Notselwyn /
CVE-2024-1086
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
Loading repository data…
rogerxiii / repository
Proof of concept on how to bypass some limitations of a manual mapped driver
When using a manual mapped driver, there are some limitations and detection vectors you will have to deal with. This proof of concept deals with 2 of them:
Having a thread which has a base address not in a valid module and registering notify routines where the callback is not in a valid module, which can trigger PatchGuard, depending on which routine.
Note that this has only been tested on Windows 10 version 2004 build 19041.450, you might need different structures for earlier/later versions.
We search for code caves in the .text section of valid driver modules, then we patch in a jump back to our manual mapped code.
We specifically search for CC bytes instead of simply 00 or 90, to make sure that the target module will not use the memory at a later point.
One more criteria for a valid code cave is that the sequence of CC bytes is prefixed by a return opcode.
In this proof of concept a thread is created and PsSetCreateProcessNotifyRoutineEx is called to register a callback.
One extra thing to note is that we also have to bypass the MmVerifyCallbackFunction check, which we do by directly changing the data table entry flags corresponding to the memory region.
After the thread has been created, the shellcode is immediately restored to prevent any integrity checks from catching the modifications.
Obviously, this won't work for the notify callback shellcode as this still gets executed regularly.
For more information, see this thread:
https://www.unknowncheats.me/forum/c-and-c-/415662-kernel-code-cave-poc.html
Selected from shared topics, language and repository description—not editorial ratings.
Notselwyn /
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
deepklarity /
A proof-of-concept jupyter extension which converts english queries into relevant python code
pwnall /
Proof of concept Android WebView implementation based on Chromium code
0xMarcio /
Latest CVEs with their Proof of Concept exploits.
lachlan2k /
Original Proof-of-Concepts for React2Shell CVE-2025-55182
timwr /
CVE-2016-5195 (dirtycow/dirtyc0w) proof of concept for Android