News
Driver Buddy Revolutions for Ghidra
ghidra_vuln_finder.py is a Ghidra analysis script (based on DriverBuddy) that performs automated static reconnaissance on Windows kernel drivers. It scans the driver for common build patterns and interesting functions, decodes...
Driver Buddy Revolutions for Ghidra
ghidra_vuln_finder.py is a Ghidra analysis script (based on DriverBuddy) that performs automated static reconnaissance on Windows kernel drivers. It scans the driver for common build patterns and interesting functions, decodes...
WinDBG Plugin for Windows Kernel Exploitation.
This WinDBG Plugin traps and logs the IOCTLs on real-time from the target driver/module, sets a breakpoint into IRP_MJ_DEVICE_CONTROL to break or pass, and once you trigger the IOCTL from...
WinDBG Plugin for Windows Kernel Exploitation.
This WinDBG Plugin traps and logs the IOCTLs on real-time from the target driver/module, sets a breakpoint into IRP_MJ_DEVICE_CONTROL to break or pass, and once you trigger the IOCTL from...
Subverting the Windows Kernel with exploits and...
At BSides Frankfurt, Juan Sacco (Founder & Lead Developer, Exploit Pack) delivered a deep, technical session on Windows kernel exploitation and driver weaknesses. Juan walked the audience through the journey...
Subverting the Windows Kernel with exploits and...
At BSides Frankfurt, Juan Sacco (Founder & Lead Developer, Exploit Pack) delivered a deep, technical session on Windows kernel exploitation and driver weaknesses. Juan walked the audience through the journey...
IOCTL++ tool for hunting Windows Kernel Exploits
IOCTL++ can be used to make DeviceIoControl requests with arbitrary inputs. The original tool has been improved with a driver helper and a driver hooker allowing the user to capture...
IOCTL++ tool for hunting Windows Kernel Exploits
IOCTL++ can be used to make DeviceIoControl requests with arbitrary inputs. The original tool has been improved with a driver helper and a driver hooker allowing the user to capture...
Windows Kernel Exploits: WRMSR (Model Specific ...
Model Specific Registers (MSR) are CPU control registers that are specific for a CPU family. Their original purpose was to introduce experimental new features and functionality, but some of them...
Windows Kernel Exploits: WRMSR (Model Specific ...
Model Specific Registers (MSR) are CPU control registers that are specific for a CPU family. Their original purpose was to introduce experimental new features and functionality, but some of them...
Windows Kernel Exploits: ZwMapViewOfSection and...
In this exploit, the core technique here was hijacking a legitimate syscall (NtShutdownSystem) to act as a gate into arbitrary kernel exports. First, resolved the virtual address of a target...
Windows Kernel Exploits: ZwMapViewOfSection and...
In this exploit, the core technique here was hijacking a legitimate syscall (NtShutdownSystem) to act as a gate into arbitrary kernel exports. First, resolved the virtual address of a target...