/HackSysExtremeVulnerableDriver

HackSys Extreme Vulnerable Driver (HEVD) - Windows & Linux

Primary LanguageCGNU General Public License v3.0GPL-3.0

HackSys Extreme Vulnerable Driver

           ooooo   ooooo oooooooooooo oooooo     oooo oooooooooo.   
           `888'   `888' `888'     `8  `888.     .8'  `888'   `Y8b  
            888     888   888           `888.   .8'    888      888 
            888ooooo888   888oooo8       `888. .8'     888      888 
            888     888   888    "        `888.8'      888      888 
            888     888   888       o      `888'       888     d88' 
           o888o   o888o o888ooooood8       `8'       o888bood8P'   

Black Hat Arsenal Appveyor Build Status GitHub all Releases Twitter Follow Mastodon Follow Discord Server

The HackSys Extreme Vulnerable Driver (HEVD) is a Windows Kernel driver that is intentionally vulnerable. It has been developed for security researchers and enthusiasts to improve their skills in kernel-level exploitation.

HEVD offers a range of vulnerabilities, from simple stack buffer overflows to more complex issues such as use-after-free, pool buffer overflows, and race conditions. This allows researchers to explore exploitation techniques for each implemented vulnerability.

Black Hat Arsenal 2016

Blog Post

External Exploits

External Blog Posts

Author

Ashfaq Ansari

ashfaq[at]hacksys[dot]io

Blog | @HackSysTeam

HackSys Inc

https://hacksys.io/

Screenshots

Driver Banner

Help

Exploitation

Driver Debug Print

Vulnerabilities Implemented

  • Write NULL
  • Double Fetch
  • Buffer Overflow
    • Stack
    • Stack GS
    • NonPagedPool
    • NonPagedPoolNx
    • PagedPoolSession
  • Use After Free
    • NonPagedPool
    • NonPagedPoolNx
  • Type Confusion
  • Integer Overflow
    • Arithmetic Overflow
  • Memory Disclosure
    • NonPagedPool
    • NonPagedPoolNx
  • Arbitrary Increment
  • Arbitrary Overwrite
  • Null Pointer Dereference
  • Uninitialized Memory
    • Stack
    • NonPagedPool
  • Insecure Kernel Resource Access

Building the driver

  1. Install Visual Studio 2017
  2. Install Windows Driver Kit
  3. Run the appropriate driver builder Build_HEVD_Vulnerable_x86.bat or Build_HEVD_Vulnerable_x64.bat

Download

If you do not want to build HackSys Extreme Vulnerable Driver from source, you could download pre-built executables for the latest release:

https://github.com/hacksysteam/HackSysExtremeVulnerableDriver/releases

Installing the driver

Use OSR Driver Loader to install HackSys Extreme Vulnerable Driver

Testing

The HackSys Extreme Vulnerable Driver and the respective exploits have been tested on Windows 7 SP1 x86 and Windows 10 x64

Sessions Conducted

Workshops Conducted

HEVD for Linux

Linux HEVD Driver Banner

Linux HEVD Driver Installer

Linux HEVD Driver IOTCL Tests

Linux HEVD Driver IOTCL Log

License

Please see the file LICENSE for copying permission

Contribution Guidelines

Please see the file CONTRIBUTING.md for contribution guidelines

TODO & Bug Reports

Please file any enhancement request or bug report via the GitHub issue tracker at the below-given address: https://github.com/hacksysteam/HackSysExtremeVulnerableDriver/issues

Acknowledgments

Thanks go to these wonderful people: 🎉


HackSys Inc