This repo contains PoCs for vulnerable Windows drivers.
☆132Dec 20, 2025Updated 3 months ago
Alternatives and similar repositories for WinDriver-EXP
Users that are interested in WinDriver-EXP are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Windows kernel driver that detects hypervisors by probing SIDT/LIDT edge cases, paging/TLB behaviors, privilege transitions, and timing e…☆41Mar 3, 2026Updated 3 weeks ago
- REcon 2024 Repo, slides for talk "GOP Complex: Image parsing bugs, EBC polymorphic engines and the Deus ex machina of UEFI exploit dev""☆14Mar 31, 2025Updated 11 months ago
- The command prompt has been disabled by your administrator☆42May 18, 2023Updated 2 years ago
- Using the peculiar behaviour of the VPGATHER instructions to determine if an address will fault before it is truly accessed. All done in …☆55Dec 30, 2025Updated 2 months ago
- hijacks the discord overlay and draws imgui inside of it while remaining flagless due to the discord overlay devs being retarded☆22Apr 29, 2025Updated 10 months ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Resolve offsets, gadgets and symbols from NTKernel☆58Jan 15, 2026Updated 2 months ago
- An Unsigned Driver Mapper for Windows 10 22H2 -> Windows 11 23H2 that uses PdFwKrnl to exploit the Read/Write IOCTL Calls to disable DSE …☆25Aug 2, 2024Updated last year
- Misery Loader to bypass modern EDR solutions☆18Dec 20, 2024Updated last year
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆384Dec 13, 2024Updated last year
- ShootCutMe an .LNK file creator tool for redteamer☆16Oct 2, 2024Updated last year
- Provides commands to read from and write to arbitrary kernel-mode memory for users with the Administrator privilege. HVCI compatible. No …☆24Jun 16, 2024Updated last year
- ☆48Dec 28, 2025Updated 2 months ago
- Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By…☆157Nov 23, 2025Updated 4 months ago
- This repo contains useful scripts that AI created for me which I would have been too lazy for☆93Mar 17, 2026Updated last week
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- rust port of pspy with support for process monitoring over dbus☆37Jan 4, 2026Updated 2 months ago
- (First Public?) Sample of unhooking ntdll (All Exports & IAT imports) hooks in Rust using in-memory disassembly, avoiding direct syscalls…☆138Mar 3, 2025Updated last year
- Exploit for CVE-2024-29847☆18Sep 15, 2024Updated last year
- Python script that fetches, analyzes, and reports Microsoft Patch Tuesday updates via the MSRC API — with a clean web interface for easy …☆25Mar 17, 2026Updated last week
- BOF for C2 framework☆44Nov 9, 2024Updated last year
- .NET tool used to enrich RPC telemetry☆101Jan 24, 2026Updated 2 months ago
- Command Augmentation support for BOFs and .NET assemblies across agents☆42Mar 17, 2026Updated last week
- Identifies LOLDrivers that are not blocked by the active HVCI policy — ideal for BYOVD scenarios.☆79Jul 25, 2025Updated 8 months ago
- System Call Integrity Layer - experimental security research☆25Jan 31, 2026Updated last month
- End-to-end encrypted email - Proton Mail • AdSpecial offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
- Collection of red team techniques.☆69Apr 25, 2025Updated 11 months ago
- Watches the Downloads folder for any new files and inserts it into Nemesis for analysis.☆15Feb 29, 2024Updated 2 years ago
- A straightforward tool for exploiting SMTP Smuggling vulnerabilities.☆14Jul 22, 2024Updated last year
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆117Jan 20, 2025Updated last year
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆301Jul 31, 2024Updated last year
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆140Aug 31, 2025Updated 6 months ago
- Terms of Use Conditional Access M365 Evilginx Phishlet☆44Jun 23, 2025Updated 9 months ago
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆216Oct 19, 2024Updated last year
- Slides for COM Hijacking AV/EDR Talk on 38c3☆75Jan 3, 2025Updated last year
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- Counter-Strike 2向けのシンプルな外部チート☆16Dec 2, 2025Updated 3 months ago
- Dump the memory of any PPL with a Userland exploit chain☆352Mar 17, 2023Updated 3 years ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆86Oct 18, 2024Updated last year
- An issue in AVG AVG Anti-Spyware v.7.5 allows an attacker to execute arbitrary code via a crafted script to the guard.exe component☆11Aug 5, 2023Updated 2 years ago
- 对Windbg以Exdi模式下调试windows做一些修复☆21Aug 25, 2023Updated 2 years ago
- e(X)tensiable (Rust) Malware Toolkit: (Soon!) Full Featured Rust C2 Framework with Awesome Features!☆28Aug 19, 2024Updated last year
- IOCTL++ can be used to make DeviceIoControl requests with arbitrary inputs.☆35Oct 28, 2025Updated 4 months ago