PowerShell-KernelPwn

Accompanying blog posts on using PowerShell to exploit the @HackSysTeam Extreme Vulnerable Driver (HEVD).

Win7 x32

Vulnerability	Status	Link
Stack Overflow	Done	http://www.fuzzysecurity.com/tutorials/expDev/14.html
Arbitrary Overwrite	Done	http://www.fuzzysecurity.com/tutorials/expDev/15.html
Null Pointer Dereference	Done	http://www.fuzzysecurity.com/tutorials/expDev/16.html
Uninitialized Stack Variable	Done	http://www.fuzzysecurity.com/tutorials/expDev/17.html
Integer Overflow	Done	http://www.fuzzysecurity.com/tutorials/expDev/18.html
Type Confusion	Exploit Only	N/A
Use After Free	Done	http://www.fuzzysecurity.com/tutorials/expDev/19.html
Pool Overflow	Done	http://www.fuzzysecurity.com/tutorials/expDev/20.html
Stack Overflow GS	To Do
Uninitialized Heap Variable	Done	To do

Win10 x64 (v1511)

Vulnerability	Status	Link
Arbitrary Overwrite	Done	http://www.fuzzysecurity.com/tutorials/expDev/21.html

Win10 x64 (v1607)

Vulnerability	Status	Link
Double Fetch	Done	To Do

Win10 x64 (v1703)

Vulnerability	Status	Link
Arbitrary Overwrite	Done	To Do

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
Kernel_DoubleFetch.ps1		Kernel_DoubleFetch.ps1
Kernel_IntOverflow.ps1		Kernel_IntOverflow.ps1
Kernel_NullDeref.ps1		Kernel_NullDeref.ps1
Kernel_PoolOverflow.ps1		Kernel_PoolOverflow.ps1
Kernel_RS2_WWW_GDI_64.ps1		Kernel_RS2_WWW_GDI_64.ps1
Kernel_Stack.ps1		Kernel_Stack.ps1
Kernel_TypeConfusion.ps1		Kernel_TypeConfusion.ps1
Kernel_UAF.ps1		Kernel_UAF.ps1
Kernel_UninitializedHeapVar.ps1		Kernel_UninitializedHeapVar.ps1
Kernel_UninitializedStackVar.ps1		Kernel_UninitializedStackVar.ps1
Kernel_WWW_GDI_32-64.ps1		Kernel_WWW_GDI_32-64.ps1
Kernel_WriteWhatWhere.ps1		Kernel_WriteWhatWhere.ps1
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

PowerShell-KernelPwn

Win7 x32

Win10 x64 (v1511)

Win10 x64 (v1607)

Win10 x64 (v1703)

About

Uh oh!

Releases

Packages

Languages

FuzzySecurity/HackSysTeam-PSKernelPwn

Folders and files

Latest commit

History

Repository files navigation

PowerShell-KernelPwn

Win7 x32

Win10 x64 (v1511)

Win10 x64 (v1607)

Win10 x64 (v1703)

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages