This repo contains PoCs for vulnerable Windows drivers.
☆143Dec 20, 2025Updated 4 months ago
Alternatives and similar repositories for WinDriver-EXP
Users that are interested in WinDriver-EXP are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Windows kernel driver that detects hypervisors by probing SIDT/LIDT edge cases, paging/TLB behaviors, privilege transitions, and timing e…☆43Mar 3, 2026Updated 2 months ago
- REcon 2024 Repo, slides for talk "GOP Complex: Image parsing bugs, EBC polymorphic engines and the Deus ex machina of UEFI exploit dev""☆14Mar 31, 2025Updated last year
- The command prompt has been disabled by your administrator☆42May 18, 2023Updated 2 years ago
- hijacks the discord overlay and draws imgui inside of it while remaining flagless due to the discord overlay devs being retarded☆23Apr 29, 2025Updated last year
- Using the peculiar behaviour of the VPGATHER instructions to determine if an address will fault before it is truly accessed. All done in …☆55Dec 30, 2025Updated 4 months ago
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- Resolve offsets, gadgets and symbols from NTKernel☆61Jan 15, 2026Updated 3 months ago
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆384Dec 13, 2024Updated last year
- An Unsigned Driver Mapper for Windows 10 22H2 -> Windows 11 23H2 that uses PdFwKrnl to exploit the Read/Write IOCTL Calls to disable DSE …☆28Aug 2, 2024Updated last year
- Mythic C2 Agent written in x64 PIC C☆87Jan 29, 2025Updated last year
- Misery Loader to bypass modern EDR solutions☆19Dec 20, 2024Updated last year
- ShootCutMe an .LNK file creator tool for redteamer☆16Oct 2, 2024Updated last year
- Provides commands to read from and write to arbitrary kernel-mode memory for users with the Administrator privilege. HVCI compatible. No …☆24Jun 16, 2024Updated last year
- ☆48Dec 28, 2025Updated 4 months ago
- Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By…☆161Nov 23, 2025Updated 5 months ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- CVE-2024-40711-exp☆43Oct 17, 2024Updated last year
- This repo contains useful scripts that AI created for me which I would have been too lazy for☆95Mar 17, 2026Updated last month
- rust port of pspy with support for process monitoring over dbus☆37Jan 4, 2026Updated 4 months ago
- (First Public?) Sample of unhooking ntdll (All Exports & IAT imports) hooks in Rust using in-memory disassembly, avoiding direct syscalls…☆138Mar 3, 2025Updated last year
- Havoc C2 BOF port of the KslD.sys BYOVD technique. Credential extraction from lsass via physical memory — no OpenProcess, no auditable AP…☆108Apr 22, 2026Updated last week
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆217Oct 19, 2024Updated last year
- Python script that fetches, analyzes, and reports Microsoft Patch Tuesday updates via the MSRC API — with a clean web interface for easy …☆27Updated this week
- BOF for C2 framework☆44Nov 9, 2024Updated last year
- .NET tool used to enrich RPC telemetry☆102Jan 24, 2026Updated 3 months ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Identifies LOLDrivers that are not blocked by the active HVCI policy — ideal for BYOVD scenarios.☆82Jul 25, 2025Updated 9 months ago
- Dump the memory of any PPL with a Userland exploit chain☆352Mar 17, 2023Updated 3 years ago
- System Call Integrity Layer - experimental security research☆26Apr 14, 2026Updated 3 weeks ago
- Collection of red team techniques.☆70Apr 25, 2025Updated last year
- Watches the Downloads folder for any new files and inserts it into Nemesis for analysis.☆15Feb 29, 2024Updated 2 years ago
- Ivanti Connect Secure IFT TLS Stack Overflow pre-auth RCE (CVE-2025-0282)☆31Jan 18, 2025Updated last year
- A straightforward tool for exploiting SMTP Smuggling vulnerabilities.☆14Jul 22, 2024Updated last year
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆117Jan 20, 2025Updated last year
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆304Jul 31, 2024Updated last year
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Command Augmentation support for BOFs and .NET assemblies across agents☆43Mar 17, 2026Updated last month
- Exploit for CVE-2024-29847☆19Sep 15, 2024Updated last year
- Proof of concept source code and misc files for my CVE-2025-21692 exploit, kernel version 6.6.75☆40Sep 16, 2025Updated 7 months ago
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆139Aug 31, 2025Updated 8 months ago
- Terms of Use Conditional Access M365 Evilginx Phishlet☆45Jun 23, 2025Updated 10 months ago
- Slides for COM Hijacking AV/EDR Talk on 38c3☆75Jan 3, 2025Updated last year
- Exploiting the KsecDD Windows driver through Server Silos☆79Nov 11, 2024Updated last year