This repo contains PoCs for vulnerable Windows drivers.
☆150Dec 20, 2025Updated 5 months ago
Alternatives and similar repositories for WinDriver-EXP
Users that are interested in WinDriver-EXP are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Windows kernel driver that detects hypervisors by probing SIDT/LIDT edge cases, paging/TLB behaviors, privilege transitions, and timing e…☆45Mar 3, 2026Updated 2 months ago
- REcon 2024 Repo, slides for talk "GOP Complex: Image parsing bugs, EBC polymorphic engines and the Deus ex machina of UEFI exploit dev""☆14Mar 31, 2025Updated last year
- The command prompt has been disabled by your administrator☆42May 18, 2023Updated 3 years ago
- hijacks the discord overlay and draws imgui inside of it while remaining flagless due to the discord overlay devs being retarded☆24Apr 29, 2025Updated last year
- Using the peculiar behaviour of the VPGATHER instructions to determine if an address will fault before it is truly accessed. All done in …☆56Dec 30, 2025Updated 4 months ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆385Dec 13, 2024Updated last year
- An Unsigned Driver Mapper for Windows 10 22H2 -> Windows 11 23H2 that uses PdFwKrnl to exploit the Read/Write IOCTL Calls to disable DSE …☆30Aug 2, 2024Updated last year
- Mythic C2 Agent written in x64 PIC C☆87Jan 29, 2025Updated last year
- Misery Loader to bypass modern EDR solutions☆19Dec 20, 2024Updated last year
- ShootCutMe an .LNK file creator tool for redteamer☆16Oct 2, 2024Updated last year
- Provides commands to read from and write to arbitrary kernel-mode memory for users with the Administrator privilege. HVCI compatible. No …☆24Jun 16, 2024Updated last year
- ☆48Dec 28, 2025Updated 4 months ago
- Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By…☆163Nov 23, 2025Updated 6 months ago
- CVE-2024-40711-exp☆43Oct 17, 2024Updated last year
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- This repo contains useful scripts that AI created for me which I would have been too lazy for☆95Mar 17, 2026Updated 2 months ago
- (First Public?) Sample of unhooking ntdll (All Exports & IAT imports) hooks in Rust using in-memory disassembly, avoiding direct syscalls…☆138Mar 3, 2025Updated last year
- rust port of pspy with support for process monitoring over dbus☆37Jan 4, 2026Updated 4 months ago
- Havoc C2 BOF port of the KslD.sys BYOVD technique. Credential extraction from lsass via physical memory — no OpenProcess, no auditable AP…☆108Apr 22, 2026Updated last month
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆217Oct 19, 2024Updated last year
- Python script that fetches, analyzes, and reports Microsoft Patch Tuesday updates via the MSRC API — with a clean web interface for easy …☆28Updated this week
- BOF for C2 framework☆44Nov 9, 2024Updated last year
- .NET tool used to enrich RPC telemetry☆102Jan 24, 2026Updated 4 months ago
- Identifies LOLDrivers that are not blocked by the active HVCI policy — ideal for BYOVD scenarios.☆82Jul 25, 2025Updated 10 months ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Dump the memory of any PPL with a Userland exploit chain☆354Mar 17, 2023Updated 3 years ago
- System Call Integrity Layer - experimental security research☆27Apr 14, 2026Updated last month
- Watches the Downloads folder for any new files and inserts it into Nemesis for analysis.☆15Feb 29, 2024Updated 2 years ago
- Collection of red team techniques.☆70Apr 25, 2025Updated last year
- Ivanti Connect Secure IFT TLS Stack Overflow pre-auth RCE (CVE-2025-0282)☆31Jan 18, 2025Updated last year
- A straightforward tool for exploiting SMTP Smuggling vulnerabilities.☆14Jul 22, 2024Updated last year
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆117Jan 20, 2025Updated last year
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆306Jul 31, 2024Updated last year
- Command Augmentation support for BOFs and .NET assemblies across agents☆45May 6, 2026Updated 2 weeks ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Exploit for CVE-2024-29847☆19Sep 15, 2024Updated last year
- Proof of concept source code and misc files for my CVE-2025-21692 exploit, kernel version 6.6.75☆40Sep 16, 2025Updated 8 months ago
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆140Aug 31, 2025Updated 8 months ago
- Terms of Use Conditional Access M365 Evilginx Phishlet☆46Jun 23, 2025Updated 11 months ago
- Slides for COM Hijacking AV/EDR Talk on 38c3☆75Jan 3, 2025Updated last year
- Counter-Strike 2向けのシンプルな外部チート☆18Apr 26, 2026Updated 3 weeks ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆87Oct 18, 2024Updated last year