- Forcefully load unsigned drivers
- Hide kernel debugging state
- Load DLL into usermode process (
LoadLibrary
& manual mapping loader) - Spawn usermode process
- Dump disk encryption private key (LUKS & BitLocker)
- Bypass windows login screen
- Fault trigger (command to raise a page fault for the bounds of any usermode process)