Hello, world 👋
If you made it all the way here, you might as well check out a few of my projects as well as where I blog
Browser exploitation
- CVE-2019-11708: Full chain for CVE-2019-11708 & CVE-2019-9810,
- CVE-2019-9810: RCE exploit for Firefox on Windows,
- Blazefox: Exploits for Firefox/Windows 10 RS5.
Windows related
- wtf: A distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows,
- windbg-scripts: A collection of JavaScript debugger extensions for WinDbg,
- kdmp-parser: A Windows kernel dump C++ parser with Python 3 bindings,
🔮 clairvoyance: Visualize the virtual address space of a Windows process on a Hilbert curve,- symbolizer: A fast execution trace symbolizer for Windows,
- sic: Enumerate user mode shared memory mappings on Windows,
- pywinhv: Toy Python bindings for the Microsoft Hypervisor Platform APIs,
- lockmem: Lock every available memory regions of an arbitrary process into its working set,
- CVE-2021-24086: PoC for CVE-2021-24086, a NULL dereference in tcpip.sys triggered remotely,
- CVE-2021-31166: PoC for CVE-2021-31166, a use-after-free in http.sys triggered remotely,
- CVE-2021-28476: PoC for CVE-2021-28476, a guest-to-host "Hyper-V Remote Code Execution Vulnerability",
- CVE-2021-32537: PoC for CVE-2021-32537, an out-of-bounds memory access that leads to pool corruption in the Windows kernel,
- Modern Debugging with WinDbg Preview: Workshop that @hugsy and I ran during Defcon 27.
Misc
- rp: a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM binaries.
- stuffz: My personal script thrift shop,
- z3-playground: A bunch of Z3-python scripts that can be used as examples, reminders, etc.
- Theorem prover, symbolic execution and practical reverse-engineering: Presentation I gave in Lille, France in 2015,
- teesee-calc: A simple web application that allows you to visualize and compare total compensation packages.