Remotely crashing the Spooler service

Showcasing a vulnerability in Windows that causes the Spooler service to crash remotely.

Nov 19, 2025 Research, Windows, Exploit

Deleting the BCD through COM as low privileged user (external)

CVE-2025-59253: Demonstrating a vulnerability in Windows that leads to a low privileged user being able to delete the boot configuration data (BCD) through COM.

Nov 15, 2025 Research, Windows

Automating COM/DCOM vulnerability research

Diving into COM/DCOM and how to automate vulnerability research using a fuzzing approach.

Oct 30, 2025 Research, Windows

Exploit development for vulnerabilities in Windows over MS-RPC

Showcasing some different ways to craft exploits for vulnerabilities over MS-RPC

Jul 31, 2025 Research, Windows

Revisiting automating MS-RPC vulnerability research and releasing the tool

Partially solving the problem for procedures that need valid complex parameter types to fuzz, and open sourcing the tool

Jul 14, 2025 Research, Windows

Automating MS-RPC vulnerability research

Diving into the MS-RPC protocol and how to automate vulnerability research using a fuzzing approach.

May 21, 2025 Research, Windows

Pressing the LSM kill switch (external)

CVE-2025-26651: Revealing a vulnerability in Windows Local Session Manager (LSM), that causes it to crash

May 9, 2025 Windows, Exploit, Research

Walking the dog: Fun with Kerberos and Pass The Certifcate

Having fun with Pass the Certificate and Kerberos errors and how to work around them

Apr 10, 2025 Research, Windows

Unplugging your Power service with my special GUID

Crashing Windows by exploiting two vulnerabilities in the power service

Apr 4, 2025 Research, Windows

Windows Privilege Escalation without CA, LDAPS and SPN using NTLMRelay2Self with RBCD

Using NTLMRelay2self with RBCD and BloodyAD to escalate privileges on a Windows system with LDAPS being blocked on the domain controller.

Dec 4, 2024 Research, Windows