This repository contains public exploits, proof-of-concepts, and security research from Trail of Bits. These are primarily developed for security research, penetration testing, and educational purposes.
Each directory contains its own README with detailed setup instructions and usage examples. Most exploits require specific hardware or virtualized environments to run properly.
These exploits are provided for educational and research purposes only. Use only on systems you own or have explicit permission to test. Trail of Bits is not responsible for any misuse of these tools.
For questions or contributions, please open an issue or pull request on this repository.
Apache 2.0
See LICENSE file for more details.
BitDefender Box 1 firmware downgrade and command injection exploit chain. Exploits unauthenticated firmware downgrade vulnerability to upload older signed firmware containing command injection vulnerability.
Netgear WGR614v9 router exploit chains. Multiple vulnerability chains including authentication bypass, BSS overflow, and stack-based buffer overflows for remote code execution.
Sleepy pickle exploit implementation. It demonstrates ML model compromission using malicious pickle files leading to user data theft, harmful content generation, and phishing. The repository also demonstrates how to make the exploit self-replicating accross local pickle files.
