Microsoft Mitigation Bounty Bypass proof-of-concepts

This proof-of-concepts show different ways to bypass Windows mitigations in Edge (mainly CFG). A vulnerability is simulated (using a Windbg breakpoint) to gain a read-write anywhere primitive.

To reproduce, launch Edge on one of the html pages (no other instances). Use script\windbg_attach.ps1 to automatically attach Windbg to all Edge instances. Click on the various options and look at the logs or the crash.

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
scripts		scripts
LICENSE		LICENSE
README.md		README.md
basic_examples.html		basic_examples.html
poc_1_leakteb_and_rop.html		poc_1_leakteb_and_rop.html
poc_2_noncfgstub.html		poc_2_noncfgstub.html
poc_3_reloadntdll.html		poc_3_reloadntdll.html
poc_4_load_unsafe_donet_stream.html		poc_4_load_unsafe_donet_stream.html
theme.css		theme.css
toolkit.js		toolkit.js

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

scripts

scripts

LICENSE

LICENSE

README.md

README.md

basic_examples.html

basic_examples.html

poc_1_leakteb_and_rop.html

poc_1_leakteb_and_rop.html

poc_2_noncfgstub.html

poc_2_noncfgstub.html

poc_3_reloadntdll.html

poc_3_reloadntdll.html

poc_4_load_unsafe_donet_stream.html

poc_4_load_unsafe_donet_stream.html

theme.css

theme.css

toolkit.js

toolkit.js

Repository files navigation

Microsoft Mitigation Bounty Bypass proof-of-concepts

About

Releases

Packages

Languages

License

mxatone/mitigation-bounty

Folders and files

Latest commit

History

Repository files navigation

Microsoft Mitigation Bounty Bypass proof-of-concepts

About

Resources

License

Stars

Watchers

Forks

Languages