This is your work, valued
OSCP,OSEP,CRTO,CRTP,CRTE,PACES
DFSCoerce. Python
841CVE-2023-21752. C++
325CVE-2025-48799. C++
266CVE-2023-36874. C++
243IDiagnosticProfileUAC. C++
184SysmonEoP. C
181CVE-2023-29343. C
162GamingServiceEoP. C++
150CVE-2024-20656. C++
136IFaultrepElevatedDataCollectionUAC. C++
130CVE-2023-20178. C++
89DiagTrackEoP. C
88UserManagerEoP. C++
81CVE-2023-36723. C++
67Random. Random
34ZoneAlarmLPE. Exploit for LPE in ZoneAlarm Antivirus/Firewall
31GamingServiceEoP5. C++
30MSIExecEoP. Arbitrary File Delete in Windows Installer before 10.0.19045.2193
30RazerEoP. C++
29CVE-2022-3368. C
29ZoneAlarmEoP. Exploit for Arbitrary File Move vulnerability in ZoneAlarm AV
26PICDumper. C
26NtCreateToken. C++
10VSSCopy. Small and dirty PoC for CVE-2021-36934
8SQLEnum. Small tool for basic SQL Server enumeration in Active Directory Environment
8LpksetupUAC. C++
7VSSTrigger. Python
6CVE-2025-60710. C++
5UserManager_Read. C++
4KExecDD. Admin to Kernel code execution using the KSecDD driver
3binary-explotation. Python
2Wh04m1001.
2wmiexec-Pro. New generation of wmiexec.py
2RasmanPotato. Abuse Impersonate Privilege from Service to SYSTEM like other potatoes do
2CS-Remote-OPs-BOF. C
1NamedPipePTH. Pass the Hash to a named pipe for token Impersonation
1pen_300_osep_prep. Preparation guide for Offensive Security's PEN-300 course and OSEP certification exam
1PrivFu. Kernel mode WinDbg extension and PoCs for token privilege investigation.
1Responder. Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
1BloodHound.py. A Python based ingestor for BloodHound
1CVE-2023-28229. C
1