explaingit

nightmare-eclipse/miniplasma

Analysis updated 2026-05-18

349C#Audience · researcher

TLDR

A proof-of-concept exploit showing an unpatched Windows privilege escalation bug that lets a low-permission program gain full SYSTEM access.

Mindmap

mindmap
  root((MiniPlasma))
    What it does
      Privilege escalation PoC
      SYSTEM shell spawn
      Race condition exploit
    Tech stack
      C Sharp
      Windows
      cldflt.sys driver
    Use cases
      Security research
      Patch verification
      Vulnerability documentation
    Audience
      Security researchers
      Windows admins

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Study how a Windows Cloud Files filter driver race condition can be abused for privilege escalation.

USE CASE 2

Test whether a Windows machine is still vulnerable to a supposedly patched 2020 CVE.

USE CASE 3

Learn how security researchers document and demonstrate unpatched kernel-level flaws.

What is it built with?

C#Windowscldflt.sys

How does it compare?

nightmare-eclipse/miniplasmazettpw/kmstoolsuktrash/lsfg-desktop
Stars349363394
LanguageC#C#C#
Setup difficultyeasyeasy
Complexity2/51/5
Audienceresearcherops devopsgeneral

Figures from each repo's GitHub metadata at analysis time.

In plain English

MiniPlasma is a security research proof-of-concept demonstrating a privilege escalation vulnerability in Windows. Privilege escalation means a program running with limited permissions finds a way to gain full system-level access, in this case, spawning a command shell with SYSTEM privileges, the highest level of access on a Windows machine. The vulnerability exists in a Windows component called cldflt.sys (part of the Cloud Files filter driver). A Google Project Zero researcher named James Forshaw originally discovered and reported this issue to Microsoft in 2020 as CVE-2020-17103, and it was supposedly patched. However, the author of this repository re-investigated and found the same flaw is still present and exploitable, either the patch was never applied or was quietly rolled back. The exploit takes advantage of a race condition, meaning it works by timing two operations to happen simultaneously in a way the code doesn't safely handle. The readme notes the success rate can vary for this reason. The author believes all Windows versions are affected. This is a research tool used to demonstrate and document the unpatched issue.

Copy-paste prompts

Prompt 1
Explain in plain terms what privilege escalation means using the MiniPlasma exploit as an example.
Prompt 2
Walk me through what a race condition is and why MiniPlasma's success rate varies because of it.
Prompt 3
Summarize the history of CVE-2020-17103 and why MiniPlasma says it is still exploitable.
Prompt 4
What precautions should I take before running a security proof-of-concept like MiniPlasma on my machine?

Frequently asked questions

What is miniplasma?

A proof-of-concept exploit showing an unpatched Windows privilege escalation bug that lets a low-permission program gain full SYSTEM access.

What language is miniplasma written in?

Mainly C#. The stack also includes C#, Windows, cldflt.sys.

Who is miniplasma for?

Mainly researcher.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.