Windows HTTP.sys Elevation of Privilege Vulnerability

Repository contains two C source files and two Markdown documents. The main executable PoC is Exploit.c, a Windows Winsock-based client that connects to 127.0.0.1:80 and sends a handcrafted HTTP request with a custom header, X-Trigger-Ptr, followed by 8 raw bytes (default all 0x00). The code carefully uses memcpy and send(..., offset, ...) so embedded null bytes are transmitted intact, indicating the core research goal is to test whether HTTP.sys mishandles binary header data and dereferences attacker-controlled pointer content. Exploit_advanced.c is not a complete standalone exploit; it is a helper-style payload builder that constructs a more realistic HTTP request to /index.php with randomized parameters and the same pointer-bearing header. README.md frames the repository as research for CVE-2026-21250, described as an HTTP.sys untrusted pointer dereference leading to local privilege escalation on recent Windows 11 and Windows Server builds. Use.md contains conceptual offensive notes on heap spraying, header obfuscation, keep-alive/race-condition ideas, and post-exploitation tradecraft, but these are documentation only and not implemented in the code. Overall, this is a low-maturity proof-of-concept/research repository: it demonstrates malformed network input delivery to HTTP.sys, but it does not include a working privilege-escalation chain, shellcode delivery, or reliable SYSTEM-level payload.