This is your work, valued
rp. rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM/ARM64 binaries.
2.2kwtf. wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows and Linux user-mode (experimental!).
1.8kCVE-2021-31166. Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.
826CVE-2019-11708. Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.
625stuffz. Basically a script thrift shop
589windbg-scripts. A bunch of JavaScript extensions for WinDbg.
367clairvoyance. Visualize the virtual address space of a Windows process on a Hilbert curve.
310CVE-2022-21971. PoC for CVE-2022-21971 "Windows Runtime Remote Code Execution Vulnerability"
301z3-playground. A repository to store Z3-python scripts you can use as examples, reminders, whatever.
281CVE-2021-24086. Proof of concept for CVE-2021-24086, a NULL dereference in tcpip.sys triggered remotely.
236udmp-parser. A Cross-Platform C++ parser library for Windows user minidumps with Python 3 bindings.
231CVE-2019-9810. Exploit for CVE-2019-9810 Firefox on Windows 64-bit.
227CVE-2021-28476. PoC for CVE-2021-28476 a guest-to-host "Hyper-V Remote Code Execution Vulnerability" in vmswitch.sys.
226kdmp-parser. A Windows kernel dump C++ parser library with Python 3 bindings.
211blazefox. Blazefox exploits for Windows 10 RS5 64-bit.
150snapshot. WinDbg extension written in Rust to dump the CPU / memory state of a running VM
139sic. Enumerate user mode shared memory mappings on Windows.
134zenith. Zenith exploits a memory corruption vulnerability in the NetUSB driver to get remote-code execution on the TP-Link Archer C7 V5 router for Pwn2Own Austin 2021.
131symbolizer. A fast execution trace symbolizer for Windows.
131rp-bf.rs. rp-bf: A library to bruteforce ROP gadgets by emulating a Windows user-mode crash-dump
121ollydbg2-python. Scripting OllyDBG2 using Python is now possible!
113symbolizer-rs. A fast execution trace symbolizer for Windows that runs on all major platforms and doesn't depend on any Microsoft libraries.
110paracosme. Paracosme is a zero-click remote memory corruption exploit that compromises ICONICS Genesis64 which was demonstrated successfully on stage during the Pwn2Own Miami 2022 competition.
90fuzzing-ida75. Repository of the findings found by wtf when fuzzing IDA75.
84pywinhv. Python bindings for the Microsoft Hypervisor Platform APIs.
80CVE-2022-28281. PoC for CVE-2022-28281 a Mozilla Firefox Out of bounds write.
73lockmem. This utility allows you to lock every available memory regions of an arbitrary process into its working set.
71pwn2own2023-miami. Writeups, PoCs of the bugs I found while preparing for the Pwn2Own Miami 2023 contest targeting UaGateway from the OPC UA Server category.
62CVE-2022-21974. PoC for CVE-2022-21974 "Roaming Security Rights Management Services Remote Code Execution Vulnerability"
57CVE-2021-32537. PoC for CVE-2021-32537: an out-of-bounds memory access that leads to pool corruption in the Windows kernel.
55kdmp-parser-rs. A KISS Rust crate to parse Windows kernel crash-dumps created by Windows & its debugger.
49udmp-parser-rs. A Rust crate for parsing Windows user minidumps.
41inject. Yet another Windows DLL injector.
39j0llyDmpr. j0llydmper is a windows service that allows you to dump furtively and automaticaly some contents of USB disks just plugged in your computer. In order to dump potentialy interesting files, you can use a rule on the file name or/and on the file size.
39KEPaboo. Neutralize KEPServerEX anti-debugging techniques
33longue-vue. Longue vue is an exploit chain that can compromise over the internet NETGEAR DGND3700v2 devices.
26TV-Show-Downloader. Maybe you're a guy a bit like me -- who watch a lot of series -- so I guess you already know that downloading the latest episodes of all your favorites TV Shows is absolutely PAINFUL. I mean it, really. Thus, TVShow Downloader is a set of basic scripts (crontab + python script + bash script) designed to simplify my whole existence on this earth: I haven't to think about downloading my serie anymore \o/.
21dbgeng-rs. Rust binding for the dbgeng COM interfaces.
14teesee-calc. Visualize and compare total compensation (TC) packages over time.
14articles. Mirror of the different PDF articles I wrote
10addr-symbolizer-rs. A KISS Rust crate to symbolize function addresses using Windows PDB files
9ReflectiveDLLInjection. Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.
90vercl0k.
6gflags-rs. Utility that lets you interact with Microsoft Windows Global Flags and particularly PageHeap, made to learn Rust
5qemu-libafl-bridge. A patched QEMU that exposes an interface for LibAFL-based fuzzers
4