a series tutorial for linux exploit development to newbie.

Kernel Address Space Layout Derandomization (KASLD) - A collection of various techniques to infer the Linux kernel base virtual address as an unprivileged local user, for the purpose of bypassing Kernel Address Space Layout Randomization (KASLR).

x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration

A PoC for Mhyprot2.sys vulnerable driver that allowing read/write memory in kernel/user via unprivileged user process.

macOS Kernel Exploit for CVE-2019-8781.

Linux Kernel exploitation Tutorial.

Tutorial for writing kernel exploits

Hells Hollow Windows 11 Rootkit technique to Hook the SSDT via Alt Syscalls

x64 Windows kernel driver mapper, inject unsigned driver using anycall

Userland -> Kernel11 -> Arm9 otherapp for 3DS system versions 1.0 to <= 11.15

Exploit MsIo vulnerable driver

A local privilege escalation chain from user to kernel for MacOS < 10.15.5. CVE-2020–9854

Executing Kernel Routines via Syscall Table Hijack (Kernel Code Execution)

PoC CVE-2017-5123 - LPE - Bypassing SMEP/SMAP. No KASLR

Glass Cage is a zero-click PNG-based RCE chain in iOS 18.2.1, bypassing LockDown mode protection by exploiting ImageIO (CVE-2025-43300), then WebKit(CVE-2025-24201) and Core Media(CVE-2025-24085) to achieve sandbox escape, kernel-level access, and device bricking. Triggered via iMessage, it enables full compromise with no user interaction.

A portfolio demonstrating advanced blue and red team skills, including: SSH MFA implementation, Volatility-based memory forensics to detect code injection, Splunk threat hunting (BOTS v3), Wireshark C2 analysis, and kernel exploitation walkthroughs (LinPEAS, VulnHub).

A PoC for exploiting Tower Of Fantasy anti-cheat driver

Working Dirty Pipe (CVE-2022-0847) exploit tool with root access and file overwrites.

A dll injector static library for Win x64 processes with handle elevation supported

A Windows utility to elevate any process to nt authority\system using physical memory.

Collection of Linux PrivEsc Tools

Kernsec is quick & dirty script to print kernel protections, useful informations of kernel exploitation/pwn in Kernel Land

Sudo Vulnerability Local PrivEsc (CVE-2025-32463) POC with Python

Code execution for CVE-2017-11176

🔒 Exploit local privilege escalation vulnerabilities in sudo before 1.9.17p1 using the chroot option for enhanced security assessments.

💻 Showcase forensic and cybersecurity skills through detailed reports on forensics, penetration testing, and threat hunting in ethical hacking.

💻 Showcase practical cybersecurity skills in forensics, threat hunting, and penetration testing through this comprehensive ethical hacking portfolio.