Exploitable drivers, you know what I mean
☆152Nov 16, 2025Updated 3 months ago
Alternatives and similar repositories for drivers-binaries
Users that are interested in drivers-binaries are comparing it to the libraries listed below
Sorting:
- ☆61Aug 21, 2023Updated 2 years ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆203Jun 6, 2024Updated last year
- Lenovo Diagnostics Driver EoP - Arbitrary R/W☆178Dec 5, 2022Updated 3 years ago
- PoC Implementation of a fully dynamic call stack spoofer☆922Jul 20, 2024Updated last year
- ☆193Jul 29, 2024Updated last year
- ☆26Dec 29, 2021Updated 4 years ago
- What makes it page☆17Aug 24, 2022Updated 3 years ago
- ☆144Dec 10, 2022Updated 3 years ago
- Load your driver like win32k.sys☆258Aug 20, 2022Updated 3 years ago
- HyperDeceit is the ultimate all-in-one library that emulates Hyper-V for Windows, giving you the ability to intercept and manipulate oper…☆379Jun 3, 2023Updated 2 years ago
- PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.☆622Sep 26, 2023Updated 2 years ago
- Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation.☆277Aug 25, 2023Updated 2 years ago
- ☆210Mar 22, 2021Updated 4 years ago
- Windows LPE exploit for CVE-2022-37969☆135Jul 11, 2023Updated 2 years ago
- Living Off The Land Drivers☆1,418Feb 12, 2026Updated 2 weeks ago
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆588Jan 24, 2023Updated 3 years ago
- Replace the .txt section of the current loaded modules from \KnownDlls\☆305Sep 28, 2022Updated 3 years ago
- ☆129Sep 24, 2023Updated 2 years ago
- DoppelGate relies on reading ntdll on disk to grab syscall stubs, and patches these syscall stubs into desired functions to bypass Userla…☆123Mar 25, 2022Updated 3 years ago
- Dump the memory of any PPL with a Userland exploit chain☆350Mar 17, 2023Updated 2 years ago
- A modern 32/64-bit position independent implant template☆1,295Mar 21, 2025Updated 11 months ago
- A small PoC that creates processes in Windows☆187Jun 6, 2024Updated last year
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆318Aug 31, 2023Updated 2 years ago
- LPE exploit for CVE-2023-36802☆167Oct 10, 2023Updated 2 years ago
- A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…☆465Aug 23, 2023Updated 2 years ago
- Simple Demo of using Windows Hypervisor Platform☆29Jul 14, 2025Updated 7 months ago
- PoC memory injection detection agent based on ETW, for offensive and defensive research purposes☆299Apr 10, 2021Updated 4 years ago
- A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)☆557Apr 8, 2025Updated 10 months ago
- arbitrary kernel read/write in dbutil_2_3.sys, Proof of Concept Local Privilege Escalation to nt authority/system☆58Nov 16, 2021Updated 4 years ago
- usermode driver mapper that forcefully loads any signed kernel driver (legit cert) with a big enough section (example: .data, .rdata) to …☆470Jan 3, 2022Updated 4 years ago
- Signtool for expired certificates☆515Jun 10, 2023Updated 2 years ago
- Admin to Kernel code execution using the KSecDD driver☆265Apr 19, 2024Updated last year
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆23Nov 22, 2021Updated 4 years ago
- Archive R/W into any protected process by changing the value of KTHREAD->PreviousMode☆163Jul 31, 2022Updated 3 years ago
- The Definitive Guide To Process Cloning on Windows☆543Jan 3, 2024Updated 2 years ago
- Virtual and physical memory hacking library using gigabyte vulnerable driver☆71Apr 9, 2023Updated 2 years ago
- KaynLdr is a Reflective Loader written in C/ASM☆555Dec 3, 2023Updated 2 years ago
- ☆16Apr 21, 2023Updated 2 years ago
- ☆274Jan 14, 2023Updated 3 years ago