SMM UEFI module and client for UMD privilege escalation
☆66May 29, 2025Updated 9 months ago
Alternatives and similar repositories for Hermes
Users that are interested in Hermes are comparing it to the libraries listed below
Sorting:
- SMM rootkit similar to LoJax or MosaicRegressor☆146Nov 1, 2023Updated 2 years ago
- Simple anti-instrumentation with EFLAGS.AC☆17Mar 31, 2025Updated 11 months ago
- SMM driver/rootkit for platform memory access with R3 <-> R0 <-> R-2 communication.☆119Oct 15, 2024Updated last year
- ☆275Sep 2, 2025Updated 6 months ago
- EFI bootkit for loading unsigned drivers☆39Jun 28, 2024Updated last year
- System Management Mode (SMM) game cheating framework☆299Nov 24, 2025Updated 3 months ago
- just proof of concept. hooking MmCopyMemory PG safe.☆83Nov 13, 2023Updated 2 years ago
- Updated version of System Management Mode backdoor for UEFI based platforms: old dog, new tricks☆357Nov 3, 2023Updated 2 years ago
- Tool to dump EFI runtime drivers.☆39Feb 23, 2024Updated 2 years ago
- An advanced DKOM for drivers with "DRIVER_OBJECT"☆22Feb 19, 2023Updated 3 years ago
- OffensiveCon 2024 Repo, contains PoCs and materials for talk "UEFI and the Task of the Translator"☆43May 22, 2024Updated last year
- ☆42Feb 27, 2022Updated 4 years ago
- The report and the exploit of CVE-2021-26943, the kernel-to-SMM local privilege escalation vulnerability in ASUS UX360CA BIOS version 303…☆145Mar 29, 2021Updated 4 years ago
- type 1 thin hypervisor written in C++☆17Dec 18, 2024Updated last year
- Trustzone Exploit that allows running code in secure mode on Surface RT (Tegra 3) with the help of Yahallo (by imbushuo)☆11Mar 30, 2023Updated 2 years ago
- ASM Bootkit that patches DSE at boot allowing to load unsigned drivers☆15Aug 24, 2025Updated 6 months ago
- Cheat for my own game SecureGame which uses a bootkit to hyperjack Hyper-V in order to access VBS enclave's memory☆113Dec 8, 2024Updated last year
- ☆38Apr 15, 2025Updated 10 months ago
- A standalone python script leveraging ntdll for UEFI variable enumeration. This uses elements from the "chipsec" toolkit for formatting w…☆10Jul 25, 2023Updated 2 years ago
- Random scripts for azure stuff☆14Oct 12, 2022Updated 3 years ago
- [D^3CTF 2022] pwn-d3guard attachment and official writeup (English & Chinese)☆13Mar 9, 2022Updated 4 years ago
- tests to catch some sloppy hv impls☆32Dec 17, 2025Updated 2 months ago
- Simple PoC for a bootkit written as a UEFI Option ROM Driver☆11Oct 5, 2022Updated 3 years ago
- A JXA script for enumerating running processes, printed out in a json, parent-child tree.☆14Jan 28, 2022Updated 4 years ago
- A simple BOF that disables some logging with NtSetInformationProcess☆13Oct 13, 2023Updated 2 years ago
- A simple Linux in-memory .so loader☆33Mar 29, 2023Updated 2 years ago
- AppXSVC Service race condition - privilege escalation☆30Jul 30, 2019Updated 6 years ago
- ☆66May 25, 2023Updated 2 years ago
- C++ Assembler with Built-in Mutation Engine☆30Sep 6, 2025Updated 6 months ago
- ☆14Aug 13, 2023Updated 2 years ago
- Find world writable directories that contain a .exe or .dll file☆13Aug 31, 2021Updated 4 years ago
- UEFI and SMM Assessment Tool☆214Nov 21, 2024Updated last year
- This is an instruction to run your own SMM code.☆108Mar 8, 2021Updated 5 years ago
- Python script for converting mmiotrace logs to a functional BAR controller for PCILeech☆29Jul 15, 2025Updated 7 months ago
- 👓A collection of papers/tools/exploits for UEFI security.☆213Sep 4, 2025Updated 6 months ago
- Minimalistic AMD-V/SVM hypervisor with memory introspection capabilities☆376Feb 26, 2025Updated last year
- SACL Scanner is a tool designed to scan and analyze SACLs.☆51Feb 13, 2025Updated last year
- PoC script to demonstrate collection of SCCM attack paths that can be viewed in BH with OpenGraph☆24Aug 2, 2025Updated 7 months ago
- POC kernel driver with hidden system thread☆13May 14, 2024Updated last year