This repo contains PoCs for vulnerable Windows drivers.
☆142Dec 20, 2025Updated 3 months ago
Alternatives and similar repositories for WinDriver-EXP
Users that are interested in WinDriver-EXP are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Windows kernel driver that detects hypervisors by probing SIDT/LIDT edge cases, paging/TLB behaviors, privilege transitions, and timing e…☆43Mar 3, 2026Updated last month
- REcon 2024 Repo, slides for talk "GOP Complex: Image parsing bugs, EBC polymorphic engines and the Deus ex machina of UEFI exploit dev""☆14Mar 31, 2025Updated last year
- The command prompt has been disabled by your administrator☆42May 18, 2023Updated 2 years ago
- Using the peculiar behaviour of the VPGATHER instructions to determine if an address will fault before it is truly accessed. All done in …☆55Dec 30, 2025Updated 3 months ago
- Resolve offsets, gadgets and symbols from NTKernel☆60Jan 15, 2026Updated 2 months ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆384Dec 13, 2024Updated last year
- Mythic C2 Agent written in x64 PIC C☆87Jan 29, 2025Updated last year
- Misery Loader to bypass modern EDR solutions☆18Dec 20, 2024Updated last year
- ShootCutMe an .LNK file creator tool for redteamer☆16Oct 2, 2024Updated last year
- Havoc C2 BOF port of the KslD.sys BYOVD technique. Credential extraction from lsass via physical memory — no OpenProcess, no auditable AP…☆87Apr 1, 2026Updated last week
- Provides commands to read from and write to arbitrary kernel-mode memory for users with the Administrator privilege. HVCI compatible. No …☆24Jun 16, 2024Updated last year
- ☆47Dec 28, 2025Updated 3 months ago
- Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By…☆161Nov 23, 2025Updated 4 months ago
- CVE-2024-40711-exp☆43Oct 17, 2024Updated last year
- Wordpress hosting with auto-scaling - Free Trial • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- This repo contains useful scripts that AI created for me which I would have been too lazy for☆95Mar 17, 2026Updated 3 weeks ago
- rust port of pspy with support for process monitoring over dbus☆37Jan 4, 2026Updated 3 months ago
- (First Public?) Sample of unhooking ntdll (All Exports & IAT imports) hooks in Rust using in-memory disassembly, avoiding direct syscalls…☆138Mar 3, 2025Updated last year
- Exploit for CVE-2024-29847☆18Sep 15, 2024Updated last year
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆217Oct 19, 2024Updated last year
- Python script that fetches, analyzes, and reports Microsoft Patch Tuesday updates via the MSRC API — with a clean web interface for easy …☆26Apr 7, 2026Updated last week
- BOF for C2 framework☆44Nov 9, 2024Updated last year
- .NET tool used to enrich RPC telemetry☆101Jan 24, 2026Updated 2 months ago
- Identifies LOLDrivers that are not blocked by the active HVCI policy — ideal for BYOVD scenarios.☆81Jul 25, 2025Updated 8 months ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Dump the memory of any PPL with a Userland exploit chain☆352Mar 17, 2023Updated 3 years ago
- System Call Integrity Layer - experimental security research☆25Updated this week
- Collection of red team techniques.☆70Apr 25, 2025Updated 11 months ago
- Watches the Downloads folder for any new files and inserts it into Nemesis for analysis.☆15Feb 29, 2024Updated 2 years ago
- Ivanti Connect Secure IFT TLS Stack Overflow pre-auth RCE (CVE-2025-0282)☆31Jan 18, 2025Updated last year
- A straightforward tool for exploiting SMTP Smuggling vulnerabilities.☆14Jul 22, 2024Updated last year
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆117Jan 20, 2025Updated last year
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆301Jul 31, 2024Updated last year
- Command Augmentation support for BOFs and .NET assemblies across agents☆42Mar 17, 2026Updated 3 weeks ago
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- Proof of concept source code and misc files for my CVE-2025-21692 exploit, kernel version 6.6.75☆40Sep 16, 2025Updated 6 months ago
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆136Aug 31, 2025Updated 7 months ago
- Terms of Use Conditional Access M365 Evilginx Phishlet☆45Jun 23, 2025Updated 9 months ago
- Slides for COM Hijacking AV/EDR Talk on 38c3☆75Jan 3, 2025Updated last year
- lsassdump via RtlCreateProcessReflection and NanoDump☆87Oct 18, 2024Updated last year
- An issue in AVG AVG Anti-Spyware v.7.5 allows an attacker to execute arbitrary code via a crafted script to the guard.exe component☆11Aug 5, 2023Updated 2 years ago
- IOCTL++ can be used to make DeviceIoControl requests with arbitrary inputs.☆35Oct 28, 2025Updated 5 months ago