Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/caledoniaproject/drivers-binaries

Exploitable drivers, you know what I mean
https://github.com/caledoniaproject/drivers-binaries

Last synced: 3 months ago
JSON representation

Exploitable drivers, you know what I mean

Awesome Lists containing this project

README 

          
## Links



Included



* rentdrv2_x32/rentdrv2_x64

  * https://github.com/keowu/BadRentdrv2

* LenovoDiagnosticsDriver.sys

  * https://github.com/alfarom256/CVE-2022-3699/

* mhyprot2.sys

  * https://github.com/kkent030315/libmhyprot

  * https://github.com/HadesW/mhy_exp

* [aswArPot.sys: Yours Truly, Signed AV Driver: Weaponizing An Antivirus Driver](https://www.aon.com/cyber-solutions/aon_cyber_labs/yours-truly-signed-av-driver-weaponizing-an-antivirus-driver/)

* [atillk64.sys: CVE-2020-12138 Exploit Proof-of-Concept, Privilege Escalation in ATI Technologies Inc. Driver atillk64.sys](https://h0mbre.github.io/atillk64_exploit)

* [MSIO64.sys: Kernel exploitation: weaponizing CVE-2020-17382 MSI Ambient Link driver](https://www.matteomalvica.com/blog/2020/09/24/weaponizing-cve-2020-17382/)

* [Exploiting System Mechanic Driver - from zero knowledge about driver exploitation to SYSTEM](https://voidsec.com/exploiting-system-mechanic-driver/)

* [dbutil_2_3.sys: CVE-2021-21551- Hundreds Of Millions Of Dell Computers At Risk Due to Multiple BIOS Driver Privilege Escalation Flaws](https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/)

  * https://github.com/nanabingies/CVE-2021-21551

  * https://github.com/rapid7/metasploit-framework/pull/15190/files

* HW.sys

  * https://decoded.avast.io/janvojtesek/the-return-of-candiru-zero-days-in-the-middle-east/

* RTCore64.sys

  * https://raw.githubusercontent.com/Barakat/CVE-2019-16098/master/CVE-2019-16098.cpp

  * https://hitcon.org/2022/slides/Hack%20The%20Real%20Box_an%20analysis%20of%20multiple%20campaigns%20by%20APT41's%20subgroup%20Earth%20Longzhi.pdf

    * AVBurner: 4b1b1a1293ccd2c0fd51075de9376ebb55ab64972da785153fcb0a4eb523a5eb

    * ProcBurner: 30b64628aae642380147c7671ea8f864b13c2d2affaaea34c4c9512c8a779225

* cpuz-1.0.4.1.sys

  * https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html

* kprocesshacker

  * https://www.crowdstrike.com/blog/how-doppelpaymer-hunts-and-kills-windows-processes/

  * https://github.com/winsiderss/systeminformer/releases

* sandra.sys

  * https://securelist.com/unraveling-the-lamberts-toolkit/77990/

  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1592

* GMER.sys

  * https://github.com/ZeroMemoryEx/Blackout/tree/master/driver



Unverified



* [CyberSecurityUP/ProcessKiller-BYOVD - BYOVD Technique Example using viragt64 driver](https://github.com/CyberSecurityUP/ProcessKiller-BYOVD)

* [0vercl0k/CVE-2021-32537 - PoC for CVE-2021-32537: an out-of-bounds memory access that leads to pool corruption in the Windows kernel](https://github.com/0vercl0k/CVE-2021-32537)

* [stong/CVE-2020-15368 - How to exploit a vulnerable windows driver. Exploit for AsrDrv104.sys](https://github.com/stong/CVE-2020-15368)

* [kkent030315/MsIoExploit - Exploit MsIo vulnerable driver](https://github.com/kkent030315/MsIoExploit)

* [kasif-dekel/OSR_DeviceTree_Vuln - OSR DeviceTree Local Privilege Escalation](https://github.com/kasif-dekel/OSR_DeviceTree_Vuln/blob/main/README.md)

* [Signed kernel drivers – Unguarded gateway to Windows core](https://www.welivesecurity.com/2022/01/11/signed-kernel-drivers-unguarded-gateway-windows-core)



Vulns - see bin-elastic



* https://github.com/elastic/protections-artifacts/tree/main/yara/rules

* https://www.elastic.co/cn/security-labs/stopping-vulnerable-driver-attacks



Screwed drivers



* https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md



Lol drivers



* https://www.loldrivers.io