I wonder why people call my post a tutorial, it's not, it's a technical writeup on how to exploit metldr, with several (brand new) now documented exploits and the explanation on how the leaked .self file works.
It's not some guide on how to use the leaked files themselves (that's just compiling the leaked spp_verifier_direct port and using it to load the self as a loader), It's really about how the exploit works (something only the author of the leaked files would be able to explain) and also about how metldr could be entirely exploited from scratch even without knowing the loader keys with the help of another exploit I disclosed in my post (one the leaked files did not use).

Reply · Report Post