A series of open-source exploit proof-of-concepts (PoCs) for authorized vulnerability testing and detection engineering. Each PoC reproduces a specific, publicly disclosed (and typically patched) vulnerability or technique so blue teams can validate detections in a lab.
⚠️ Authorized test-environment use only. These are for defenders, researchers, and CTF/lab use — not real-world attack operations. Every pack is benign by default (impactful actions are gated behind clearly-labeled, off-by-default switches) and ships with detection content. See CLAUDE.md for the repo's conventions and safety guardrails.
| Pack | Vuln / Technique | Severity | Type | Highlights |
|---|---|---|---|---|
| CVE-2025-21293-PoC | AD DS / Network Configuration Operators LPE → SYSTEM | CVSS 8.8 | Local priv-esc | Performance-counter DLL load; benign proof payload; Sysmon/Sigma |
| CVE-2025-59287-PoC | WSUS unauthenticated RCE (.NET deserialization) | CVSS 9.8 · KEV | Unauth RCE | AuthorizationCookie gadget via SOAP; benign cmd default; Sigma + KQL |
| CVE-2025-31324-PoC | SAP NetWeaver Visual Composer unauth file-upload RCE | CVSS 9.8/10.0 · KEV | Unauth RCE | Metadata Uploader; benign fingerprint JSP + self-destruct; Sigma/YARA/KQL |
| T1003.001-LSASS-comsvcs-PoC | LSASS credential dump via comsvcs.dll | ATT&CK T1003.001 | Credential access | Detection-first; dry-run trigger; Sysmon/Sigma/KQL + hardening |
Each pack is a self-contained directory (<CVE-or-technique>-PoC/) with its own
README.md, an exploit/trigger driver, any payload source, lab setup notes, and
a detection/ folder. Packs are runnable and cleanable in isolation.
- Read that pack's
README.md— it states the lab requirements, the authorization expectations, and the exact run/cleanup steps. - Stand up an isolated, snapshotted lab target (never production / internet-exposed).
- Run the PoC, confirm your detections fire, then clean up.
Provided for lawful, authorized security testing and education only. You are responsible for ensuring you have explicit permission to test any target. The authors assume no liability for misuse.