HackSys Extreme Vulnerable Driver
ooooo ooooo oooooooooooo oooooo oooo oooooooooo.
`888' `888' `888' `8 `888. .8' `888' `Y8b
888 888 888 `888. .8' 888 888
888ooooo888 888oooo8 `888. .8' 888 888
888 888 888 " `888.8' 888 888
888 888 888 o `888' 888 d88'
o888o o888o o888ooooood8 `8' o888bood8P'
HackSys Extreme Vulnerable Driver is intentionally vulnerable Windows driver developed for security enthusiasts to learn and polish their exploitation skills at Kernel level.
HackSys Extreme Vulnerable Driver caters wide range of vulnerabilities ranging from simple Buffer Overflows
to complex Use After Frees
and Pool Overflows
. This allows the researchers to explore the exploitation techniques for every implemented vulnerabilities.
Black Hat Arsenal 2016
Blog Post
http://www.payatu.com/hacksys-extreme-vulnerable-driver/
External Posts/Research
http://niiconsulting.com/checkmate/2016/01/windows-kernel-exploitation/
http://whitehatters.academy/intro-to-windows-kernel-exploitation-2-windows-drivers/
http://whitehatters.academy/intro-to-windows-kernel-exploitation-3-my-first-driver-exploit/
http://whitehatters.academy/intro-to-windows-kernel-exploitation-more-of-the-hacksys-driver/
https://sizzop.github.io/2016/07/05/kernel-hacking-with-hevd-part-1.html
https://sizzop.github.io/2016/07/06/kernel-hacking-with-hevd-part-2.html
https://sizzop.github.io/2016/07/07/kernel-hacking-with-hevd-part-3.html
https://sizzop.github.io/2016/07/08/kernel-hacking-with-hevd-part-4.html
Author
Ashfaq Ansari
ashfaq[at]payatu[dot]com
@HackSysTeam | Blog | null
Screenshots
Vulnerabilities Implemented
- Pool Overflow
- Use After Free
- Type Confusion
- Stack Overflow
- Integer Overflow
- Stack Overflow GS
- Arbitrary Overwrite
- Null Pointer Dereference
- Uninitialized Heap Variable
- Uninitialized Stack Variable
Building Driver
- Install Windows Driver Kit
- Change
%localSymbolServerPath%
inBuild_HEVD_Secure.bat
andBuild_HEVD_Vulnerable.bat
driver builder - Run the appropriate driver builder
Build_HEVD_Secure.bat
orBuild_HEVD_Vulnerable.bat
Installing Driver
Use OSR Driver Loader to install HackSys Extreme Vulnerable Driver
Testing
The HackSys Extreme Vulnerable Driver and the respective exploits have been tested on Windows 7 SP1 x86
Sessions Conducted
- Windows Kernel Exploitation 1
- Windows Kernel Exploitation 2
- Windows Kernel Exploitation 3
- Windows Kernel Exploitation 4
- Windows Kernel Exploitation 5
- Windows Kernel Exploitation 6
- Windows Kernel Exploitation 7
Workshops Conducted
License
Please see the file LICENSE
for copying permission
Contribution Guidelines
Please see the file CONTRIBUTING.md
for contribution guidelines
TODO & Bug Report
Please file any enhancement request or bug report via GitHub Issue Tracker at the below given address: https://github.com/hacksysteam/HackSysExtremeVulnerableDriver/issues