Skip to content
View 0vercl0k's full-sized avatar

Sponsors

@Nero22k

Organizations

@doar-e

Block or report 0vercl0k

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
0vercl0k/README.md

Hello, world 👋

If you made it all the way here, you might as well check out some of my projects and where I blog 😊. Oh, and if you want to say hi, come hangout on the Diary of a reverse-engineer's discord: invite!

Windows related

Exploitation

  • Paracosme: Zero-click remote memory corruption exploit that compromises ICONICS Genesis64 (Pwn2Own Miami 2022),
  • Longue vue: Over-the-web remote compromise exploit chain for NETGEAR DGND3700v2 devices,
  • Zenith: Remote kernel exploit for the TP-Link AC1750 Smart Wi-Fi Router (Pwn2Own Austin 2021),
  • Pwn2Own Miami 2023: Writeups/PoCs for bugs I found while preparing for Pwn2Own Miami 2023 targeting UaGateway in the OPC UA Server category,
  • CVE-2019-11708: Full chain for CVE-2019-11708 & CVE-2019-9810,
  • CVE-2019-9810: RCE exploit for Firefox on Windows.

Misc

Popular repositories Loading

  1. rp rp Public

    rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM/ARM64 binaries.

    C++ 1.8k 254

  2. wtf wtf Public

    wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows and Linux user-m…

    C++ 1.5k 132

  3. CVE-2021-31166 CVE-2021-31166 Public archive

    Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.

    Python 821 139

  4. CVE-2019-11708 CVE-2019-11708 Public archive

    Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.

    JavaScript 618 81

  5. stuffz stuffz Public

    Basically a script thrift shop

    C 589 125

  6. windbg-scripts windbg-scripts Public

    A bunch of JavaScript extensions for WinDbg.

    JavaScript 320 47