Hacksys Extreme Vulnerable Driver

INTRODUCTION :HackSys Extreme Vulnerable Driver

HackSys Extreme Vulnerable Driver is intentionally vulnerable Windows driver developed for security enthusiasts to learn and polish their exploitation skills at Kernel level.

HackSys Extreme Vulnerable Driver caters wide range of vulnerabilities ranging from simple Buffer Overflows to complex Use After Frees and Pool Overflows. This allows the researchers to explore the exploitation techniques for all the implemented vulnerabilities.

WHY HACKSYS EXTREME VULNERABLE DRIVER?

I was giving a series of talks on Windows Kernel Exploitation at null Security Community’s Pune Chapter. So, I thought, it’s better to write a driver which has all the major vulnerabilities implemented in it. The idea to write the driver was to provide the attendees a better view of what’s happening behind the vulnerable code and also this will be of great help during my workshops and trainings.

VULNERABILITIES IMPLEMENTED

  • Pool Overflow
  • Use After Free
  • Type Confusion
  • Stack Overflow
  • Integer Overflow
  • Stack Overflow GS
  • Arbitrary Overwrite
  • Null Pointer Dereference

SCREENSHOTS

1) Help

2) Exploit

3) Driver Debug Print

4) SOURCE CODE

5) SUPPORTED WINDOWS VERSIONS :
This driver has been successfully tested on Windows XP SP3 (x86), Windows 2003 SP3 (x86) andWindows 7 SP1 (x86), but it can support Windows 88.1 (x86) too. Windows 88.1 support has not been tested now.

6) WHAT ABOUT EXPLOITS? : The exploits have been provided with this project. The exploit has been tested on Windows 7 SP1 (x86) and will need tweaking to support other versions of Windows OS.

7) BUILDING DRIVER + Install Windows Driver Kit

  • Change %localSymbolServerPath% in bat and Build_HEVD_Vulnerable.bat driver builder
  • Run the appropriate driver builder Build_HEVD_Secure.bat or Build_HEVD_Vulnerable.bat

INSTALLING DRIVER

Use OSR Driver Loader to install HackSys Extreme Vulnerable Driver

TODO

Yes, there are few more vulnerabilities I want to implemented in it like Use Of Uninitialized Variable Vulnerability and Time-Of-Check-To-Time-Of-Use (TOCTOU) Vulnerability. Another important vulnerability I want to implement is Memory Disclosure Vulnerability, this will help me to break KASLR on Windows 8 variant.

If you have ideas to propose, do contact me or raise a feature request/bug report via Github Issue Tracking page https://github.com/hacksysteam/HackSysExtremeVulnerableDriver/issues

SESSIONS CONDUCTED

WORKSHOPS CONDUCTED

BUG REPORT

Please file any bug report via GitHub Issue Tracker at the below given address:https://github.com/hacksysteam/HackSysExtremeVulnerableDriver/issues

Subscribe to our Newsletter
Subscription Form

Research Powered Cybersecurity Services and Training. Eliminate security threats through our innovative and extensive security assessments.

Subscribe to our newsletter

Subscription Form

Services

Products

Conference

Resources

About

Iot Security Testing
Red Team Assessment
Product Security
AI/ML Security Audit
Web Security Testing
Mobile Security Testing
DevSecOps Consulting
Code Review
Cloud Security
Critical Infrastructure
SOC Service
ExPLIoT
CloudFuzz
Nullcon
Hardwear.io
Blog
E-Book
Advisory
Media
Case Studies
MasterClass Series
BugBazaar
Securecode.wiki
About Us
Career
News
Contact Us
Payatu Bandits
WhatsApp Community
Hardware-Lab
Disclosure Policy
Corporate Partners
Youtube Linkedin Facebook Twitter Instagram Whatsapp
DOWNLOAD THE DATASHEET

Fill in your details and get your copy of the datasheet in few seconds

CTI Report
DOWNLOAD THE EBOOK

Fill in your details and get your copy of the ebook in your inbox

Ebook Download
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download ICS Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Cloud Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download IoT Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Code Review Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Red Team Assessment Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download AI/ML Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download DevSecOps Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Product Security Assessment Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Mobile Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Web App Sample Report

Let’s make cyberspace secure together!

Requirements

Connect Now Form

What our clients are saying!

Trade Ledger takes privacy and security of it’s customers and system very seriously. We needed an independent audit to check our systems, and wanted to partner with a team that understands the compliance environment of banks.
MARTIN MECCAN
MARTIN MECCANCEO - TradeLedger Australia

Trusted by