PPLrevenant

poc.webm

This is a proof-of-concept that shows how a technique such as Bring Your Own Vulnerable DLL (BYODLL) could be used to bypass LSA Protection, or more generally execute arbitrary code within Protected Processes on Windows.

For more information, please check out my blog post series entitled "Ghost in the PPL".

Credits

@GabrielLandau - Post about the BYOVDLL technique on Twitter/X
@KeyZ3r0 (a.k.a. k0shl) - Isolate me from sandbox - Explore elevation of privilege of CNG Key Isolation
@cplearns2h4ck (a.k.a. chiefpie) - PoC for CVE-2023-28229

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
PPLrevenant		PPLrevenant
.gitattributes		.gitattributes
.gitignore		.gitignore
PPLrevenant.sln		PPLrevenant.sln
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

PPLrevenant

Credits

About

Uh oh!

Releases

Packages

Languages

oops4git/PPLrevenant

Folders and files

Latest commit

History

Repository files navigation

PPLrevenant

Credits

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages