{"id":13540218,"url":"https://github.com/hacksysteam/hacksysextremevulnerabledriver","last_synced_at":"2026-01-28T10:17:07.861Z","repository":{"id":32831721,"uuid":"36424832","full_name":"hacksysteam/HackSysExtremeVulnerableDriver","owner":"hacksysteam","description":"HackSys Extreme Vulnerable Driver (HEVD) - Windows \u0026 Linux","archived":false,"fork":false,"pushed_at":"2024-02-03T09:13:11.000Z","size":1835,"stargazers_count":2337,"open_issues_count":14,"forks_count":522,"subscribers_count":96,"default_branch":"master","last_synced_at":"2024-05-18T21:56:02.357Z","etag":null,"topics":["buffer-overflow","driver","exploit-development","exploitation","hevd","info-leak","kernel","linux","memory-corruption","type-confusion","uaf","vulnerabilities","windows"],"latest_commit_sha":null,"homepage":"https://hacksys.io","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hacksysteam.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-05-28T08:24:56.000Z","updated_at":"2024-07-24T05:44:56.712Z","dependencies_parsed_at":"2023-01-14T22:22:22.584Z","dependency_job_id":"9b092076-575a-4e49-b53a-a09a3fb4e398","html_url":"https://github.com/hacksysteam/HackSysExtremeVulnerableDriver","commit_stats":{"total_commits":162,"total_committers":13,"mean_commits":"12.461538461538462","dds":0.1049382716049383,"last_synced_commit":"b02b6ea3ce4b53652348ac8fa5cc7e96b4e6c999"},"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hacksysteam%2FHackSysExtremeVulnerableDriver","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hacksysteam%2FHackSysExtremeVulnerableDriver/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hacksysteam%2FHackSysExtremeVulnerableDriver/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hacksysteam%2FHackSysExtremeVulnerableDriver/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hacksysteam","download_url":"https://codeload.github.com/hacksysteam/HackSysExtremeVulnerableDriver/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246774205,"owners_count":20831490,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["buffer-overflow","driver","exploit-development","exploitation","hevd","info-leak","kernel","linux","memory-corruption","type-confusion","uaf","vulnerabilities","windows"],"created_at":"2024-08-01T09:01:42.979Z","updated_at":"2026-01-28T10:17:07.817Z","avatar_url":"https://github.com/hacksysteam.png","language":"C","readme":"# HackSys Extreme Vulnerable Driver\n\n               ooooo   ooooo oooooooooooo oooooo     oooo oooooooooo.   \n               `888'   `888' `888'     `8  `888.     .8'  `888'   `Y8b  \n                888     888   888           `888.   .8'    888      888 \n                888ooooo888   888oooo8       `888. .8'     888      888 \n                888     888   888    \"        `888.8'      888      888 \n                888     888   888       o      `888'       888     d88' \n               o888o   o888o o888ooooood8       `8'       o888bood8P'   \n\n------------------------------------------------------------------------\n\n[![Black Hat Arsenal](https://www.toolswatch.org/badges/arsenal/2016.svg)](https://www.blackhat.com/asia-16/arsenal.html#hacksys-extreme-vulnerable-driver)\n[![Appveyor Build Status](https://ci.appveyor.com/api/projects/status/o0i4crgqxjfnqf1s/branch/master?svg=true)](https://ci.appveyor.com/project/hacksysteam/hacksysextremevulnerabledriver/branch/master)\n[![GitHub all Releases](https://img.shields.io/github/downloads/hacksysteam/HackSysExtremeVulnerableDriver/total)](https://github.com/hacksysteam/HackSysExtremeVulnerableDriver/releases)\n[![Twitter Follow](https://img.shields.io/twitter/follow/HackSysTeam?style=social)](https://twitter.com/HackSysTeam)\n[![Mastodon Follow](https://img.shields.io/mastodon/follow/109291325205105061?domain=https%3A%2F%2Finfosec.exchange\u0026style=social)](https://infosec.exchange/@hacksysteam)\n[![Discord Server](https://dcbadge.vercel.app/api/server/ns32uNhaq7?style=flat)](https://discord.com/invite/ns32uNhaq7)\n\nThe **HackSys Extreme Vulnerable Driver (HEVD)** is a **Windows Kernel** driver that is intentionally vulnerable. It has been developed for **security researchers** and **enthusiasts** to improve their skills in **kernel-level** exploitation.\n\n**HEVD** offers a range of vulnerabilities, from simple **stack buffer overflows** to more complex issues such as **use-after-free**, **pool buffer overflows**, and **race conditions**. This allows researchers to explore exploitation techniques for each implemented vulnerability.\n\n\n## Black Hat Arsenal 2016\n\n* [Presentation](https://www.blackhat.com/docs/asia-16/materials/arsenal/asia-16-Ansari-HackSys-Extreme-Vulnerable-Driver.pdf)\n* [White Paper](https://www.blackhat.com/docs/asia-16/materials/arsenal/asia-16-Ansari-HackSys-Extreme-Vulnerable-Driver-wp.pdf)\n\n\n## Blog Post\n\n* \u003chttp://www.payatu.com/hacksys-extreme-vulnerable-driver/\u003e\n\n\n## External Exploits\n\n* \u003chttps://github.com/wetw0rk/Exploit-Development/tree/master/HEVD-Exploits\u003e\n* \u003chttps://github.com/sam-b/HackSysDriverExploits\u003e\n* \u003chttps://github.com/sizzop/HEVD-Exploits\u003e\n* \u003chttps://github.com/badd1e/bug-free-adventure\u003e\n* \u003chttps://github.com/FuzzySecurity/HackSysTeam-PSKernelPwn\u003e\n* \u003chttps://github.com/theevilbit/exploits/tree/master/HEVD\u003e\n* \u003chttps://github.com/GradiusX/HEVD-Python-Solutions\u003e\n* \u003chttp://pastebin.com/ALKdpDsF\u003e\n* \u003chttps://github.com/Cn33liz/HSEVD-StackOverflow\u003e\n* \u003chttps://github.com/Cn33liz/HSEVD-StackOverflowX64\u003e\n* \u003chttps://github.com/Cn33liz/HSEVD-StackCookieBypass\u003e\n* \u003chttps://github.com/Cn33liz/HSEVD-ArbitraryOverwrite\u003e\n* \u003chttps://github.com/Cn33liz/HSEVD-ArbitraryOverwriteGDI\u003e\n* \u003chttps://github.com/Cn33liz/HSEVD-StackOverflowGDI\u003e\n* \u003chttps://github.com/Cn33liz/HSEVD-ArbitraryOverwriteLowIL\u003e\n* \u003chttps://github.com/mgeeky/HEVD_Kernel_Exploit\u003e\n* \u003chttps://github.com/tekwizz123/HEVD-Exploit-Solutions\u003e\n* \u003chttps://github.com/FULLSHADE/Windows-Kernel-Exploitation-HEVD\u003e\n* \u003chttps://github.com/w4fz5uck5/3XPL01t5/tree/master/OSEE_Training\u003e\n\n\n## External Blog Posts\n\n* \u003chttps://wetw0rk.github.io/posts/0x00-introduction-to-windows-kernel-exploitation/\u003e\n* \u003chttps://wetw0rk.github.io/posts/0x00-introducci%C3%B3n-a-windows-kernel-explotaci%C3%B3n/\u003e\n* \u003chttps://wetw0rk.github.io/posts/0x01-killing-windows-kernel-mitigations/\u003e\n* \u003chttps://wetw0rk.github.io/posts/0x01-mat%C3%A1ndo-windows-kernel-mitigaciones/\u003e\n* \u003chttps://wetw0rk.github.io/posts/0x02-introduction-to-windows-kernel-uafs/\u003e\n* \u003chttps://wetw0rk.github.io/posts/0x02-introducci%C3%B3n-a-windows-kernel-uafs/\u003e\n* \u003chttps://wetw0rk.github.io/posts/0x03-approaching-the-modern-windows-kernel-heap/\u003e\n* \u003chttps://wetw0rk.github.io/posts/0x03-acerc%C3%A1ndose-al-heap-moderno-del-windows-kernel/\u003e\n* \u003chttps://wetw0rk.github.io/posts/0x04-writing-what-where-in-the-kernel/\u003e\n* \u003chttps://wetw0rk.github.io/posts/0x04-escribiendo-que-donde-en-el-kernel/\u003e\n* \u003chttps://wetw0rk.github.io/posts/0x05-introduction-to-windows-kernel-type-confusion-vulnerabilities/\u003e\n* \u003chttps://wetw0rk.github.io/posts/0x05-introducci%C3%B3n-a-windows-kernel-type-confusion-vulnerabilidades/\u003e\n* \u003chttps://wetw0rk.github.io/posts/0x06-approaching-modern-windows-kernel-type-confusions/\u003e\n* \u003chttps://wetw0rk.github.io/posts/0x06-acerc%C3%A1ndose-a-windows-kernel-type-confusions-modernos/\u003e\n* \u003chttps://wetw0rk.github.io/posts/0x07-introduction-to-windows-kernel-race-conditions/\u003e\n* \u003chttps://wetw0rk.github.io/posts/0x07-introducci%C3%B3n-a-windows-kernel-race-conditions/\u003e\n* \u003chttps://wetw0rk.github.io/posts/0x08-modern-windows-kernel-race-conditions/\u003e\n* \u003chttps://wetw0rk.github.io/posts/0x08-race-conditions-moderno-del-windows-kernel/\u003e\n* \u003chttps://wetw0rk.github.io/posts/0x09-return-of-the-stack-overflow/\u003e\n* \u003chttps://wetw0rk.github.io/posts/0x09-el-regreso-del-stack-overflow/\u003e\n* \u003chttp://niiconsulting.com/checkmate/2016/01/windows-kernel-exploitation/\u003e\n* \u003chttp://samdb.xyz/2016/01/16/intro_to_kernel_exploitation_part_0.html\u003e\n* \u003chttp://samdb.xyz/2016/01/17/intro_to_kernel_exploitation_part_1.html\u003e\n* \u003chttp://samdb.xyz/2016/01/18/intro_to_kernel_exploitation_part_2.html\u003e\n* \u003chttp://samdb.xyz/2017/06/22/intro_to_kernel_exploitation_part_3.html\u003e\n* \u003chttps://sizzop.github.io/2016/07/05/kernel-hacking-with-hevd-part-1.html\u003e\n* \u003chttps://sizzop.github.io/2016/07/06/kernel-hacking-with-hevd-part-2.html\u003e\n* \u003chttps://sizzop.github.io/2016/07/07/kernel-hacking-with-hevd-part-3.html\u003e\n* \u003chttps://sizzop.github.io/2016/07/08/kernel-hacking-with-hevd-part-4.html\u003e\n* \u003chttps://www.fuzzysecurity.com/tutorials/expDev/14.html\u003e\n* \u003chttps://www.fuzzysecurity.com/tutorials/expDev/15.html\u003e\n* \u003chttps://www.fuzzysecurity.com/tutorials/expDev/16.html\u003e\n* \u003chttps://www.fuzzysecurity.com/tutorials/expDev/17.html\u003e\n* \u003chttps://www.fuzzysecurity.com/tutorials/expDev/18.html\u003e\n* \u003chttps://www.fuzzysecurity.com/tutorials/expDev/19.html\u003e\n* \u003chttps://www.fuzzysecurity.com/tutorials/expDev/20.html\u003e\n* \u003chttp://dokydoky.tistory.com/445\u003e\n* \u003chttps://hshrzd.wordpress.com/2017/05/28/starting-with-windows-kernel-exploitation-part-1-setting-up-the-lab/\u003e\n* \u003chttps://hshrzd.wordpress.com/2017/06/05/starting-with-windows-kernel-exploitation-part-2/\u003e\n* \u003chttps://hshrzd.wordpress.com/2017/06/22/starting-with-windows-kernel-exploitation-part-3-stealing-the-access-token/\u003e\n* \u003chttps://osandamalith.com/2017/04/05/windows-kernel-exploitation-stack-overflow/\u003e\n* \u003chttps://osandamalith.com/2017/06/14/windows-kernel-exploitation-arbitrary-overwrite/\u003e\n* \u003chttps://osandamalith.com/2017/06/22/windows-kernel-exploitation-null-pointer-dereference/\u003e\n* \u003chttp://dali-mrabet1.rhcloud.com/windows-kernel-exploitation-arbitrary-memory-overwrite-hevd-challenges/\u003e\n* \u003chttps://blahcat.github.io/2017/08/31/arbitrary-write-primitive-in-windows-kernel-hevd/\u003e\n* \u003chttps://klue.github.io/blog/2017/09/hevd_stack_gs/\u003e\n* \u003chttps://glennmcgui.re/introduction-to-windows-kernel-exploitation-pt-1/\u003e\n* \u003chttps://glennmcgui.re/introduction-to-windows-kernel-driver-exploitation-pt-2/\u003e\n* \u003chttps://kristal-g.github.io/2021/02/07/HEVD_StackOverflowGS_Windows_10_RS5_x64.html\u003e\n* \u003chttps://kristal-g.github.io/2021/02/20/HEVD_Type_Confusion_Windows_10_RS5_x64.html\u003e\n* \u003chttps://wafzsucks.medium.com/hacksys-extreme-vulnerable-driver-arbitrary-write-null-new-solution-7d45bfe6d116\u003e\n* \u003chttps://wafzsucks.medium.com/how-a-simple-k-typeconfusion-took-me-3-months-long-to-create-a-exploit-f643c94d445f\u003e\n* \u003chttps://mdanilor.github.io/posts/hevd-0/\u003e\n* \u003chttps://mdanilor.github.io/posts/hevd-1/\u003e\n* \u003chttps://mdanilor.github.io/posts/hevd-2/\u003e\n* \u003chttps://mdanilor.github.io/posts/hevd-3/\u003e\n* \u003chttps://mdanilor.github.io/posts/hevd-4/\u003e\n\n## Author\n\n\u003e **Ashfaq Ansari**\n\n\u003e ashfaq[at]hacksys[dot]io\n\n\u003e **[Blog](https://hacksys.io/ \"HackSys Team\") | [@HackSysTeam](https://twitter.com/HackSysTeam)**\n\n\u003e [![HackSys Inc](https://hacksys.io/android-chrome-192x192.png \"HackSys Inc\")](https://hacksys.io)\n\n\u003e [https://hacksys.io/](https://hacksys.io/ \"HackSys Inc\")\n\n\n## Screenshots\n\n![Driver Banner](Screenshots/hevd-banner.png \"Driver Banner\")\n\n![Help](Screenshots/hevd-help.png \"Help\")\n\n![Exploitation](Screenshots/hevd-exploitation.png \"Exploitation\")\n\n![Driver Debug Print](Screenshots/hevd-debug-print.png \"Driver Debug Print\")\n\n\n## Vulnerabilities Implemented\n\n* **Write NULL**\n* **Double Fetch**\n* **Buffer Overflow**\n  * **Stack**\n  * **Stack GS**\n  * **NonPagedPool**\n  * **NonPagedPoolNx**\n  * **PagedPoolSession**\n* **Use After Free**\n  * **NonPagedPool**\n  * **NonPagedPoolNx**\n* **Type Confusion**\n* **Integer Overflow**\n  * **Arithmetic Overflow**\n* **Memory Disclosure**\n  * **NonPagedPool**\n  * **NonPagedPoolNx**\n* **Arbitrary Increment**\n* **Arbitrary Overwrite**\n* **Null Pointer Dereference**\n* **Uninitialized Memory**\n  * **Stack**\n  * **NonPagedPool**\n* **Insecure Kernel Resource Access**\n\n\n## Building the driver\n\n1. [Install Visual Studio 2017](https://visualstudio.microsoft.com/downloads/)\n2. [Install Windows Driver Kit](https://docs.microsoft.com/en-us/windows-hardware/drivers/download-the-wdk)\n3. Run the appropriate driver builder `Build_HEVD_Vulnerable_x86.bat` or `Build_HEVD_Vulnerable_x64.bat`\n\n\n## Download\n\nIf you do not want to build **HackSys Extreme Vulnerable Driver** from source, you could download pre-built\nexecutables for the latest release:\n\n[https://github.com/hacksysteam/HackSysExtremeVulnerableDriver/releases](https://github.com/hacksysteam/HackSysExtremeVulnerableDriver/releases)\n\n\n## Installing the driver\n\nUse [OSR Driver Loader](https://www.osronline.com/article.cfm?article=157) to install **HackSys Extreme Vulnerable Driver**\n\n\n## Testing\n\nThe **HackSys Extreme Vulnerable Driver** and the respective exploits have been tested on **Windows 7 SP1 x86** and **Windows 10 x64**  \n\n\n## Sessions Conducted\n\n* [Windows Kernel Exploitation 1](http://null.co.in/event_sessions/156-windows-kernel-exploitation)\n* [Windows Kernel Exploitation 2](http://null.co.in/event_sessions/186-windows-kernel-exploitation-2)\n* [Windows Kernel Exploitation 3](http://null.co.in/event_sessions/226-windows-kernel-exploitation-3)\n* [Windows Kernel Exploitation 4](http://null.co.in/event_sessions/234-windows-kernel-exploitation-4)\n* [Windows Kernel Exploitation 5](http://null.co.in/event_sessions/309-windows-kernel-exploitation-5)\n* [Windows Kernel Exploitation 6](https://null.co.in/event_sessions/482-windows-kernel-exploitation-6)\n* [Windows Kernel Exploitation 7](https://null.co.in/event_sessions/845-windows-kernel-exploitation-7)\n\n\n## Workshops Conducted\n\n* [Windows Kernel Exploitation Humla Pune](http://null.co.in/event_sessions/280-windows-kernel-exploitation)\n* [Windows Kernel Exploitation Humla Mumbai](http://null.co.in/event_sessions/327-windows-kernel-exploitation)\n\n\n## HEVD for Linux\n\n![Linux HEVD Driver Banner](Screenshots/hevd-linux-banner.png \"Linux HEVD Driver Banner\")\n\n![Linux HEVD Driver Installer](Screenshots/hevd-linux-install-uninstall.png \"Linux HEVD Driver Installer\")\n\n![Linux HEVD Driver IOTCL Tests](Screenshots/hevd-linux-ioctl-tests.png \"Linux HEVD Driver IOTCL Tests\")\n\n![Linux HEVD Driver IOTCL Log](Screenshots/hevd-linux-ioctl-log.png \"Linux HEVD Driver IOTCL Log\")\n\n\n## License\n\nPlease see the file `LICENSE` for copying permission\n\n\n## Contribution Guidelines\n\nPlease see the file `CONTRIBUTING.md` for contribution guidelines\n\n\n## TODO \u0026 Bug Reports\n\nPlease file any enhancement request or bug report via the **GitHub** issue tracker at the below-given address: [https://github.com/hacksysteam/HackSysExtremeVulnerableDriver/issues](https://github.com/hacksysteam/HackSysExtremeVulnerableDriver/issues)\n\n\n## Acknowledgments\n\nThanks go to these wonderful people: 🎉\n\n\u003ca href=\"https://github.com/hacksysteam/HackSysExtremeVulnerableDriver/graphs/contributors\"\u003e\n  \u003cimg src=\"https://contrib.rocks/image?repo=hacksysteam/HackSysExtremeVulnerableDriver\" /\u003e\n\u003c/a\u003e\n\n------------------------------------------------------------------------\n\n[![HackSys Inc](https://hacksys.io/android-chrome-192x192.png \"HackSys Inc\")](https://hacksys.io)\n","funding_links":[],"categories":["\u003ca id=\"761a373e2ec1c58c9cd205cd7a03e8a8\"\u003e\u003c/a\u003e靶机\u0026\u0026漏洞环境\u0026\u0026漏洞App"],"sub_categories":["\u003ca id=\"3e751670de79d2649ba62b177bd3e4ef\"\u003e\u003c/a\u003e未分类-VulnerableMachine"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhacksysteam%2Fhacksysextremevulnerabledriver","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhacksysteam%2Fhacksysextremevulnerabledriver","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhacksysteam%2Fhacksysextremevulnerabledriver/lists"}