Skip to content
View p4yl0ad's full-sized avatar
👲
👲
123 followers · 637 following
Block or Report

Block or report p4yl0ad

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
p4yl0ad/README.md

Vulnerabilities I have found over the last couple of years

2022

2023

  • Zscaler - Denial of Service
  • Zscaler - Hardened Runtime Bypass
  • Zscaler - "exit password" Bypass
  • Zscaler - Local Privilege Escalation [TBD]
  • Dropbox - TCC Bypass
  • Dropbox - TCC Bypass
  • Dropbox - TCC Bypass
  • Dropbox - TCC Bypass
  • Dropbox - TCC Bypass
  • Upwork - TCC Bypass
  • netSkope - Local Privilege Escalation
  • Logitech - Local Privilege Escalation
  • Logitech - Local Privilege Escalation

2024

  • Front - TCC Bypass
  • Zscaler - Local Privilege Escalation
  • Zscaler - Local Privilege Escalation
  • WithSecure - Local Privilege Escalation CVE-2024-27358
  • WithSecure - Denial of Service CVE-2024-27358
  • Amazon AWS - Local Privilege Escalation CVE-2024-30165

Pinned

  1. rust_ppid_break_chain rust_ppid_break_chain Public

    using Werfault.exe to break parent process chains

    Rust 9 1

  2. regloop regloop Public

    grabbing registered protocol handlers from the windows registry

    Rust 2

  3. eles eles Public

    implementation of dir written in c/c++

    C++

  4. getppid getppid Public

    Rust implementation of getppid

    Rust

  5. Snippet which uses LdrLoadDll to for... Snippet which uses LdrLoadDll to force load a DLL and use handle returned to get a pointer to a function.
    1 
    #include <windows.h>
    2 
    #pragma comment(lib, "ntdll.lib")
    3 
    //#pragma comment(lib, "ntdllp.lib")
    4 
    #define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0)
    5 
    
              
    
          
    
    
    
  
    

    6. 

      
  6. 
  
    
    
    
      
    
        
    
            
          
apisetparse
apisetparse          Public
        
    
      
    


      
    
        Uses the PEB to obtain an apisetmap in order to translate umbrella DLL's such as "api-ms-win-http-time-l1-1-0.dll" to their origin forward DLL e.g. kernelbase.dll
      
    

      
    
          
  
  C


          
            
    

            1
          
      
    
    
    
  
    

    7.