The HackSys Extreme Vulnerable Driver (HEVD) is a Windows Kernel driver that is intentionally vulnerable. It has been developed for security researchers and enthusiasts to improve their skills in kernel-level exploitation.

HEVD offers a range of vulnerabilities, from simple stack buffer overflows to more complex issues such as use-after-freepool buffer overflows, and race conditions. This allows researchers to explore exploitation techniques for each implemented vulnerability.

           ooooo   ooooo oooooooooooo oooooo     oooo oooooooooo.   
           `888'   `888' `888'     `8  `888.     .8'  `888'   `Y8b  
            888     888   888           `888.   .8'    888      888 
            888ooooo888   888oooo8       `888. .8'     888      888 
            888     888   888    "        `888.8'      888      888 
            888     888   888       o      `888'       888     d88' 
           o888o   o888o o888ooooood8       `8'       o888bood8P'   

Screenshots

Vulnerabilities Implemented

  • Write NULL
  • Double Fetch
  • Buffer Overflow
    • Stack
    • Stack GS
    • NonPagedPool
    • NonPagedPoolNx
    • PagedPoolSession
  • Use After Free
    • NonPagedPool
    • NonPagedPoolNx
  • Type Confusion
  • Integer Overflow
    • Arithmetic Overflow
  • Memory Disclosure
    • NonPagedPool
    • NonPagedPoolNx
  • Arbitrary Increment
  • Arbitrary Overwrite
  • Null Pointer Dereference
  • Uninitialized Memory
    • Stack
    • NonPagedPool
  • Insecure Kernel Resource Access

Building The Driver

  1. Install Visual Studio 2017
  2. Install Windows Driver Kit
  3. Run the appropriate driver builder Build_HEVD_Vulnerable_x86.bat or Build_HEVD_Vulnerable_x64.bat

Download

If you do not want to build HackSys Extreme Vulnerable Driver from source, you could download pre-built executables for the latest release:

EHA

Installing The Driver

Use OSR Driver Loader to install HackSys Extreme Vulnerable Driver

Testing

The HackSys Extreme Vulnerable Driver and the respective exploits have been tested on Windows 7 SP1 x86 and Windows 10 x64