Automating COM/DCOM vulnerability research
Diving into COM/DCOM and how to automate vulnerability research using a fuzzing approach.
Remco van der Meer
Exploit development for vulnerabilities in Windows over MS-RPC
Showcasing some different ways to craft exploits for vulnerabilities over MS-RPC
Revisiting automating MS-RPC vulnerability research and releasing the tool
Partially solving the problem for procedures that need valid complex parameter types to fuzz, and open sourcing the tool
Automating MS-RPC vulnerability research
Diving into the MS-RPC protocol and how to automate vulnerability research using a fuzzing approach.
Pressing the LSM kill switch (external)
CVE-2025-26651: Revealing a vulnerability in Windows Local Session Manager (LSM), that causes it to crash
Walking the dog: Fun with Kerberos and Pass The Certifcate
Having fun with Pass the Certificate and Kerberos errors and how to work around them
Unplugging your Power service with my special GUID
Crashing Windows by exploiting two vulnerabilities in the power service
Windows Privilege Escalation without CA, LDAPS and SPN using NTLMRelay2Self with RBCD
Using NTLMRelay2self with RBCD and BloodyAD to escalate privileges on a Windows system with LDAPS being blocked on the domain controller.
Defeating Windows Credential Guard
Defeating Credential Guard by misusing its own functions
NTLM Relay 2 self without Printer Spooler and DNS
Using NTLM Relay to authenticate a system to itself over HTTP with WebDav without Printer Spooler and DNS