readme.md

Links

Included

• rentdrv2_x32/rentdrv2_x64
  • https://github.com/keowu/BadRentdrv2
• LenovoDiagnosticsDriver.sys
  • https://github.com/alfarom256/CVE-2022-3699/
• mhyprot2.sys
  • https://github.com/kkent030315/libmhyprot
  • https://github.com/HadesW/mhy_exp
• aswArPot.sys: Yours Truly, Signed AV Driver: Weaponizing An Antivirus Driver
• atillk64.sys: CVE-2020-12138 Exploit Proof-of-Concept, Privilege Escalation in ATI Technologies Inc. Driver atillk64.sys
• MSIO64.sys: Kernel exploitation: weaponizing CVE-2020-17382 MSI Ambient Link driver
• Exploiting System Mechanic Driver - from zero knowledge about driver exploitation to SYSTEM
• dbutil_2_3.sys: CVE-2021-21551- Hundreds Of Millions Of Dell Computers At Risk Due to Multiple BIOS Driver Privilege Escalation Flaws
  • https://github.com/nanabingies/CVE-2021-21551
  • https://github.com/rapid7/metasploit-framework/pull/15190/files
• HW.sys
  • https://decoded.avast.io/janvojtesek/the-return-of-candiru-zero-days-in-the-middle-east/
• RTCore64.sys
  • https://raw.githubusercontent.com/Barakat/CVE-2019-16098/master/CVE-2019-16098.cpp
  • https://hitcon.org/2022/slides/Hack%20The%20Real%20Box_an%20analysis%20of%20multiple%20campaigns%20by%20APT41's%20subgroup%20Earth%20Longzhi.pdf
    • AVBurner: 4b1b1a1293ccd2c0fd51075de9376ebb55ab64972da785153fcb0a4eb523a5eb
    • ProcBurner: 30b64628aae642380147c7671ea8f864b13c2d2affaaea34c4c9512c8a779225
• cpuz-1.0.4.1.sys
  • https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
• kprocesshacker
  • https://www.crowdstrike.com/blog/how-doppelpaymer-hunts-and-kills-windows-processes/
  • https://github.com/winsiderss/systeminformer/releases
• sandra.sys
  • https://securelist.com/unraveling-the-lamberts-toolkit/77990/
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1592
• GMER.sys
  • https://github.com/ZeroMemoryEx/Blackout/tree/master/driver

Unverified

• 0vercl0k/CVE-2021-32537 - PoC for CVE-2021-32537: an out-of-bounds memory access that leads to pool corruption in the Windows kernel
• stong/CVE-2020-15368 - How to exploit a vulnerable windows driver. Exploit for AsrDrv104.sys
• kkent030315/MsIoExploit - Exploit MsIo vulnerable driver
• kasif-dekel/OSR_DeviceTree_Vuln - OSR DeviceTree Local Privilege Escalation
• Signed kernel drivers – Unguarded gateway to Windows core

Vulns - see bin-elastic

• https://github.com/elastic/protections-artifacts/tree/main/yara/rules
• https://www.elastic.co/cn/security-labs/stopping-vulnerable-driver-attacks

Screwed drivers

• https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md

Lol drivers

• https://www.loldrivers.io