Giters

SirEOF / Kernel-exploits

Windows kernel driver exploits

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Windows kernel driver exploits

0day discoveries / CVEs

Various drivers included are personally discovered 0day vulnerabilities turned CVEs, each one of these has a short CVE posting and necessary links to MITRE postings, disclosure timelines, and more. Anything listed below include a CVE in it's description is a personally disclosed bug.

Other written exploits

Other drivers are personally developed POC exploits for drivers deemed interesting, some with unique or awesome vulnerabilities. Each driver folder will include information and references to the original 0day discovery author

AscRegistryFilter.sy

Local BSOD proof-of-concept for AscRegistryFilter.sys (CVE-2020-10234) which is a driver included within Advanced SystemCare 13.2 which is a anti-virus software from IObit. BSOD using a NULL user buffer with a 0 size. Using IOCTL 0x8001E000 tested on Windows 7 x86.

Capcom.sys

Exploits for Capcom.sys, a driver from a third-party anti-cheat software, includes a logic bug where an IOCTL disables SMEP and takes a user passed pointer. Exploits for various Windows versions.

EMP_MPAU.sys

Local BSOD DOS exploit POCs for various IOCTLs that pass data to a function that doesn't properly handle user input found within the EMP_MPAU.sys (CVE-2020-9453) driver associated with Epson's Iprojection software, multiple POCs disclosed after the vendor was contacted

EMP_NSA.sys

Local BSOD DOS exploit POCs for various IOCTLs that pass data to a function that doesn't properly handle user input found within the virtual audio device driver EMP_NSA.sys (CVE-2020-9014) driver associated with Epson's Iprojection software, multiple POCs disclosed after the vendor was contacted

Ene.sys

Includes both a local DOS POC to replicate the original author's blog post, and also includes a local privilege escalation exploit that takes advantage of a stack buffer overflow in the driver. Ene.sys comes from the ASUS Aura Sync version 1.07.71 software.

HEVD.sys

Multiple Windows kernel EOP exploits for HEVD.sys, an intentionally vulnerable driver. Exploits cover a variety of Windows kernel vulnerability classes, exploits with and without various mitigation bypasses on a few different versions of Windows.

MaxProc64.sys

Local BSOD DOS exploit POCs for MaxProc64.sys (CVE-2020-12122), a driver from a third-party "spyware detector" application

About

Windows kernel driver exploits

Languages

Language:C++ 59.8%Language:Python 26.4%Language:C 13.7%