Cyber security

HackSys Extreme Vulnerable Driver – A Deep Dive into HEVD Exploitation

The HackSys Extreme Vulnerable Driver (HEVD) is a Windows Kernel driver that is intentionally vulnerable. It has been developed for security researchers and enthusiasts to improve their skills in kernel-level exploitation.

HEVD offers a range of vulnerabilities, from simple stack buffer overflows to more complex issues such as use-after-freepool buffer overflows, and race conditions. This allows researchers to explore exploitation techniques for each implemented vulnerability.

           ooooo   ooooo oooooooooooo oooooo     oooo oooooooooo.   
           `888'   `888' `888'     `8  `888.     .8'  `888'   `Y8b  
            888     888   888           `888.   .8'    888      888 
            888ooooo888   888oooo8       `888. .8'     888      888 
            888     888   888    "        `888.8'      888      888 
            888     888   888       o      `888'       888     d88' 
           o888o   o888o o888ooooood8       `8'       o888bood8P'

Screenshots

Vulnerabilities Implemented

  • Write NULL
  • Double Fetch
  • Buffer Overflow
    • Stack
    • Stack GS
    • NonPagedPool
    • NonPagedPoolNx
    • PagedPoolSession
  • Use After Free
    • NonPagedPool
    • NonPagedPoolNx
  • Type Confusion
  • Integer Overflow
    • Arithmetic Overflow
  • Memory Disclosure
    • NonPagedPool
    • NonPagedPoolNx
  • Arbitrary Increment
  • Arbitrary Overwrite
  • Null Pointer Dereference
  • Uninitialized Memory
    • Stack
    • NonPagedPool
  • Insecure Kernel Resource Access

Building The Driver

  1. Install Visual Studio 2017
  2. Install Windows Driver Kit
  3. Run the appropriate driver builder Build_HEVD_Vulnerable_x86.bat or Build_HEVD_Vulnerable_x64.bat

Download

If you do not want to build HackSys Extreme Vulnerable Driver from source, you could download pre-built executables for the latest release:

Installing The Driver

Use OSR Driver Loader to install HackSys Extreme Vulnerable Driver

Testing

The HackSys Extreme Vulnerable Driver and the respective exploits have been tested on Windows 7 SP1 x86 and Windows 10 x64

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Leave a Comment
Share
Published by
Varshini
Tags: cybersecurityHEVDinformationsecuritykalilinuxkalilinuxtools
2 years ago

Recent Posts

How Web Application Firewalls (WAFs) Work

General Working of a Web Application Firewall (WAF) A Web Application Firewall (WAF) acts as…

1 hour ago

How to Send POST Requests Using curl in Linux

How to Send POST Requests Using curl in Linux If you work with APIs, servers,…

2 hours ago

What Does chmod 777 Mean in Linux

If you are a Linux user, you have probably seen commands like chmod 777 while…

2 hours ago

How to Undo and Redo in Vim or Vi

Vim and Vi are among the most powerful text editors in the Linux world. They…

2 hours ago

How to Unzip and Extract Files in Linux

Working with compressed files is a common task for any Linux user. Whether you are…

2 hours ago

Free Email Lookup Tools and Reverse Email Search Resources

In the digital era, an email address can reveal much more than just a contact…

2 hours ago