explaingit

msnightmare/rogueplanet

Analysis updated 2026-05-18

1,256C++Audience · researcher

TLDR

A proof of concept exploit for a Windows Defender race condition bug that can spawn a SYSTEM level shell.

Mindmap

mindmap
  root((RoguePlanet))
    What it does
      Windows Defender bug
      Race condition timing
      Spawns SYSTEM shell
    Tech stack
      C++
      Windows internals
    Tested on
      Windows 11 official
      Windows 11 Canary
      Windows 10 June patch
    Limitations
      Not reliable every run
      Fails on Windows Server
      No install docs
    Audience
      Security researchers
      Penetration testers

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Study how a real world Windows privilege escalation vulnerability was discovered and exploited.

USE CASE 2

Test whether your own Windows 10 or Windows 11 systems are affected by this specific Defender bug.

USE CASE 3

Learn what a race condition vulnerability looks like in practice.

What is it built with?

C++Windows

How does it compare?

msnightmare/rogueplanetendee-io/endeemicrosoft/intelligent-terminal
Stars1,2561,3201,349
LanguageC++C++C++
Last pushed2026-07-03
MaintenanceActive
Setup difficultymoderateeasy
Complexity4/53/5
Audienceresearcherdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

In plain English

RoguePlanet is a proof of concept exploit targeting a vulnerability in Windows Defender. It was published by a security researcher to document a race condition bug, which is a type of flaw where the outcome depends on timing between different parts of a program running at the same time. Because of that timing dependence, the exploit does not work every single time. The author reports getting a 100 percent success rate on some machines while it struggled on others. The proof of concept has been tested on Windows 11, both the official release channel and the Canary preview channel, as well as on Windows 10 with the June 2026 security patch installed. It does not currently work on Windows Server editions, because the technique relies on mounting an ISO disk image, and standard user accounts on Windows Server are not allowed to do that. The author states they believe Windows Server installations share the same underlying vulnerability, but the proof of concept would need to be redesigned to actually demonstrate it there. When the exploit succeeds, it spawns a SYSTEM level command shell. On Windows, SYSTEM is the highest level of privilege a process can normally run with, higher than a typical administrator account. Getting a SYSTEM shell from a lower privileged starting point is what security researchers call a privilege escalation, and it is the core purpose of this project. The README notes that the race condition behavior is interesting enough that a more careful redesign might make the exploit succeed consistently, but the author says they are finished working on this particular bug for now. This is written in C++ and is aimed at security researchers, penetration testers, and anyone studying Windows vulnerability research rather than general software developers. There is no installation guide, no usage instructions, and no license information in the README, so anyone using this code should treat it as raw research material rather than a maintained tool.

Copy-paste prompts

Prompt 1
Explain in simple terms what a race condition vulnerability is and why it is unreliable to exploit.
Prompt 2
Walk me through what SYSTEM level privilege escalation means on Windows and why it matters.
Prompt 3
Summarize the testing conditions this exploit was verified on and where it does not work.
Prompt 4
What would need to change for this exploit to also work on Windows Server?

Frequently asked questions

What is rogueplanet?

A proof of concept exploit for a Windows Defender race condition bug that can spawn a SYSTEM level shell.

What language is rogueplanet written in?

Mainly C++. The stack also includes C++, Windows.

Who is rogueplanet for?

Mainly researcher.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.