All research and tooling in this repository was produced under explicit written authorization for targeted security assessments. The primary engagement was a red-team exercise evaluating the Databricks Apps platform under production conditions.
No techniques or tools in this repository should be used against systems you do not own or have explicit written authorization to test.
Every CVE reproduced in this repository meets all three of the following criteria at the time of research:
- Publicly disclosed — the vulnerability was announced by the vendor and assigned a CVE ID.
- Already patched — a vendor fix was available and the CVE was closed.
- Published PoC — proof-of-concept code or a detailed technical write-up describing exploitation was publicly available.
The contribution of this research is primitive building (type confusion → ARW, UAF → ACE), exploit chaining, and delivery infrastructure. No novel vulnerability discovery is claimed, and no zero-day techniques are included.
Exploit code targets specific patched browser versions pinned in Docker containers. It does not run against current browser releases.
Containment is enforced in code at runtime, not by convention or documentation:
| Layer | Control |
|---|---|
| Network | All C2 and beacon traffic is bound to loopback (127.0.0.0/8) or Docker bridge. ContainmentGuard (tools/lib/containment.py, tools/rust/containment/) checks the bind address at startup and exits if a non-loopback interface is requested. |
| Beacon commands | The beacon enforces a hardcoded allowlist of 8 safe commands (whoami, sysinfo, ls, env, pid, ping, sleep, exec). The exec command is refused outside Docker containers. No dynamic command registration exists. |
| Lab network | The Docker Compose lab (docker-compose.lab.yml) runs on an internal: true network with no internet gateway. All inter-service traffic stays on the Docker bridge. |
| IDOL worm | Persistence demo installs only a harmless cron heartbeat. --cleanup removes it. Credential harvest and recon scripts are read-only and do not exfiltrate data. |
| WASM dashboard | The GitHub Pages interactive dashboard runs on simulated data generated locally in the browser. There is no real C2 server behind it, no outbound HTTP, and no network access from the WASM sandbox. The --c2 live mode is only available in the local CLI. |
| Process isolation | ContainmentGuard enforces non-root execution and tmpdir isolation. Docker environment detection is used as a lab-context gate for destructive operations. |
| v3: Fixture root | Cookie-theft and Entra-abuse tools call guard.assert_under_fixture_root() before reading any file. They refuse to operate on paths outside a declared lab fixture directory (EXPLOIT_FIXTURE_ROOT). |
| v3: IMDS mock enforcement | The K8s post-exploitation module calls guard.assert_imds_is_mock() before every IMDS request. It refuses to proceed if the endpoint resolves to a real cloud-provider metadata address (169.254.169.254, metadata.google.internal). |
| v3: Lab tenant allowlist | Entra-abuse tools check ENTRA_LAB_TENANT_ID and refuse to operate against any tenant not matching it. Production aliases (common, organizations, consumers) are blocked unconditionally. |
| v3: BYOVD gate | Kernel-mode tooling (WS7) is not implemented. Any future implementation requires explicit written authorization recorded in a gitignored file before work begins. Vulnerable driver binaries are never committed; .gitignore covers *.sys. |
| v3: CI enforcement | Three CI scripts in tools/ci/ fail the build if: any offensive module lacks a detection/ directory, any *.sys driver file appears in the repo, or any production Entra tenant alias appears in non-example config files. |
The v3 workstreams (April 2026) add the following capability categories:
Identity-centric post-exploitation:
- Browser session theft (
tools/rust/cookie-theft/) — Chrome v10/v11 cookie decryption, lab fixture only, fixture-root gated - Entra ID abuse (
tools/entra-abuse/) — device-code phishing, PRT simulation, CA bypass against lab mock IdP only - Kubernetes post-exploitation (
tools/post-exploit-staging/commands/k8s_recon/) — pod recon against akindlab cluster
EDR evasion primitives (Rust, Windows-specific, lab only):
- Sleep obfuscation (
tools/rust/sleep-mask/) — Ekko + Foliage, compiles to a no-op stub on Linux - Indirect syscalls (
tools/rust/syscalls/) — Hell's Gate + Tartarus Gate with compile-time allowlist - Telemetry patching (
tools/rust/telemetry-patch/) — ETW + AMSI patching with paired memory-diffing detector
Every offensive module above ships with a detection/ directory containing defender artifacts (Sigma rules, KQL queries, Falco rules, Sysmon configs, or hunting runbooks).
If you identify a vulnerability in research tooling or infrastructure in this repository:
- Do not open a public GitHub issue with exploitation details.
- Open a GitHub Security Advisory (private) via the repository's Security tab, or contact via the email in the commit history.
- Allow reasonable time for review before public disclosure.
This repository does not operate a bug bounty program.
- It is not an offensive-as-a-service or red-team-for-hire offering.
- It does not provide targeting assistance against specific organizations or individuals.
- It does not publish active zero-days, pre-patch advisories, or techniques not already in the public security research corpus.