## Links Included * rentdrv2_x32/rentdrv2_x64 * https://github.com/keowu/BadRentdrv2 * LenovoDiagnosticsDriver.sys * https://github.com/alfarom256/CVE-2022-3699/ * mhyprot2.sys * https://github.com/kkent030315/libmhyprot * https://github.com/HadesW/mhy_exp * [aswArPot.sys: Yours Truly, Signed AV Driver: Weaponizing An Antivirus Driver](https://www.aon.com/cyber-solutions/aon_cyber_labs/yours-truly-signed-av-driver-weaponizing-an-antivirus-driver/) * [atillk64.sys: CVE-2020-12138 Exploit Proof-of-Concept, Privilege Escalation in ATI Technologies Inc. Driver atillk64.sys](https://h0mbre.github.io/atillk64_exploit) * [MSIO64.sys: Kernel exploitation: weaponizing CVE-2020-17382 MSI Ambient Link driver](https://www.matteomalvica.com/blog/2020/09/24/weaponizing-cve-2020-17382/) * [Exploiting System Mechanic Driver - from zero knowledge about driver exploitation to SYSTEM](https://voidsec.com/exploiting-system-mechanic-driver/) * [dbutil_2_3.sys: CVE-2021-21551- Hundreds Of Millions Of Dell Computers At Risk Due to Multiple BIOS Driver Privilege Escalation Flaws](https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/) * https://github.com/nanabingies/CVE-2021-21551 * https://github.com/rapid7/metasploit-framework/pull/15190/files * HW.sys * https://decoded.avast.io/janvojtesek/the-return-of-candiru-zero-days-in-the-middle-east/ * RTCore64.sys * https://raw.githubusercontent.com/Barakat/CVE-2019-16098/master/CVE-2019-16098.cpp * https://hitcon.org/2022/slides/Hack%20The%20Real%20Box_an%20analysis%20of%20multiple%20campaigns%20by%20APT41's%20subgroup%20Earth%20Longzhi.pdf * AVBurner: 4b1b1a1293ccd2c0fd51075de9376ebb55ab64972da785153fcb0a4eb523a5eb * ProcBurner: 30b64628aae642380147c7671ea8f864b13c2d2affaaea34c4c9512c8a779225 * cpuz-1.0.4.1.sys * https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html * kprocesshacker * https://www.crowdstrike.com/blog/how-doppelpaymer-hunts-and-kills-windows-processes/ * https://github.com/winsiderss/systeminformer/releases * sandra.sys * https://securelist.com/unraveling-the-lamberts-toolkit/77990/ * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1592 * GMER.sys * https://github.com/ZeroMemoryEx/Blackout/tree/master/driver Unverified * [CyberSecurityUP/ProcessKiller-BYOVD - BYOVD Technique Example using viragt64 driver](https://github.com/CyberSecurityUP/ProcessKiller-BYOVD) * [0vercl0k/CVE-2021-32537 - PoC for CVE-2021-32537: an out-of-bounds memory access that leads to pool corruption in the Windows kernel](https://github.com/0vercl0k/CVE-2021-32537) * [stong/CVE-2020-15368 - How to exploit a vulnerable windows driver. Exploit for AsrDrv104.sys](https://github.com/stong/CVE-2020-15368) * [kkent030315/MsIoExploit - Exploit MsIo vulnerable driver](https://github.com/kkent030315/MsIoExploit) * [kasif-dekel/OSR_DeviceTree_Vuln - OSR DeviceTree Local Privilege Escalation](https://github.com/kasif-dekel/OSR_DeviceTree_Vuln/blob/main/README.md) * [Signed kernel drivers – Unguarded gateway to Windows core](https://www.welivesecurity.com/2022/01/11/signed-kernel-drivers-unguarded-gateway-windows-core) Vulns - see bin-elastic * https://github.com/elastic/protections-artifacts/tree/main/yara/rules * https://www.elastic.co/cn/security-labs/stopping-vulnerable-driver-attacks Screwed drivers * https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md Lol drivers * https://www.loldrivers.io