Screenshots
Example Usage
flowchart TD
    classDef primitiveStyle fill:#fcf8e3,stroke:#8a6d3b,stroke-width:2px,font-weight:bold,color:#000
    classDef vulnStyle      fill:#ffdddd,stroke:#ff0000,stroke-width:2px,font-weight:bold,color:#000
    classDef coreLeakStyle  fill:#e3f0ff,stroke:#1e90ff,stroke-width:2px,font-weight:bold,color:#000
    classDef goalStyle      fill:#d4edda,stroke:#28a745,stroke-width:2px,font-weight:bold,color:#000

    start(["Run Exploit"]) ==> phase0
    phase0 ==> phase1
    phase1 ==> phase2
    phase2 ==> phase3
    phase3 ==> phase4
    phase4 ==> phase5
    phase5 ==> finish(["Spawn SYSTEM Shell"])

    subgraph phase0["Phase 0: Initialization"]
        direction LR
        init["Initialize Windows API Wrappers"] --> rva["Resolve Required Kernel RVAs"]
    end

    subgraph phase1["Phase 1: Arbitrary Read"]
        direction LR
        heap["Spray Heap (Named Pipes)"] --> vuln["Trigger HEVD Buffer Overflow"] --> cache["Set CacheAligned Flag"] --> ghost["Create Ghost Chunk"] --> read["Establish Arbitrary Read Primitive"]
    end

    subgraph phase2["Phase 2: KASLR Bypass"]
        direction LR
        leak1["Leak NP_DATA_QUEUE_ENTRY.Flink"] --> traverse["Walk Kernel Object Ch
See also
100-redteam-projects
Free

Projects for security students…
1earn
Free

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup…
BeEF
Open Source Kali

Browser Exploitation Framework. Hooks web browsers via JavaScript and provides extensive command mod…
cve-search_mcp
Open Source

A Model Context Protocol (MCP) server for querying the CVE-Search API…
GDB with pwndbg
Open Source Kali

GDB (GNU Debugger) enhanced with pwndbg plugin for exploit development and reverse engineering. Adds…
Sliver
Open Source

Open-source C2 framework from BishopFox. Supports mTLS, WireGuard, HTTP/S, and DNS C2 channels. Feat…