This repo contains PoCs for vulnerable Windows drivers.
☆152Dec 20, 2025Updated 5 months ago
Alternatives and similar repositories for WinDriver-EXP
Users that are interested in WinDriver-EXP are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Windows kernel driver that detects hypervisors by probing SIDT/LIDT edge cases, paging/TLB behaviors, privilege transitions, and timing e…☆47Mar 3, 2026Updated 3 months ago
- REcon 2024 Repo, slides for talk "GOP Complex: Image parsing bugs, EBC polymorphic engines and the Deus ex machina of UEFI exploit dev""☆14Mar 31, 2025Updated last year
- The command prompt has been disabled by your administrator☆43May 18, 2023Updated 3 years ago
- Using the peculiar behaviour of the VPGATHER instructions to determine if an address will fault before it is truly accessed. All done in …☆57Dec 30, 2025Updated 5 months ago
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆384Dec 13, 2024Updated last year
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Mythic C2 Agent written in x64 PIC C☆85Jan 29, 2025Updated last year
- Misery Loader to bypass modern EDR solutions☆19Dec 20, 2024Updated last year
- ShootCutMe an .LNK file creator tool for redteamer☆16Oct 2, 2024Updated last year
- Provides commands to read from and write to arbitrary kernel-mode memory for users with the Administrator privilege. HVCI compatible. No …☆24Jun 16, 2024Updated last year
- ☆47Dec 28, 2025Updated 5 months ago
- Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By…☆164Nov 23, 2025Updated 6 months ago
- CVE-2024-40711-exp☆43Oct 17, 2024Updated last year
- This repo contains useful scripts that AI created for me which I would have been too lazy for☆98Mar 17, 2026Updated 2 months ago
- (First Public?) Sample of unhooking ntdll (All Exports & IAT imports) hooks in Rust using in-memory disassembly, avoiding direct syscalls…☆138Mar 3, 2025Updated last year
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- rust port of pspy with support for process monitoring over dbus☆38Jan 4, 2026Updated 5 months ago
- Havoc C2 BOF port of the KslD.sys BYOVD technique. Credential extraction from lsass via physical memory — no OpenProcess, no auditable AP…☆110Apr 22, 2026Updated last month
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆217Oct 19, 2024Updated last year
- Python script that fetches, analyzes, and reports Microsoft Patch Tuesday updates via the MSRC API — with a clean web interface for easy …☆28Updated this week
- BOF for C2 framework☆44Nov 9, 2024Updated last year
- .NET tool used to enrich RPC telemetry☆102Jan 24, 2026Updated 4 months ago
- Dump the memory of any PPL with a Userland exploit chain☆355Mar 17, 2023Updated 3 years ago
- Identifies LOLDrivers that are not blocked by the active HVCI policy — ideal for BYOVD scenarios.☆84Jul 25, 2025Updated 10 months ago
- System Call Integrity Layer - experimental security research☆27Apr 14, 2026Updated 2 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Watches the Downloads folder for any new files and inserts it into Nemesis for analysis.☆15Feb 29, 2024Updated 2 years ago
- Collection of red team techniques.☆71Apr 25, 2025Updated last year
- Ivanti Connect Secure IFT TLS Stack Overflow pre-auth RCE (CVE-2025-0282)☆31Jan 18, 2025Updated last year
- A straightforward tool for exploiting SMTP Smuggling vulnerabilities.☆14Jul 22, 2024Updated last year
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆117Jan 20, 2025Updated last year
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆309Jul 31, 2024Updated last year
- Command Augmentation support for BOFs and .NET assemblies across agents☆46May 6, 2026Updated last month
- Exploit for CVE-2024-29847☆19Sep 15, 2024Updated last year
- Proof of concept source code and misc files for my CVE-2025-21692 exploit, kernel version 6.6.75☆40Sep 16, 2025Updated 8 months ago
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆138Aug 31, 2025Updated 9 months ago
- Terms of Use Conditional Access M365 Evilginx Phishlet☆46Jun 23, 2025Updated 11 months ago
- Slides for COM Hijacking AV/EDR Talk on 38c3☆75Jan 3, 2025Updated last year
- lsassdump via RtlCreateProcessReflection and NanoDump☆87Oct 18, 2024Updated last year
- An issue in AVG AVG Anti-Spyware v.7.5 allows an attacker to execute arbitrary code via a crafted script to the guard.exe component☆11Aug 5, 2023Updated 2 years ago
- IOCTL++ can be used to make DeviceIoControl requests with arbitrary inputs.☆39Oct 28, 2025Updated 7 months ago
- Repository contains psexec, which will help to exploit the forgotten pipe☆174Nov 5, 2024Updated last year