Windows Exploit Research — Sources
Provenance pages for the Windows Exploit Research ingest. Each entry catalogues a raw source (Patch-Tuesday writeup, CVE blog, kernel-internals article) used to derive the wiki’s CVE and kernel pages. Sources whose filename matches a published CVE page are auto-marked integrated.
Total catalogued: 60 files (integrated: 23, catalogued: 37)
Integrated (23)
| Source | File |
|---|---|
| A trick, the story of CVE 2024 26230 | A trick, the story of CVE-2024-26230.md |
| All I Want for Christmas is a CVE 2024 30085 Exploit | All I Want for Christmas is a CVE-2024-30085 Exploit.md |
| Analysis of a Windows IPv6 Fragmentation Vulnerability CVE 2021 24086 | Analysis of a Windows IPv6 Fragmentation Vulnerability_ CVE-2021-24086.md |
| Analysis of Microsoft CVE 2022 21907 | Analysis of Microsoft CVE-2022-21907.md |
| Break me out of sandbox in old pipe CVE 2022 22715 Windows Dirty Pipe | Break me out of sandbox in old pipe - CVE-2022-22715 Windows Dirty Pipe.md |
| Critical Analysis of CVE-2024-38063: The | CVE-2024-38063 Critical Analysis.md |
| CVE 2020 16898 – Exploiting “Bad Neighbor” vulnerability pi3 blog | CVE-2020-16898 – Exploiting “Bad Neighbor” vulnerability _ pi3 blog.md |
| CVE 2021 31956 Exploiting the Windows Kernel (NTFS with WNF) part1 | CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF)-part1.md |
| CVE 2021 31956 Exploiting the Windows Kernel (NTFS with WNF) part2 | CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF)-part2.md |
| CVE 2024 26230 Windows Telephony Service It’s Got Some Call ing Issues (Elevation of Privilege) | CVE-2024-26230_ Windows Telephony Service - It's Got Some Call-ing Issues (Elevation of Privilege).md |
| CVE 2024 38063 Remotely Exploiting The Kernel Via IPv6 | CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6.md |
| CVE 2024 38063 – Windows TCP IP Vulnerability Explained | CVE-2024-38063 – Windows TCP_IP Vulnerability Explained.md |
| CVE 2026 20820 Root Cause Analysis | CVE-2026-20820 Root Cause Analysis.md |
| Deep dive into CVE 2025 29824 in Windows | Deep dive into CVE-2025-29824 in Windows.md |
| Exploitation of a kernel pool overflow from a restrictive chunk size (CVE 2021 31969) | Exploitation of a kernel pool overflow from a restrictive chunk size (CVE-2021-31969).md |
| HN Security CVE 2024 49138 Windows CLFS heap based buffer overflow analysis | HN Security CVE-2024-49138 Windows CLFS heap-based buffer overflow analysis.md |
My Blind Date with CVE 2025 29824 | My Blind Date with CVE-2025-29824.md |
| NT OS Kernel Information Disclosure Vulnerability CVE 2025 53136 | NT OS Kernel Information Disclosure Vulnerability - CVE-2025-53136.md |
| Reverse engineering tcpip.sys mechanics of a packet of the death (CVE 2021 24086) | Reverse-engineering tcpip.sys_ mechanics of a packet of the death (CVE-2021-24086).md |
| Understanding the CVE 2022 37969 Windows Common Log File System Driver Local Privilege Escalation | Understanding the CVE-2022-37969 Windows Common Log File System Driver Local Privilege Escalation.md |
| Windows AppLocker Driver LPE Vulnerability CVE 2024 21338 | Windows AppLocker Driver LPE Vulnerability - CVE-2024-21338.md |
| Windows CLFS Zero Day Vulnerability CVE 2022 37969 part1 | Windows CLFS Zero-Day Vulnerability CVE-2022-37969-part1.md |
| Windows CLFS Zero Day Vulnerability CVE 2022 37969 part2 | Windows CLFS Zero-Day Vulnerability CVE-2022-37969-part2.md |
Catalogued (37)
| Source | File | |
|---|---|---|
| [Research] Walking Through Windows Minifilter Drivers (EN) | [Research] Walking Through Windows Minifilter Drivers (EN).md | |
| Anatomy of an Exploit RCE with SIGRed | Anatomy of an Exploit - RCE with SIGRed.md | |
| DirectX to the Kernel | DirectX to the Kernel.md | |
| Dissecting and Exploiting TCP IP RCE Vulnerability “EvilESP” | Dissecting and Exploiting TCP_IP RCE Vulnerability “EvilESP”.md | |
| Exploit Development Browser Exploitation on Windows CVE 2019 0567, A Microsoft Edge Type Confusion Vulnerability (Part 1) | Exploit Development_ Browser Exploitation on Windows - CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 1).md | |
| Exploit Development Browser Exploitation on Windows CVE 2019 0567, A Microsoft Edge Type Confusion Vulnerability (Part 2) | Exploit Development_ Browser Exploitation on Windows - CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 2).md | |
| Exploit Development Browser Exploitation on Windows CVE 2019 0567, A Microsoft Edge Type Confusion Vulnerability (Part 3) | Exploit Development_ Browser Exploitation on Windows - CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 3).md | |
| Exploit Development Investigating Kernel Mode Shadow Stacks on Windows | Exploit Development_ Investigating Kernel Mode Shadow Stacks on Windows.md | |
| [Exploiting Reversing (ER) series | Article 0 6](/wiki/sources/windows-exploit-research/exploit-reversing-06/) | exploit_reversing_06.md |
| [Exploiting Reversing (ER) series | Article 0 7](/wiki/sources/windows-exploit-research/exploit-reversing-07/) | exploit_reversing_07.md |
| [Exploiting Reversing (ER) series | Article 08](/wiki/sources/windows-exploit-research/exploit-reversing-08/) | exploit_reversing_08.md |
| Exploiting Reversing (ER) series: | exploit_reversing_01.md | |
| Exploiting Reversing (ER) series: | exploit_reversing_02.md | |
| Exploiting Reversing (ER) series: | exploit_reversing_05.md | |
| Exploiting WRMSR in vulnerable drivers | Exploiting WRMSR in vulnerable drivers.md | |
| Frame by Frame, Kernel Streaming Keeps Giving Vulnerabilities | Frame by Frame, Kernel Streaming Keeps Giving Vulnerabilities.md | |
| From URGENT 11 to Frag 44 Analysis of Critical Vulnerabilities in the Windows TCP IP Stack | From URGENT_11 to Frag_44_ Analysis of Critical Vulnerabilities in the Windows TCP_IP Stack.md | |
| Hunting for Bugs in Windows Mini Filter Drivers | Hunting for Bugs in Windows Mini-Filter Drivers.md | |
| Introducing Windows Notification Facility’s (WNF) Code Integrity | Introducing Windows Notification Facility’s (WNF) Code Integrity.md | |
| Isolate me from sandbox Explore elevation of privilege of CNG Key Isolation | Isolate me from sandbox - Explore elevation of privilege of CNG Key Isolation.md | |
| One I O Ring to Rule Them All A Full Read Write Exploit Primitive on Windows 11 – Winsider Seminars & Solutions Inc. | One I_O Ring to Rule Them All_ A Full Read_Write Exploit Primitive on Windows 11 – Winsider Seminars & Solutions Inc..md | |
| PuzzleMaker attacks with Chrome zero day exploit chain | PuzzleMaker attacks with Chrome zero-day exploit chain.md | |
| Security mitigation for the Common Log Filesystem (CLFS) | Security mitigation for the Common Log Filesystem (CLFS).md | |
| Streaming vulnerabilities from Windows Kernel Proxying to Kernel Part I | Streaming vulnerabilities from Windows Kernel - Proxying to Kernel - Part I.md | |
| Streaming vulnerabilities from Windows Kernel Proxying to Kernel Part II | Streaming vulnerabilities from Windows Kernel - Proxying to Kernel - Part II.md | |
| Windows CLFS and five exploits used by ransomware operators | Windows CLFS and five exploits used by ransomware operators.md | |
| Windows CLFS and five exploits used by ransomware operators (Exploit #1 | Windows CLFS and five exploits used by ransomware operators (Exploit #1.md | |
| Windows CLFS and five exploits used by ransomware operators (Exploit #2 | Windows CLFS and five exploits used by ransomware operators (Exploit #2.md | |
| Windows CLFS and five exploits used by ransomware operators (Exploit #3 | Windows CLFS and five exploits used by ransomware operators (Exploit #3.md | |
| Windows CLFS and five exploits used by ransomware operators (Exploit #4 | Windows CLFS and five exploits used by ransomware operators (Exploit #4.md | |
| Windows CLFS and five exploits used by ransomware operators (Exploit #5 | Windows CLFS and five exploits used by ransomware operators (Exploit #5.md | |
| Windows Internals Check Your Privilege The Curious Case of ETW’s SecurityTrace Flag | Windows Internals_ Check Your Privilege - The Curious Case of ETW’s SecurityTrace Flag.md | |
| Windows Internals Secure Calls The Bridge Between The NT Kernel and Secure Kernel | Windows Internals_ Secure Calls - The Bridge Between The NT Kernel and Secure Kernel.md | |
| Windows Kernel Exploitation HEVD on Windows 10 22H2 | Windows Kernel Exploitation_ HEVD on Windows 10 22H2.md | |
| Windows Kernel Logic Bug Class Access Mode Mismatch in IO Manager | Windows Kernel Logic Bug Class_ Access Mode Mismatch in IO Manager.md | |
| WNF Chronicles I Introduction | WNF Chronicles I_ Introduction.md |