEltbakh/Offensive-Security-Forensics-Portfolio
💻 Showcase forensic and cybersecurity skills through detailed reports on forensics, penetration testing, and threat hunting in ethical hacking.
Precault47/sudo-chroot
🔒 Exploit local privilege escalation vulnerabilities in sudo before 1.9.17p1 using the chroot option for enhanced security assessments.