• Stars
    star
    130
  • Rank 277,575 (Top 6 %)
  • Language
    C#
  • License
    GNU General Publi...
  • Created over 7 years ago
  • Updated over 7 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A repository of some of my Windows 10 Device Guard Bypasses
Windows 10 Device Guard Bypasses
(c) 2017 James Forshaw

This solution contains some of my UMCI/Device Guard bypasses. They're
are designed to allow you to analyze a system, such as Windows 10 S
which comes pre-configured with a restrictive UMCI policy.

CreateAddInIpcData:

Tested on Windows 10 15063.483 with .NET 4.7.

This is an issue with the exposed .NET Remoting IPC channel in AddInProcess.exe
(and AddInProcess32.exe) on .NET v4+. 

See my blog post (https://tyranidslair.blogspot.com/2017/07/dg-on-windows-10-s-executing-arbitrary.html)
for more information about how to use this bypass code.

More Repositories

1

DotNetToJScript

A tool to create a JScript file which loads a .NET v2 assembly from memory.
C#
1,139
star
2

oleviewdotnet

A .net OLE/COM viewer and inspector to merge functionality of OleView and Test Container
C#
984
star
3

ExploitRemotingService

A tool to exploit .NET Remoting Services
C#
453
star
4

blackhat-usa-2022-demos

Demos for the Blackhat USA 2022 talk "Taking Kerberos to the Next Level"
PowerShell
260
star
5

WindowsRpcClients

This respository is a collection of C# class libraries which implement RPC clients for various versions of the Windows Operating System from 7 to Windows 10.
C#
252
star
6

windows-logical-eop-workshop

C
221
star
7

CANAPE.Core

A network proxy library written in C# for .NET Core based on CANAPE
C#
172
star
8

infosec-presentations

A repository of previous info-sec presentations I've presented.
145
star
9

IE11SandboxEscapes

Some example source code for fixed IE11 sandbox escapes.
Objective-C
137
star
10

ExploitDotNetDCOM

A tool to exploit .NET DCOM for EoP and RCE. Is fixed in latest versions of the .NET.
C++
82
star
11

WindowsRuntimeSecurityDemos

Demos for Presentation on Windows Runtime Security
C#
69
star
12

DotNetInteropDemos

A set of demos and a PowerShell module to interact with DotNetInterop.
PowerShell
66
star
13

windows-attacksurface-workshop

Workshop material for a Windows Attack Surface Analysis Workshop
65
star
14

ZeroNights2017

Some sample code from my Zero Nights 2017 presentation.
C++
62
star
15

ExampleChatApplication

A simple example chat application written for .NET Core to learn network protocol analysis.
C#
37
star
16

Zer0Con_2018

Repository for my talk on Desktop Bridge at Zer0Con 2018.
PowerShell
33
star
17

DumpReparsePoints

This is a simple tool to dump all the reparse points on an NTFS volume.
C#
32
star
18

setsidmapping

Simple tool to use LsaManageSidNameMapping get LSA to add or remove SID to name mappings.
C#
22
star
19

44con_2014

Materials for 44con 2014 CANAPE Workshop
Python
22
star
20

SuperFunkyChat

An example binary protocol application for learning CANAPE
C#
19
star
21

bh2014

Built binaries for BH 2014 workshop
Python
18
star
22

AxHell

A simple exploitable ActiveX control for RE/VR
C++
18
star
23

canape-ssl-mitm-osx

A simple CANAPE extension to exploit iOS/OSX SSL vulnerability
C#
9
star
24

saturndebug

My old old sega saturn debugger, for information purposes
C
6
star
25

re

Some simple reverse engineering resources
Python
5
star
26

prxtool

C
3
star
27

Sourcey-Jack

Simple injection project to convert network connections to SOCKS
C#
3
star
28

psplinkusb

C
2
star
29

Kanjidic-OSX

A project to convert Jim Breen's Kanji Dictionary to the OSX dictionary.app format
1
star