HackSys Extreme Vulnerable Driver – A Deep Dive into HEVD Exploitation

The HackSys Extreme Vulnerable Driver (HEVD) is a Windows Kernel driver that is intentionally vulnerable. It has been developed for security researchers and enthusiasts to improve their skills in kernel-level exploitation.

HEVD offers a range of vulnerabilities, from simple stack buffer overflows to more complex issues such as use-after-free, pool buffer overflows, and race conditions. This allows researchers to explore exploitation techniques for each implemented vulnerability.

           ooooo   ooooo oooooooooooo oooooo     oooo oooooooooo.   
           `888'   `888' `888'     `8  `888.     .8'  `888'   `Y8b  
            888     888   888           `888.   .8'    888      888 
            888ooooo888   888oooo8       `888. .8'     888      888 
            888     888   888    "        `888.8'      888      888 
            888     888   888       o      `888'       888     d88' 
           o888o   o888o o888ooooood8       `8'       o888bood8P'

Screenshots

Vulnerabilities Implemented

Write NULL
Double Fetch
Buffer Overflow
- Stack
- Stack GS
- NonPagedPool
- NonPagedPoolNx
- PagedPoolSession
Use After Free
- NonPagedPool
- NonPagedPoolNx
Type Confusion
Integer Overflow
- Arithmetic Overflow
Memory Disclosure
- NonPagedPool
- NonPagedPoolNx
Arbitrary Increment
Arbitrary Overwrite
Null Pointer Dereference
Uninitialized Memory
- Stack
- NonPagedPool
Insecure Kernel Resource Access

Building The Driver

Install Visual Studio 2017
Install Windows Driver Kit
Run the appropriate driver builder Build_HEVD_Vulnerable_x86.bat or Build_HEVD_Vulnerable_x64.bat

Download

If you do not want to build HackSys Extreme Vulnerable Driver from source, you could download pre-built executables for the latest release:

Installing The Driver

Use OSR Driver Loader to install HackSys Extreme Vulnerable Driver

Testing

The HackSys Extreme Vulnerable Driver and the respective exploits have been tested on Windows 7 SP1 x86 and Windows 10 x64

CVE-2025-21333-POC : An In-Depth Exploration Of Windows Kernel Exploitation Techniques

March 4, 2025

In "Cyber security"

Star-Tup : A Beginner’s Guide To Bash Scripting For Productivity

May 2, 2024

In "cybersecurity"

Sunder : A Windows Rootkit Exploiting Vulnerable Drivers For Kernel-Level Attacks

January 30, 2025

In "Cyber security"

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.