pRain1337 / HermesView external linksLinks
SMM UEFI module and client for UMD privilege escalation
☆65May 29, 2025Updated 8 months ago
Alternatives and similar repositories for Hermes
Users that are interested in Hermes are comparing it to the libraries listed below
Sorting:
- SMM rootkit similar to LoJax or MosaicRegressor☆145Nov 1, 2023Updated 2 years ago
- Simple anti-instrumentation with EFLAGS.AC☆17Mar 31, 2025Updated 10 months ago
- SMM driver/rootkit for platform memory access with R3 <-> R0 <-> R-2 communication.☆118Oct 15, 2024Updated last year
- EFI bootkit for loading unsigned drivers☆35Jun 28, 2024Updated last year
- ☆264Sep 2, 2025Updated 5 months ago
- System Management Mode (SMM) game cheating framework☆290Nov 24, 2025Updated 2 months ago
- just proof of concept. hooking MmCopyMemory PG safe.☆82Nov 13, 2023Updated 2 years ago
- Updated version of System Management Mode backdoor for UEFI based platforms: old dog, new tricks☆354Nov 3, 2023Updated 2 years ago
- Tool to dump EFI runtime drivers.☆39Feb 23, 2024Updated last year
- An advanced DKOM for drivers with "DRIVER_OBJECT"☆22Feb 19, 2023Updated 2 years ago
- OffensiveCon 2024 Repo, contains PoCs and materials for talk "UEFI and the Task of the Translator"☆43May 22, 2024Updated last year
- ☆41Feb 27, 2022Updated 3 years ago
- The report and the exploit of CVE-2021-26943, the kernel-to-SMM local privilege escalation vulnerability in ASUS UX360CA BIOS version 303…☆144Mar 29, 2021Updated 4 years ago
- Trustzone Exploit that allows running code in secure mode on Surface RT (Tegra 3) with the help of Yahallo (by imbushuo)☆11Mar 30, 2023Updated 2 years ago
- ASM Bootkit that patches DSE at boot allowing to load unsigned drivers☆14Aug 24, 2025Updated 5 months ago
- [D^3CTF 2022] pwn-d3guard attachment and official writeup (English & Chinese)☆12Mar 9, 2022Updated 3 years ago
- type 1 thin hypervisor written in C++☆17Dec 18, 2024Updated last year
- Cheat for my own game SecureGame which uses a bootkit to hyperjack Hyper-V in order to access VBS enclave's memory☆103Dec 8, 2024Updated last year
- ☆38Apr 15, 2025Updated 10 months ago
- Random scripts for azure stuff☆13Oct 12, 2022Updated 3 years ago
- A standalone python script leveraging ntdll for UEFI variable enumeration. This uses elements from the "chipsec" toolkit for formatting w…☆10Jul 25, 2023Updated 2 years ago
- Simple PoC for a bootkit written as a UEFI Option ROM Driver☆11Oct 5, 2022Updated 3 years ago
- tests to catch some sloppy hv impls☆32Dec 17, 2025Updated last month
- A simple Linux in-memory .so loader☆33Mar 29, 2023Updated 2 years ago
- A simple BOF that disables some logging with NtSetInformationProcess☆13Oct 13, 2023Updated 2 years ago
- A JXA script for enumerating running processes, printed out in a json, parent-child tree.☆14Jan 28, 2022Updated 4 years ago
- AppXSVC Service race condition - privilege escalation☆30Jul 30, 2019Updated 6 years ago
- ☆66May 25, 2023Updated 2 years ago
- C++ Assembler with Built-in Mutation Engine☆30Sep 6, 2025Updated 5 months ago
- Find world writable directories that contain a .exe or .dll file☆13Aug 31, 2021Updated 4 years ago
- ☆14Aug 13, 2023Updated 2 years ago
- This is an instruction to run your own SMM code.☆109Mar 8, 2021Updated 4 years ago
- Minimalistic AMD-V/SVM hypervisor with memory introspection capabilities☆364Feb 26, 2025Updated 11 months ago
- 👓A collection of papers/tools/exploits for UEFI security.☆210Sep 4, 2025Updated 5 months ago
- SACL Scanner is a tool designed to scan and analyze SACLs.☆50Feb 13, 2025Updated last year
- PoC script to demonstrate collection of SCCM attack paths that can be viewed in BH with OpenGraph☆24Aug 2, 2025Updated 6 months ago
- POC kernel driver with hidden system thread☆13May 14, 2024Updated last year
- A method to Disable DSE using .data ptr hooks☆38Feb 1, 2024Updated 2 years ago
- A lexer and parser for Sleep☆20May 14, 2025Updated 9 months ago