CVE-2018-19320

Rust POC for CVE-2018-1932X kernel driver vulnerabilities

CVE-2018-1932X ( Rust Exploit POC) for GIGABYTE APP Center v10521 and earlier Just because your target is memory unsafe doesn't mean your exploit has to be! Vulnerabilities used : CVE-2018-19320 - ring0 memcpy-like functionality CVE-2018-19323 - read and write Machine Specific Registers (MSRs) Tested on: 20H1: Windows 10 Kernel Version 19041 MP (1 procs) Free x64

Win32 Offensive Cheatsheet Win32 and Kernel abusing techniques for pentesters & red-teamers made by @UVision and @RistBS Dev mode enabled, open to any help :) Windows Binary Documentation PE structure PE Headers Parsing PE Export Address Table (EAT) Resolve function address Import Address Table (IAT) Parsing IAT Import Lookup Table (ILT) Enable SeDebug privi

Win32 and Kernel abusing techniques for pentesters

Win32 Offensive Cheatsheet Win32 and Kernel abusing techniques for pentesters & red-teamers made by @UVision and @RistBS Dev mode enabled, open to any help :) Windows Binary Documentation PE structure PE Headers Parsing PE Export Address Table (EAT) Resolve function address Import Address Table (IAT) Parsing IAT Import Lookup Table (ILT) Enable SeDebug privi

Ransomware replication Windows 8.1 driver exploitation

PoC RobinHood Ransomware replication by using Aorus Gigabyte v134 Description This exploit first get a handle on the gigabyte driver and use IOCTL's code to allocate memory and put our shellcode in the kernel memory The shellcode himself is making a loop on EPROCESS structures in order to find the token associated to the "system" process and give this token to

Code to disable DSE(Driver Signature Enforcement) using vulnerable gigabyte driver.

Gigabyte_Disable_DSE Code to disable DSE(Driver Signature Enforcement) using vulnerable gigabyte driver References:: githubcom/hfiref0x/DSEFix/blob/master/Source/DSEFix/mainc newssophoscom/en-us/2020/02/06/living-off-another-land-ransomware-borrows-vulnerable-driver-to-remove-security-software/ githubcom/fdiskyou/CVE-2018-19320/blob/master/Gigabyte

Some of my windows kernel exploits for learning purposes

Windows-Exploits Some kernel exploits I used to learn about the topic, mainly for OSEE These probably contain code snippets from other exploits - if I missed references/authors please send me a message and I'll add them Kernel HEVD Most exploits are vs Win10 1909 x64 targetting githubcom/hacksysteam/HackSysExtremeVulnerableDriver StackOverflow (Medium Integr

CVE-2018-19320 LPE Exploit

CVE-2018-19320 LPE Exploit Description Local Privilege Escalation Exploit of CVE-2018-19320 The exploit uses the exposed functions in gdrvsys that allow a low-level user to allocate and write data to memory for escalating the privileges to SYSTEM ScreenShot Tested on: Windows 10 x64 21H1 (OS Build 19031165) Affected Versions GIGABYTE APP Center v10521 and previous AORU

PoC RobinHood Ransomware replication by using Aorus Gigabyte v134 Description This exploit first get a handle on the gigabyte driver and use IOCTL's code to allocate memory and put our shellcode in the kernel memory The shellcode himself is making a loop on EPROCESS structures in order to find the token associated to the "system" process and give this token to

CVE-2018-19320 LPE Exploit

CVE-2018-19320 LPE Exploit Description Local Privilege Escalation Exploit of CVE-2018-19320 The exploit uses the exposed functions in gdrvsys that allow a low-level user to allocate and write data to memory for escalating the privileges to SYSTEM ScreenShot Tested on: Windows 10 x64 21H1 (OS Build 19031165) Affected Versions GIGABYTE APP Center v10521 and previous AORU