{"id":21027586,"url":"https://github.com/caledoniaproject/drivers-binaries","last_synced_at":"2026-03-17T17:09:24.248Z","repository":{"id":53342753,"uuid":"289257205","full_name":"CaledoniaProject/drivers-binaries","owner":"CaledoniaProject","description":"Exploitable drivers, you know what I mean","archived":false,"fork":false,"pushed_at":"2024-03-29T02:23:33.000Z","size":4259,"stargazers_count":130,"open_issues_count":0,"forks_count":25,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-01-20T14:48:52.762Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CaledoniaProject.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-08-21T11:49:58.000Z","updated_at":"2025-01-15T16:10:25.000Z","dependencies_parsed_at":"2024-11-19T11:58:24.666Z","dependency_job_id":"ed86a8e4-f6c5-4cbf-bd13-013fc87aaffe","html_url":"https://github.com/CaledoniaProject/drivers-binaries","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CaledoniaProject%2Fdrivers-binaries","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CaledoniaProject%2Fdrivers-binaries/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CaledoniaProject%2Fdrivers-binaries/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CaledoniaProject%2Fdrivers-binaries/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CaledoniaProject","download_url":"https://codeload.github.com/CaledoniaProject/drivers-binaries/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243467025,"owners_count":20295306,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-19T11:51:44.329Z","updated_at":"2025-12-26T17:51:47.494Z","avatar_url":"https://github.com/CaledoniaProject.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"## Links\n\nIncluded\n\n* rentdrv2_x32/rentdrv2_x64\n  * https://github.com/keowu/BadRentdrv2\n* LenovoDiagnosticsDriver.sys\n  * https://github.com/alfarom256/CVE-2022-3699/\n* mhyprot2.sys\n  * https://github.com/kkent030315/libmhyprot\n  * https://github.com/HadesW/mhy_exp\n* [aswArPot.sys: Yours Truly, Signed AV Driver: Weaponizing An Antivirus Driver](https://www.aon.com/cyber-solutions/aon_cyber_labs/yours-truly-signed-av-driver-weaponizing-an-antivirus-driver/)\n* [atillk64.sys: CVE-2020-12138 Exploit Proof-of-Concept, Privilege Escalation in ATI Technologies Inc. Driver atillk64.sys](https://h0mbre.github.io/atillk64_exploit)\n* [MSIO64.sys: Kernel exploitation: weaponizing CVE-2020-17382 MSI Ambient Link driver](https://www.matteomalvica.com/blog/2020/09/24/weaponizing-cve-2020-17382/)\n* [Exploiting System Mechanic Driver - from zero knowledge about driver exploitation to SYSTEM](https://voidsec.com/exploiting-system-mechanic-driver/)\n* [dbutil_2_3.sys: CVE-2021-21551- Hundreds Of Millions Of Dell Computers At Risk Due to Multiple BIOS Driver Privilege Escalation Flaws](https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/)\n  * https://github.com/nanabingies/CVE-2021-21551\n  * https://github.com/rapid7/metasploit-framework/pull/15190/files\n* HW.sys\n  * https://decoded.avast.io/janvojtesek/the-return-of-candiru-zero-days-in-the-middle-east/\n* RTCore64.sys\n  * https://raw.githubusercontent.com/Barakat/CVE-2019-16098/master/CVE-2019-16098.cpp\n  * https://hitcon.org/2022/slides/Hack%20The%20Real%20Box_an%20analysis%20of%20multiple%20campaigns%20by%20APT41's%20subgroup%20Earth%20Longzhi.pdf\n    * AVBurner: 4b1b1a1293ccd2c0fd51075de9376ebb55ab64972da785153fcb0a4eb523a5eb\n    * ProcBurner: 30b64628aae642380147c7671ea8f864b13c2d2affaaea34c4c9512c8a779225\n* cpuz-1.0.4.1.sys\n  * https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html\n* kprocesshacker\n  * https://www.crowdstrike.com/blog/how-doppelpaymer-hunts-and-kills-windows-processes/\n  * https://github.com/winsiderss/systeminformer/releases\n* sandra.sys\n  * https://securelist.com/unraveling-the-lamberts-toolkit/77990/\n  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1592\n* GMER.sys\n  * https://github.com/ZeroMemoryEx/Blackout/tree/master/driver\n\nUnverified\n\n* [CyberSecurityUP/ProcessKiller-BYOVD - BYOVD Technique Example using viragt64 driver](https://github.com/CyberSecurityUP/ProcessKiller-BYOVD)\n* [0vercl0k/CVE-2021-32537 - PoC for CVE-2021-32537: an out-of-bounds memory access that leads to pool corruption in the Windows kernel](https://github.com/0vercl0k/CVE-2021-32537)\n* [stong/CVE-2020-15368 - How to exploit a vulnerable windows driver. Exploit for AsrDrv104.sys](https://github.com/stong/CVE-2020-15368)\n* [kkent030315/MsIoExploit - Exploit MsIo vulnerable driver](https://github.com/kkent030315/MsIoExploit)\n* [kasif-dekel/OSR_DeviceTree_Vuln - OSR DeviceTree Local Privilege Escalation](https://github.com/kasif-dekel/OSR_DeviceTree_Vuln/blob/main/README.md)\n* [Signed kernel drivers – Unguarded gateway to Windows core](https://www.welivesecurity.com/2022/01/11/signed-kernel-drivers-unguarded-gateway-windows-core)\n\nVulns - see bin-elastic\n\n* https://github.com/elastic/protections-artifacts/tree/main/yara/rules\n* https://www.elastic.co/cn/security-labs/stopping-vulnerable-driver-attacks\n\nScrewed drivers\n\n* https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md\n\nLol drivers\n\n* https://www.loldrivers.io\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcaledoniaproject%2Fdrivers-binaries","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcaledoniaproject%2Fdrivers-binaries","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcaledoniaproject%2Fdrivers-binaries/lists"}