HackSys Extreme Vulnerable Driver - HEVD

HackSys Extreme Vulnerable Driver is intentionally vulnerable Windows driver developed for security enthusiasts to learn and polish their exploitation skills at Kernel level.

HackSys Extreme Vulnerable Driver caters wide range of vulnerabilities ranging from simple Buffer Overflows to complex Use After Frees and Pool Overflows . This allows the researchers to explore the exploitation techniques for every implemented vulnerabilities.

Screenshots

Vulnerabilities Implemented

• Pool Overflow
• Use After Free
• Type Confusion
• Stack Overflow
• Integer Overflow
• Stack Overflow GS
• Arbitrary Overwrite
• Null Pointer Dereference

Building Driver

1. Install Windows Driver Kit
2. Change %localSymbolServerPath% in Build_HEVD_Secure.bat an Build_HEVD_Vulnerable.bat driver builder
3. Run the appropriate driver builder Build_HEVD_Secure.bat or Build_HEVD_Vulnerable.bat

Installing Driver

Use OSR Driver Loader to install HackSys Extreme Vulnerable Driver


Testing

The HackSys Extreme Vulnerable Driver and the respective exploits have been tested on Windows 7 SP1 x86

Presentations

Presentation will be uploaded soon .

Sessions Conducted

• Windows Kernel Exploitation 1
• Windows Kernel Exploitation 2
• Windows Kernel Exploitation 3
• Windows Kernel Exploitation 4
• Windows Kernel Exploitation 5

Workshops Conducted

• Windows Kernel Exploitation Humla Pune
• Windows Kernel Exploitation Humla Mumbai

TODO

1. Test the Driver on Windows 8.1/10 x64
2. Add the exploit support for Windows 8.1/10 x64
3. Add Use Of Uninitialized Variable Vulnerability
4. Add Memory Disclosure Vulnerability
5. Add Time-Of-Check-To-Time-Of-Use ( TOCTTU/Race Condition ) Vulnerability
6. Refactor and Cleanup the driver and exploit source code

Download HEVD