{"id":13539138,"url":"https://github.com/shogunlab/awesome-hyper-v-exploitation","last_synced_at":"2025-04-02T05:33:17.939Z","repository":{"id":195108802,"uuid":"202475376","full_name":"shogunlab/awesome-hyper-v-exploitation","owner":"shogunlab","description":"A curated list of Hyper-V exploitation resources, fuzzing and vulnerability research.","archived":false,"fork":false,"pushed_at":"2020-11-14T16:22:26.000Z","size":45,"stargazers_count":375,"open_issues_count":0,"forks_count":59,"subscribers_count":21,"default_branch":"master","last_synced_at":"2024-05-20T03:39:24.864Z","etag":null,"topics":["hyper-v"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/shogunlab.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2019-08-15T04:43:21.000Z","updated_at":"2024-05-08T15:51:47.000Z","dependencies_parsed_at":"2023-09-16T14:54:21.358Z","dependency_job_id":"bbcb8793-fd7c-4f12-a0ec-89d9119c3545","html_url":"https://github.com/shogunlab/awesome-hyper-v-exploitation","commit_stats":null,"previous_names":["shogunlab/awesome-hyper-v-exploitation"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shogunlab%2Fawesome-hyper-v-exploitation","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shogunlab%2Fawesome-hyper-v-exploitation/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shogunlab%2Fawesome-hyper-v-exploitation/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shogunlab%2Fawesome-hyper-v-exploitation/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/shogunlab","download_url":"https://codeload.github.com/shogunlab/awesome-hyper-v-exploitation/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246399785,"owners_count":20770908,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hyper-v"],"created_at":"2024-08-01T09:01:20.684Z","updated_at":"2025-04-02T05:33:17.911Z","avatar_url":"https://github.com/shogunlab.png","language":null,"funding_links":[],"categories":["Attacking Hypervisors","\u003ca id=\"e97d183e67fa3f530e7d0e7e8c33ee62\"\u003e\u003c/a\u003e未分类","Others","Other Lists","\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e收集","Hyper-V"],"sub_categories":["Hyper-V","\u003ca id=\"f110da0bf67359d3abc62b27d717e55e\"\u003e\u003c/a\u003e新添加的","TeX Lists","Writeup and Exploit"],"readme":"# Awesome Hyper-V Exploitation [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)\r\nA curated list of Hyper-V exploitation resources, fuzzing and vulnerability research.\r\n\r\nIf you want to contribute, please read the [guide](CONTRIBUTING.md).\r\n\r\nFor a broader list of virtualization related links, see [Awesome Virtualization](https://github.com/Wenzel/awesome-virtualization).\r\n\r\n### Table of Contents\r\n- [Conference Talks \u0026 Slides](#talks_slides)\r\n- [Blog Posts](#blogs)\r\n- [References \u0026 Resources](#references_resources)\r\n- [Security Research Tools](#security_tools)\r\n\r\n\r\n## \u003ca name=\"talks_slides\" /\u003eConference Talks \u0026 Slides\r\n*Conference talks/slides related to vulnerabilities and exploits in Hyper-V*\r\n+ Hypervisor Vulnerability Research: State of the Art - by Alisa Esage, Zer0Con [2020]\r\n\t- [Slides](https://alisa.sh/slides/HypervisorVulnerabilityResearch2020.pdf)\r\n+ Attacking Hyper-V - by Jaanus Kääp, POC [2019]\r\n\t- [Slides](https://github.com/FoxHex0ne/Slides/blob/master/POC2019.pdf)\r\n+ [Exploiting the Hyper-V IDE Emulator to Escape the Virtual Machine](https://www.youtube.com/watch?v=50xxJEODO3M) - by Joe Bialek, BlackHat USA [2019]\r\n\t- [Slides](https://github.com/microsoft/MSRC-Security-Research/blob/master/presentations/2019_08_BlackHatUSA/BHUSA19_Exploiting_the_Hyper-V_IDE_Emulator_to_Escape_the_Virtual_Machine.pdf)\r\n+ [Growing Hypervisor 0day with Hyperseed](https://www.youtube.com/watch?v=Qms328deZ68) - by Daniel King \u0026 Shawn Denbow, OffensiveCon [2019]\r\n\t- [Slides](https://github.com/microsoft/MSRC-Security-Research/blob/master/presentations/2019_02_OffensiveCon/2019_02%20-%20OffensiveCon%20-%20Growing%20Hypervisor%200day%20with%20Hyperseed.pdf)\r\n+ [Hardening Hyper-V Through Offensive Security Research](https://www.youtube.com/watch?v=8RCH0vFxWT4) - by Jordan Rabet, BlueHat [2018]\r\n\t- [Slides](https://i.blackhat.com/us-18/Thu-August-9/us-18-Rabet-Hardening-Hyper-V-Through-Offensive-Security-Research.pdf)\r\n+ [A Dive in to Hyper-V Architecture \u0026 Vulnerabilities](https://www.youtube.com/watch?v=p28eTnKo8sw) - by Joe Bialek \u0026 Nicolas Joly, TenSec [2018]\r\n\t- [Slides](https://github.com/Microsoft/MSRC-Security-Research/blob/master/presentations/2018_08_BlackHatUSA/A%20Dive%20in%20to%20Hyper-V%20Architecture%20and%20Vulnerabilities.pdf)\r\n+ VBS and VSM Internals - by Saar Amar, BlueHat IL [2018]\r\n\t- [Slides](https://github.com/saaramar/Publications/blob/master/BluehatIL_VBS_meetup/VBS_Internals.pdf)\r\n+ [The Hyper-V Architecture and its Memory Manager](https://recon.cx/media-archive/2017/mtl/recon2017-mtl-10-andrea-allievi-The-HyperV-Architecture-and-its-Memory-Manager.mp4) - by Andrea Allievi, REcon [2017]\r\n+ [Ring 0 to Ring -1 Attacks - Hyper-V IPC Internals](https://www.youtube.com/watch?v=_NaRZvrs8xY) - by Alex Ionescu, SyScan [2015]\r\n\t- [Slides](http://www.alex-ionescu.com/syscan2015.pdf)\r\n\r\n## \u003ca name=\"blogs\" /\u003eBlog Posts\r\n*Security research blog posts for learning how to find vulnerabilities/exploit Hyper-V*\r\n\r\n+ [First Steps in Hyper-V Research](https://msrc-blog.microsoft.com/2018/12/10/first-steps-in-hyper-v-research/) - by Saar Amar, MSRC Blog [2018]\r\n+ [Fuzzing para-virtualized devices in Hyper-V](https://msrc-blog.microsoft.com/2019/01/28/fuzzing-para-virtualized-devices-in-hyper-v/) - by Secure Windows Initiative Attack Team, MSRC Blog [2019]\r\n+ [Attacking the VM Worker Process](https://msrc-blog.microsoft.com/2019/09/11/attacking-the-vm-worker-process/) - by Saar Amar, MSRC Blog [2019]\r\n+ [Ventures into Hyper-V - Fuzzing hypercalls](https://labs.mwrinfosecurity.com/blog/ventures-into-hyper-v-part-1-fuzzing-hypercalls) - by Amardeep Chana, MWR Labs [2019]\r\n+ [Writing a Hyper-V \"Bridge\" for Fuzzing -- Part 1: WDF](http://www.alex-ionescu.com/?p=377) - by Alex Ionescu [2019]\r\n+ [Writing a Hyper-V \"Bridge\" for Fuzzing -- Part 2: Hypercalls \u0026 MDLs](http://www.alex-ionescu.com/?p=471) - by Alex Ionescu [2019]\r\n\r\n## \u003ca name=\"references_resources\" /\u003eReferences \u0026 Resources\r\n*Useful Hyper-V research references and resources*\r\n\r\n+ [Microsoft Hyper-V Bounty Program](https://www.microsoft.com/en-us/msrc/bounty-hyper-v) - by Microsoft\r\n+ [Hyper-V symbols for debugging](https://techcommunity.microsoft.com/t5/Virtualization/Hyper-V-symbols-for-debugging/ba-p/382416) - by Microsoft\r\n+ [Hyper-V Internals](https://hvinternals.blogspot.com/) - by Gerhart\r\n+ [Hyper-V Architecture](https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/hyper-v-architecture) by Microsoft Docs\r\n+ [Hyper-V Hypervisor Top-Level Functional Specification](https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs) - by Microsoft Docs\r\n+ [Install Hyper-V on Windows 10](https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v) - by Microsoft Docs\r\n+ [Create Virtual Machine with Hyper-V on Windows](https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/quick-start/create-virtual-machine) - by Microsoft Docs\r\n+ [Run Hyper-V In a Virtual Machine with Nested Virtualization](https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/nested-virtualization) - by Microsoft Docs\r\n\r\n## \u003ca name=\"security_tools\" /\u003eSecurity Research Tools\r\n*Tools for doing security research and introspection on Hyper-V*\r\n\r\n+ [hdk -- (unofficial) Hyper-V Development Kit](https://github.com/ionescu007/hdk) - by Alex Ionescu\r\n+ [Viridian Fuzzer -- Kernel driver to fuzz Hyper-V hypercalls](https://github.com/mwrlabs/ViridianFuzzer) - by Amardeep Chana, MWR Labs\r\n+ [LiveCloudKd](https://github.com/comaeio/LiveCloudKd) - by Matt Suiche, Comae Technologies\r\n+ [HyperViper -- Toolkit for Hyper-V security research](https://github.com/FoxHex0ne/HyperViper) - by Jaanus Kääp, Clarified Security\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshogunlab%2Fawesome-hyper-v-exploitation","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fshogunlab%2Fawesome-hyper-v-exploitation","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshogunlab%2Fawesome-hyper-v-exploitation/lists"}