Included
- mhyprot2.sys
- aswArPot.sys: Yours Truly, Signed AV Driver: Weaponizing An Antivirus Driver
- atillk64.sys: CVE-2020-12138 Exploit Proof-of-Concept, Privilege Escalation in ATI Technologies Inc. Driver atillk64.sys
- MSIO64.sys: Kernel exploitation: weaponizing CVE-2020-17382 MSI Ambient Link driver
- Exploiting System Mechanic Driver - from zero knowledge about driver exploitation to SYSTEM
- dbutil_2_3.sys: CVE-2021-21551- Hundreds Of Millions Of Dell Computers At Risk Due to Multiple BIOS Driver Privilege Escalation Flaws
- HW.sys
- RTCore64.sys
- https://raw.githubusercontent.com/Barakat/CVE-2019-16098/master/CVE-2019-16098.cpp
- https://hitcon.org/2022/slides/Hack%20The%20Real%20Box_an%20analysis%20of%20multiple%20campaigns%20by%20APT41's%20subgroup%20Earth%20Longzhi.pdf
- AVBurner: 4b1b1a1293ccd2c0fd51075de9376ebb55ab64972da785153fcb0a4eb523a5eb
- ProcBurner: 30b64628aae642380147c7671ea8f864b13c2d2affaaea34c4c9512c8a779225
Unverified
- 0vercl0k/CVE-2021-32537 - PoC for CVE-2021-32537: an out-of-bounds memory access that leads to pool corruption in the Windows kernel
- stong/CVE-2020-15368 - How to exploit a vulnerable windows driver. Exploit for AsrDrv104.sys
- kkent030315/MsIoExploit - Exploit MsIo vulnerable driver
- kasif-dekel/OSR_DeviceTree_Vuln - OSR DeviceTree Local Privilege Escalation
- Signed kernel drivers – Unguarded gateway to Windows core
Vulns - see bin-elastic
- https://github.com/elastic/protections-artifacts/tree/main/yara/rules
- https://www.elastic.co/cn/security-labs/stopping-vulnerable-driver-attacks
Screwed drivers