The report and the exploit of CVE-2021-26943, the kernel-to-SMM local privilege escalation vulnerability in ASUS UX360CA BIOS version 303.
☆145Mar 29, 2021Updated 4 years ago
Alternatives and similar repositories for SmmExploit
Users that are interested in SmmExploit are comparing it to the libraries listed below
Sorting:
- Arbitrary SMM code execution exploit for industry-wide 0day vulnerability in AMI Aptio based firmwares☆76Oct 22, 2016Updated 9 years ago
- This is an instruction to run your own SMM code.☆108Mar 8, 2021Updated 5 years ago
- UEFI and SMM Assessment Tool☆215Nov 21, 2024Updated last year
- The runtime DXE driver monitoring access to the UEFI variables by hooking the runtime service table.☆146Oct 9, 2020Updated 5 years ago
- The sample DXE runtime driver demonstrating how to program DMA remapping.☆73Dec 27, 2023Updated 2 years ago
- ☆17Oct 31, 2022Updated 3 years ago
- Updated version of System Management Mode backdoor for UEFI based platforms: old dog, new tricks☆358Nov 3, 2023Updated 2 years ago
- System Management RAM analysis tool☆83Aug 9, 2024Updated last year
- SMM rootkit similar to LoJax or MosaicRegressor☆146Nov 1, 2023Updated 2 years ago
- Information about a signed UEFI Shell that can be used when Secure Boot is enabled.☆85Apr 27, 2021Updated 4 years ago
- Tool to dump UEFI runtime drivers implementing runtime services for Windows☆111Dec 24, 2020Updated 5 years ago
- Binarly Vulnerability Research Advisories☆185Jan 26, 2026Updated last month
- baton drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability☆350Sep 27, 2023Updated 2 years ago
- IDA plugin and loader for UEFI firmware analysis and reverse engineering automation☆1,083Feb 17, 2026Updated last month
- Runtime smm module loader☆37Jan 12, 2023Updated 3 years ago
- A standalone python script leveraging ntdll for UEFI variable enumeration. This uses elements from the "chipsec" toolkit for formatting w…☆10Jul 25, 2023Updated 2 years ago
- ☆23Jul 24, 2023Updated 2 years ago
- Dumps information about all the callback objects found in a dump file and the functions registered for them☆38Oct 21, 2020Updated 5 years ago
- Code Injection, Inject malicious payload via pagetables pml4.☆243Jul 7, 2021Updated 4 years ago
- Communication via callback☆73Oct 9, 2019Updated 6 years ago
- The research UEFI hypervisor that supports booting an operating system.☆718Aug 15, 2024Updated last year
- PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for li…☆859Mar 7, 2026Updated 2 weeks ago
- ☆69Dec 17, 2020Updated 5 years ago
- ☆135Mar 9, 2026Updated last week
- mash hypervisor host pml4☆17Jun 22, 2022Updated 3 years ago
- ☆21Aug 7, 2021Updated 4 years ago
- A tool for UEFI firmware reverse engineering☆368Dec 28, 2024Updated last year
- Simple Demo of using Windows Hypervisor Platform☆29Jul 14, 2025Updated 8 months ago
- A simple hypervisor demonstrating the use of the Intel VT-rp (redirect protection) technology.☆114Mar 28, 2024Updated last year
- ☆96Jun 18, 2024Updated last year
- ☆48Jun 30, 2020Updated 5 years ago
- Breaking Secure Boot with SMM☆41Apr 5, 2022Updated 3 years ago
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆109Apr 24, 2020Updated 5 years ago
- A library to develop kernel level Windows payloads for post HVCI era☆488May 18, 2021Updated 4 years ago
- Monitor ETW events for Windows process mitigation policies, with stack traces☆31Oct 7, 2022Updated 3 years ago
- The Binarly Firmware Hunt (FwHunt) rule format was designed to scan for known vulnerabilities in UEFI firmware.☆243Mar 12, 2024Updated 2 years ago
- 👓A collection of papers/tools/exploits for UEFI security.☆214Sep 4, 2025Updated 6 months ago
- a simple intel vt code both support x86 & x64. PatchGuard monitor.☆77Oct 28, 2021Updated 4 years ago
- win10 pgContext dynamic dump (btc version)☆110Jan 15, 2020Updated 6 years ago