After successful exploitation an agent will be installed. The process being exploited is the winlogon process. Execute the 'RevertToSelf' module after exploitation to get SYSTEM access.

This module exploits a vulnerability in "wins.exe" sending crafted UDP packets to the WINS-RPC local port.

This module exploits a null pointer dereference in win32k.sys by abusing of xxxSendMessageTimeout function. The TrackPopupMenu API function is used to trigger the vulnerability.

An uninitialized pointer is used by windows kernel when the "FlattenPath" function is called in the middle of a kernel heap exhaustion.

This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters. When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption.

This module duplicates, modifies and loads a keyboard layout file exploiting a bug in the "xxxKENLSProcs" function of "win32k.sys".

An elevation of privilege vulnerability exists when the Windows kernel improperly handles window broadcast messages. This module exploits the vulnerability, and installs an agent running as a medium integrity level process.

When the "DisplayConfigGetDeviceInfo" function is called with crafted parameters a heap overflow is produced into Windows kernel.

When a crafted ".TTF" file is loaded by Windows Kernel this produces a kernel heap overflow. This module exploits this vulnerability filling the kernel memory via heap spraying and building a fake chunk header.