In this two part blog post series we present KTIMER hijacking, a novel post-exploitation technique that delays the execution of kernel-mode payloads. In the first part whe focussed on Windows 11 timer internals and deferred procedure calls and showed that we can hijack KTIMER and KDCP objects to delay the execution of a function pointer. This second part focusses on implementing these findings in a proof of concept, illustrating the delay in execution of a kernel-mode payload.