US/FR

Axel Souchet

Elite
@0vercl0k

rp. rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM/ARM64 binaries.

2.2k

wtf. wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows and Linux user-mode (experimental!).

1.8k

CVE-2021-31166. Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.

826

CVE-2019-11708. Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.

625

stuffz. Basically a script thrift shop

589

windbg-scripts. A bunch of JavaScript extensions for WinDbg.

367

clairvoyance. Visualize the virtual address space of a Windows process on a Hilbert curve.

310

CVE-2022-21971. PoC for CVE-2022-21971 "Windows Runtime Remote Code Execution Vulnerability"

301

z3-playground. A repository to store Z3-python scripts you can use as examples, reminders, whatever.

281

CVE-2021-24086. Proof of concept for CVE-2021-24086, a NULL dereference in tcpip.sys triggered remotely.

236

udmp-parser. A Cross-Platform C++ parser library for Windows user minidumps with Python 3 bindings.

231

CVE-2019-9810. Exploit for CVE-2019-9810 Firefox on Windows 64-bit.

227

CVE-2021-28476. PoC for CVE-2021-28476 a guest-to-host "Hyper-V Remote Code Execution Vulnerability" in vmswitch.sys.

226

kdmp-parser. A Windows kernel dump C++ parser library with Python 3 bindings.

211

blazefox. Blazefox exploits for Windows 10 RS5 64-bit.

150

snapshot. WinDbg extension written in Rust to dump the CPU / memory state of a running VM

139

sic. Enumerate user mode shared memory mappings on Windows.

134

zenith. Zenith exploits a memory corruption vulnerability in the NetUSB driver to get remote-code execution on the TP-Link Archer C7 V5 router for Pwn2Own Austin 2021.

131

symbolizer. A fast execution trace symbolizer for Windows.

131

rp-bf.rs. rp-bf: A library to bruteforce ROP gadgets by emulating a Windows user-mode crash-dump

121

ollydbg2-python. Scripting OllyDBG2 using Python is now possible!

113

symbolizer-rs. A fast execution trace symbolizer for Windows that runs on all major platforms and doesn't depend on any Microsoft libraries.

110

paracosme. Paracosme is a zero-click remote memory corruption exploit that compromises ICONICS Genesis64 which was demonstrated successfully on stage during the Pwn2Own Miami 2022 competition.

90

fuzzing-ida75. Repository of the findings found by wtf when fuzzing IDA75.

84

pywinhv. Python bindings for the Microsoft Hypervisor Platform APIs.

80

CVE-2022-28281. PoC for CVE-2022-28281 a Mozilla Firefox Out of bounds write.

73

lockmem. This utility allows you to lock every available memory regions of an arbitrary process into its working set.

71

pwn2own2023-miami. Writeups, PoCs of the bugs I found while preparing for the Pwn2Own Miami 2023 contest targeting UaGateway from the OPC UA Server category.

62

CVE-2022-21974. PoC for CVE-2022-21974 "Roaming Security Rights Management Services Remote Code Execution Vulnerability"

57

CVE-2021-32537. PoC for CVE-2021-32537: an out-of-bounds memory access that leads to pool corruption in the Windows kernel.

55

kdmp-parser-rs. A KISS Rust crate to parse Windows kernel crash-dumps created by Windows & its debugger.

49

udmp-parser-rs. A Rust crate for parsing Windows user minidumps.

41

inject. Yet another Windows DLL injector.

39

j0llyDmpr. j0llydmper is a windows service that allows you to dump furtively and automaticaly some contents of USB disks just plugged in your computer. In order to dump potentialy interesting files, you can use a rule on the file name or/and on the file size.

39

KEPaboo. Neutralize KEPServerEX anti-debugging techniques

33

longue-vue. Longue vue is an exploit chain that can compromise over the internet NETGEAR DGND3700v2 devices.

26

TV-Show-Downloader. Maybe you're a guy a bit like me -- who watch a lot of series -- so I guess you already know that downloading the latest episodes of all your favorites TV Shows is absolutely PAINFUL. I mean it, really. Thus, TVShow Downloader is a set of basic scripts (crontab + python script + bash script) designed to simplify my whole existence on this earth: I haven't to think about downloading my serie anymore \o/.

21

dbgeng-rs. Rust binding for the dbgeng COM interfaces.

14

teesee-calc. Visualize and compare total compensation (TC) packages over time.

14

articles. Mirror of the different PDF articles I wrote

10

addr-symbolizer-rs. A KISS Rust crate to symbolize function addresses using Windows PDB files

9

ReflectiveDLLInjection. Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.

9

0vercl0k.

6

gflags-rs. Utility that lets you interact with Microsoft Windows Global Flags and particularly PageHeap, made to learn Rust

5

qemu-libafl-bridge. A patched QEMU that exposes an interface for LibAFL-based fuzzers

4
45
Apply