General-purpose security research repository covering browser exploit chain development, post-exploitation techniques, and security assessment tooling. Contains CVE reproduction work across Chrome and Firefox, along with C2 infrastructure, post-exploitation staging, and security assessment deliverables.
This repository exists to support internal security education and risk awareness. The exploit reproductions, attack chain demonstrations, and assessment tooling are built as red-team exercises to show stakeholders — including non-technical business users — what can go wrong when production systems lack adequate human oversight and governance controls.
All materials are for educational purposes and authorized security testing only. All research was conducted under explicit written authorization. Exploit code is provided to support defensive research, vulnerability reproduction, and security assessment. Do not use any code or technique against systems you do not own or have explicit written authorization to test. See SECURITY.md for the full responsible disclosure policy and containment architecture.
Safeguards in place:
- All CVEs target already-patched browser versions with publicly available PoC — no zero-days are published here. The contribution is chaining, primitives, and delivery infrastructure.
- All tool networking is loopback-only (
127.0.0.0/8or Docker bridge), enforced by ContainmentGuard in code — not by convention. - The Docker Compose lab runs on an
internal: truenetwork with no internet gateway. - The beacon's
execcommand is refused outside Docker containers. All other beacon commands are from a hardcoded allowlist. - IDOL persistence demo's
--plantinstalls only a harmless cron heartbeat;--cleanupremoves it. - The GitHub Pages WASM dashboard runs on simulated data with no live C2 connectivity.
The primary security assessment deliverable is an interactive report evaluating the Databricks Apps platform under production conditions.
- Report:
reports/databricks-apps-assessment/— Streamlit dashboard covering attack surface, identity chain exploitability, OAuth/OBO token abuse, and detection recommendations. - Run it:
cd reports/databricks-apps-assessment && pip install -r requirements.txt && streamlit run app.py - Audience: C-suite and security leadership. The report frames each finding in business-risk terms alongside the technical demonstration.
Key findings covered in the report:
- OAuth On-Behalf-Of (OBO) token abuse paths in Databricks Apps
- Databricks app identity chain and service principal exposure
- Detection gaps in Databricks audit logs
- Recommended monitoring, governance, and access control improvements
A Docker Compose lab provides a fully isolated environment for running tools end-to-end. All services run on an internal Docker network with no internet access.
make lab-up # Start: C2 server, 2 beacons, exploit server, 2 target apps
make lab-down # Destroy everything
make lab-status # Show running services + C2 status
make lab-logs # Tail all logs| Service | Port | Description | How to start |
|---|---|---|---|
| C2 server | 127.0.0.1:8443 |
Operator API + beacon protocol | make lab-up |
| Exploit server | 127.0.0.1:9090 |
Serves CVE exploits, receives callbacks | make lab-up |
| Target app 1 | 127.0.0.1:8501 |
Simulated Databricks Streamlit app | make lab-up |
| Target app 2 | 127.0.0.1:8502 |
Second target for lateral movement | make lab-up |
| Mock Entra IdP | 127.0.0.1:9100 |
Device code, token, PRT SSO endpoints | make lab-up |
| Mock IMDS | 127.0.0.1:9200 |
AWS/GCP/Azure metadata service mock | make lab-up |
| LLM copilot app | 127.0.0.1:8080 |
Ollama-backed enterprise copilot (injection target) | make lab-llm-up |
| Mock OIDC issuer | 127.0.0.1:9300 |
GitHub Actions OIDC simulation (WIF abuse) | make lab-oidc-up |
| Mock SAML SP/IdP | 127.0.0.1:9400 |
SAML assertion target (Golden SAML demo) | make lab-saml-up |
| Mock Databricks | 127.0.0.1:9500 |
Databricks Apps OAuth/OBO mock | make lab-databricks-up |
| AD CS lab | 192.168.56.10 |
Windows DC + Enterprise CA (Vagrant, host-only) | make lab-adcs-up |
Containment: ContainmentGuard (tools/lib/containment.py) enforces loopback-only networking, non-root execution, tmpdir isolation, and Docker environment detection across all tools.
- C2 Server & Beacon (
tools/c2/) - Modular C2 with pluggable transports (HTTP polling, WebSocket, gRPC, SMB/Unix pipe, DNS-over-HTTPS, HTTP/3, DoQ, Telegram Bot, Teams Graph), YAML transport profiles with hot-reload, and P2P relay topology. Flask server with session crypto (X25519 + ChaCha20-Poly1305). Hardcoded command allowlist. Loopback-only, ContainmentGuard-enforced. - C2 Transports (
tools/c2/transports/) -http_polling/,websocket/,grpc/,passive_smb_pipe/,dns_over_https/,http3/(QUIC),doq/(DNS-over-QUIC),telegram-bot/(mock 8130),teams-graph/(mock 8131). Each ships with Sigma/KQL detection. - C2 Framework Profiles (
tools/c2/profiles/framework-mimics/) - Transport-signature profiles for AdaptixC2, emp3r0r, APEX, Mythic, Havoc, BruteRatel C4, NightHawk. Use with beacon for detection-rule validation. - C2 Relay (
tools/c2/relay/) - P2P relay node supporting beacon chains of depth ≥2. - Dashboard (
tools/dashboard/) - Session management console with multi-transport session view, profile editor, and relay topology graph.
- AD CS Abuse (
tools/ad-cs/) - ESC1–ESC16 exploitation toolkit: LDAP-based template enumerator (certipy patterns), per-ESC exploit modules, chain orchestrator, and Shadow Credentials 2026 update (Jan 2026 NGC key write hardening). All lab-domain-gated (corp.lab.local). - Kerberos Lateral Movement (
tools/kerberos/) - S4U2self/S4U2proxy abuse, RBCD chain, NTLM relay + EPA recon (RelayInformer-class), CVE-2025-33073 NTLM reflection LPE, AES-only Kerberoasting (post-CVE-2026-20833 RC4 enforcement), service-account triage.
- Lateral Movement (
tools/lateral-movement/) - RPC-based DCOM/TSCH/SCMR/WMI, SCCM ELEVATE1/2 + TAKEOVER-5 Entra-integration chain (SpecterOps Nov 2025), Azure Arc MSI pivot + CVE-2026-26117 (himds pipe DACL), Exchange hybrid evoSTS token forge.
- Cloud Identity Attacks (
tools/cloud-identity/) - WIF wildcard-sub, Golden SAML, Silver SAML (secondary cert), SyncJacking (ImmutableId takeover), EvilTokens device-code 2026 PhaaS (Broker client ID FOCI path), FOCI CA bypass, PRT devtools extraction, CloudTrail blinding (9 primitives). Lab mocks: mock-oidc (9300), mock-saml (9400), mock-entra (9100/9102). - Entra ID Abuse (
tools/entra-abuse/) - Device-code phishing, PRT simulation, token replay. Historical; modern Entra work incloud-identity/.
- Kernel LPE (
tools/kernel-lpe/) - Windows kernel LPE research: AFD.sys pool-grooming family (CVE-2026-20810/-20831/-20860/-21241), CLFS buffer overflow (CVE-2025-60709), I/O Ring arb R/W primitive (CVE-2025-21333), pool feng-shui and NT structure reference docs. All requireEXPLOIT_LAB_KERNEL=1+kern-lab-*hostname viasafety_harness.py.
- AiTM Kits (
tools/phishing/aitm-kits/) - Tycoon2FA-class simulator (mock-aitm-proxy 8100 ↔ mock-m365-login 8101), Sneaky2FA BitB, Rockstar2FA, Evilginx3 documentation. Defender controls: passkey mitigation, CA token protection. - Social Engineering (
tools/phishing/social-engineering/) - ClickFix (clipboard→Run dialog), FileFix (Explorer address-bar primitive), ConsentFix (OAuth consent bypass sim against mock-entra). Delivery-chain evolution 2023→2026. - Passkey Phish-Resistance (
tools/phishing/passkey-resistance/) - WebAuthn origin binding fundamentals, phish-resistance matrix (10 attacks × 7 MFA types), downgrade surface, cross-device QR relay risk. - Vishing Tabletop (
tools/phishing/vishing/) - CFO impersonation + Scattered Spider helpdesk tabletop scripts (no voice synthesis).
- GitHub Actions (
tools/supply-chain/github-actions/) -pull_request_targetpwn_request sim (mock 8120), UNC6426 OIDC chain (mock-oidc 9300 → mock-imds 9200), self-hosted-runner persistence model, tj-actions-class supply-chain compromise. - npm Worm (
tools/supply-chain/shai-hulud-class/) - Shai-Hulud npm postinstall harvest+propagate class simulator (mock-npm 8110). - PyPI .pth Stealer (
tools/supply-chain/pypi-pth-class/) - LiteLLM TeamPCP .pth persistence simulator + runtime_detector defender tool (mock-pypi 8111).
- HW-BP Syscalls (
tools/rust/syscalls-hwbp/) - Hardware-breakpoint syscall dispatch bypassing userland EDR hooks. Windows-specific. - Modern Sleep Masks (
tools/rust/sleep-mask-modern/) - Cronos (fiber + RC4), RustyCronos, HWBP-driven sleep. - Threadless Injection (
tools/rust/threadless-inject/) - Module stomping, TxF, DLL-notification-callback hijack. - ETW-TI Awareness (
tools/rust/etw-ti-aware/) - ETW provider enumeration keyed on EDR GUIDs. - Call Stack Spoofing (
tools/rust/callstack-spoof/) - SilentMoonwalk-pattern gadget finder +with_spoofed_stack()RAII wrapper. - Call Stack Detection (
tools/rust/callstack-detect/) - Defender-side kernel-ETW call-stack collector + unwind validator; spoof-vs-detect matrix. - Patchless AMSI/ETW Bypass (
tools/rust/amsi-patchless/) - HWBP (DR0/DR1) arm/disarm; SetThreadContext and NtContinue variants documented. - BOF/COFF Loader (
tools/rust/bof-loader/) - goblin-based COFF parser, symbol allowlist, OutputSandbox capture. - BYOVD Framework (
tools/byovd/) - Hash-only manifest, HVCI blocklist checker, LOLDrivers sync (hash-only), HVCI-bypass enumeration, EDR-killer class (54-tool market, termination-pattern sim).
- M365 Copilot (
tools/llm-attacks/m365-copilot/) - EchoLeak (CVE-2025-32711, zero-click email→Copilot→exfil) + ShareLeak (CVE-2026-21520, Copilot Studio form-field injection). Both against mock-copilot (8090). - Agentforce (
tools/llm-attacks/agentforce/) - PipeLeak public lead-form hijack sim (mock-agentforce 8091). - MCP Abuse (
tools/llm-attacks/mcp-abuse/) - Tool poisoning, capability confusion; Git MCP server CVE class (CVE-2025-68143/68144/68145 — commit message injection, diff injection, path traversal). - Eval Harness (
tools/llm-attacks/eval/) - AgentDojo-format harness (97-task corpus), PromptArmor adapter (instruction hierarchy + cosine similarity), MCPSec adapter (schema validation + capability enforcement), defense benchmark runner. - Indirect Injection Corpus (
tools/llm-attacks/indirect-injection/) - 59-payload corpus across 8 channels including m365_copilot.
- Browser Extension Supply-Chain (
tools/browser-ext-attacks/) - MV3 lab catalog: cookie theft, session hijack, form-grab, DNR redirect abuse, Cyberhaven-pattern update-hijack simulation. - Exploit Framework (
tools/framework/) - Equation Group–inspired exploit orchestration. - Fuzzing (
tools/fuzzing/) - JIT (GVN, LICM, Range Analysis), IPC, V8 Turbofan fuzzers.
- Kubernetes Post-Exploitation (
tools/kubernetes-postex/) - runc container breakout (CVE-2025-31133/-52565/-52881) + chain to kubelet, NodeRestriction admission bypass (CVE-2025-4563/-5187), AKS CVE-2026-33105 (CVSS 10 Azure CNI IPAM socket). All requireEXPLOIT_LAB_K8S=1.
- eBPF Rootkit (
tools/linux-postex/ebpf-rootkit/) - LinkPro-class (XDP/TC + magic-packet C2) analysis; Boopkit / TripleCross / ebpfkit corpus comparison; Rust sim stub (EXPLOIT_LAB_EBPF=1).
- macOS (
tools/macos-postex/) - TCC bypass: CVE-2025-43530 VoiceOver + 6-app entitlement catalog; SLAP/FLOP side-channel analysis; SysBumps KASLR break. Research docs only. - Mobile Landscape (
docs/analysis/mobile-landscape-2026/) - iOS DarkSword chain, Coruna kit, Pixel 9 0-click, Pwn2Own Ireland 2025, Lockdown Mode effectiveness. Research-only, no PoC. - Firmware (
docs/analysis/firmware-landscape-2026/) - Hydroph0bia Insyde H2O SMM, LogoFAIL successors, UEFI cert expiry Jun 2026, defender inventory.
- RMM Abuse (
tools/persistence/rmm-abuse/) - ScreenConnect / AnyDesk / QuickAssist attacker patterns + persistence mechanics + detection. Cross-tool kill-chain correlation (RMM install + BYOVD = pre-ransomware indicator). - ESXi Post-Exploitation (
tools/persistence/esxi-postex/) - VM kill chain, ESXi lifecycle post-ex, Nutanix AHV parallels.
- IDOL (
tools/idol/) - Lateral movement PoC: credential harvest, persistence, C2 beaconing. - Rust Target Tools (
tools/rust/) - Rust workspace. Build:cd tools/rust && cargo build --release. - Post-exploit Staging (
tools/post-exploit-staging/) - Three-tier staging architecture. - Forensic Analysis (
tools/forensic-analysis/) - Artifact detection, audit gap analysis. - Validator (
tools/validator/) - Pre-exploitation browser fingerprinting.
CVE reproductions across Chrome and Firefox (2024–2026) — click to expand
| CVE | Target | Year | Technique | Level | Path |
|---|---|---|---|---|---|
| CVE-2024-0517 | Chrome V8 Maglev | 2024 | OOB Write | ACE | cves/chrome/2024/CVE-2024-0517/ |
| CVE-2024-1939 | Chrome V8 Wasm S128 | 2024 | Type Confusion | ACE | cves/chrome/2024/CVE-2024-1939/ |
| CVE-2024-5830 | Chrome V8 Object Transitions | 2024 | Type Confusion | ACE | cves/chrome/2024/CVE-2024-5830/ |
| CVE-2025-5959 | Chrome Wasm JSPI | 2025 | Sandbox Escape | ACE | cves/chrome/2025/CVE-2025-5959/ |
| CVE-2025-6558 | Chrome ANGLE WebGL2 | 2025 | UAF | UAF | cves/chrome/2025/CVE-2025-6558/ |
| CVE-2025-13223 | Chrome V8 Property Array | 2025 | Type Confusion | ARW | cves/chrome/2025/CVE-2025-13223/ |
| CVE-2026-2441 | Chrome CSS FontFeatureValuesMap | 2026 | UAF | UAF | cves/chrome/2026/CVE-2026-2441/ |
| CVE-2026-3909 | Chrome Skia Glyph Atlas | 2026 | OOB Write | OOB | cves/chrome/2026/CVE-2026-3909/ |
| CVE-2024-8381 | Firefox SpiderMonkey | 2024 | Type Confusion | Trigger | cves/firefox/2024/CVE-2024-8381/ |
| CVE-2024-9680 | Firefox AnimationTimeline | 2024 | UAF | UAF | cves/firefox/2024/CVE-2024-9680/ |
| CVE-2024-29943 | Firefox JIT Range Analysis | 2024 | BCE | ARW | cves/firefox/2024/CVE-2024-29943/ |
| CVE-2024-29944 | Firefox Privileged JS | 2024 | Sandbox Escape | ACE | cves/firefox/2024/CVE-2024-29944/ |
| CVE-2025-2857 | Firefox IPC | 2025 | Sandbox Escape | Trigger | cves/firefox/2025/CVE-2025-2857/ |
| CVE-2025-4918 | Firefox Promise | 2025 | OOB | OOB | cves/firefox/2025/CVE-2025-4918/ |
| CVE-2025-4919 | Firefox IonMonkey BCE | 2025 | OOB | ARW | cves/firefox/2025/CVE-2025-4919/ |
| CVE-2026-2795 | Firefox Wasm GC | 2026 | UAF | ACE | cves/firefox/2026/CVE-2026-2795/ |
| CVE-2026-2796 | Firefox Wasm JIT | 2026 | Type Confusion | Trigger | cves/firefox/2026/CVE-2026-2796/ |
Level key: ACE = arbitrary code execution, ARW = arbitrary read/write, UAF = use-after-free demonstrated, OOB = out-of-bounds access, Trigger = bug trigger only.
exploits/
├── reports/ # Security assessment reports
│ └── databricks-apps-assessment/ # Streamlit dashboard (src/ → build.py → app.py)
├── cves/ # CVE reproductions, organized by target/year/CVE-ID
│ ├── chrome/
│ └── firefox/
├── tools/ # Standalone security tooling
│ ├── lib/ # Shared: ContainmentGuard
│ ├── rust/ # Rust workspace
│ │ ├── beacon/ # Beacon client binary
│ │ ├── containment/ # ContainmentGuard (Rust)
│ │ ├── syscalls/ # Hell's Gate + Tartarus Gate
│ │ ├── syscalls-hwbp/ # Hardware-breakpoint syscall dispatch
│ │ ├── sleep-mask/ # Ekko / Foliage
│ │ ├── sleep-mask-modern/ # Cronos / RustyCronos / HWBP sleep
│ │ ├── threadless-inject/ # Module stomping / TxF / DLL-notify
│ │ ├── etw-ti-aware/ # ETW-TI + EDR provider enumeration
│ │ ├── callstack-spoof/ # Call stack spoofing
│ │ ├── amsi-patchless/ # HWBP AMSI/ETW bypass
│ │ ├── bof-loader/ # COFF/BOF executor
│ │ ├── telemetry-patch/ # ETW/AMSI prologue patching
│ │ ├── cookie-theft/ # Chrome app-bound cookie decryption
│ │ └── crypto/ # Shared crypto primitives
│ ├── c2/ # Modular C2 server + transports + relay
│ │ ├── transports/ # WebSocket, gRPC, SMB pipe, DoH, HTTP
│ │ ├── relay/ # P2P relay node + topology graph
│ │ └── profiles/ # Dynamic YAML transport profiles
│ ├── ad-cs/ # AD CS ESC1–ESC15 exploitation
│ │ ├── enum/ # LDAP-based template enumerator
│ │ └── exploit/ # esc01/ through esc15/ + chain.py
│ ├── kerberos/ # Kerberos lateral movement
│ │ ├── s4u/ # S4U2self / S4U2proxy
│ │ ├── rbcd/ # RBCD attack chain + ACL scanner
│ │ ├── relay/ # NTLM relay modernization
│ │ └── roasting/ # Targeted Kerberoasting / AS-REP roasting
│ ├── cloud-identity/ # Modern cloud identity attacks
│ │ ├── wif/ # Workload Identity Federation abuse
│ │ ├── oidc-trust/ # OIDC trust confusion
│ │ ├── golden-saml/ # Golden SAML + OIDC token forging
│ │ ├── entra-2026/ # Modern Entra reality check
│ │ └── databricks/ # Databricks OAuth OBO chain abuse
│ ├── llm-attacks/ # LLM and agent abuse tooling
│ │ ├── indirect-injection/ # Prompt injection corpus + delivery harness
│ │ ├── mcp-abuse/ # MCP server tool poisoning / rug-pull
│ │ ├── agent-confusion/ # Confused-deputy + transcript detector
│ │ └── eval/ # Injection benchmark harness
│ ├── browser-ext-attacks/ # Browser extension supply-chain
│ │ ├── cookie-theft/ # MV3 chrome.cookies exfil
│ │ ├── session-hijack/ # webRequest header capture
│ │ ├── form-grab/ # Content-script form grabber
│ │ ├── dnr-redirect/ # DeclarativeNetRequest abuse
│ │ ├── update-hijack/ # Mock Web Store + permission differ
│ │ └── eval/ # Manifest analyzer + CDP runtime monitor
│ ├── byovd/ # BYOVD orchestration framework
│ ├── edr-silencing/ # EDR silencing via policy
│ │ ├── wdac-abuse/ # WDAC policy generator / analyzer
│ │ ├── ppl-bypass/ # PPL bypass research + timeline
│ │ ├── blind-spot-enum/ # EDR coverage map + gap advisor
│ │ └── callback-integrity/ # Kernel callback enum + integrity check
│ ├── lateral-movement/ # Lateral movement modules
│ │ ├── rpc-movement/ # DCOM/TSCH/SCMR/WMI via Impacket 0.12
│ │ ├── sccm-abuse/ # SCCM ELEVATE1/ELEVATE2
│ │ ├── azure-arc/ # Azure Arc MSI pivot
│ │ └── exchange-hybrid/ # evoSTS token forging (Storm-0558)
│ ├── browser-native-postex/ # WASM browser post-exploitation
│ │ ├── wasm-payload/ # Rust → WASM (wasm-bindgen)
│ │ └── delivery/ # MV3 ext / service worker / XSS
│ ├── bofs/ # BOF implementations for bof-loader
│ ├── entra-abuse/ # Device-code phishing, PRT (v3)
│ ├── framework/ # Exploit orchestration framework
│ ├── dashboard/ # Session management dashboard
│ ├── post-exploit-staging/ # Three-tier staging architecture
│ ├── forensic-analysis/ # Forensic artifact detection
│ ├── fuzzing/ # Fuzzing harnesses
│ ├── idol/ # IDOL lateral movement PoC
│ ├── validator/ # Pre-exploitation validation
│ └── win-remote/ # Windows remote agent
├── docs/
│ ├── analysis/ # Deep-dive technical analysis
│ └── methodology/ # Attacker + defender methodology docs
├── infra/
│ └── lab/
│ ├── ad-cs/ # Vagrant AD CS lab (DC + CA + workstations)
│ ├── llm-target/ # Ollama + copilot Flask app
│ ├── mock-databricks/ # Mock Databricks Apps OAuth
│ ├── mock-saml/ # Mock SAML SP/IdP
│ ├── mock-entra/ # Mock Entra IdP (device code, token, PRT)
│ ├── mock-imds/ # Mock AWS/GCP/Azure IMDS
│ ├── mock-sccm/ # Mock SCCM management point (port 9600)
│ └── kind-cluster/ # K8s post-ex kind cluster
├── site/ # GitHub Pages static site
└── cves/ # CVE reproductions
- Clone the repo and install lab dependencies:
pip install -r requirements-lab.txt - For the Databricks assessment dashboard:
cd reports/databricks-apps-assessment && pip install -r requirements.txt && streamlit run app.py - For the contained lab:
make lab-up(requires Docker) - To run tools locally:
python3 tools/c2/server.pyin one terminal,python3 tools/c2/beacon/beacon_client.pyin another - Browse
cves/for specific CVE reproductions. Each CVE directory contains its own README with setup instructions.
- Repository: github.com/AndrewAltimit/exploits
- GitHub Pages: andrewaltimit.github.io/exploits
- Live Dashboard: andrewaltimit.github.io/exploits/dashboard - runs in-browser via WebAssembly