Cyber security

HackSys Extreme Vulnerable Driver – A Deep Dive into HEVD Exploitation

The HackSys Extreme Vulnerable Driver (HEVD) is a Windows Kernel driver that is intentionally vulnerable. It has been developed for security researchers and enthusiasts to improve their skills in kernel-level exploitation.

HEVD offers a range of vulnerabilities, from simple stack buffer overflows to more complex issues such as use-after-freepool buffer overflows, and race conditions. This allows researchers to explore exploitation techniques for each implemented vulnerability.

           ooooo   ooooo oooooooooooo oooooo     oooo oooooooooo.   
           `888'   `888' `888'     `8  `888.     .8'  `888'   `Y8b  
            888     888   888           `888.   .8'    888      888 
            888ooooo888   888oooo8       `888. .8'     888      888 
            888     888   888    "        `888.8'      888      888 
            888     888   888       o      `888'       888     d88' 
           o888o   o888o o888ooooood8       `8'       o888bood8P'

Screenshots

Vulnerabilities Implemented

  • Write NULL
  • Double Fetch
  • Buffer Overflow
    • Stack
    • Stack GS
    • NonPagedPool
    • NonPagedPoolNx
    • PagedPoolSession
  • Use After Free
    • NonPagedPool
    • NonPagedPoolNx
  • Type Confusion
  • Integer Overflow
    • Arithmetic Overflow
  • Memory Disclosure
    • NonPagedPool
    • NonPagedPoolNx
  • Arbitrary Increment
  • Arbitrary Overwrite
  • Null Pointer Dereference
  • Uninitialized Memory
    • Stack
    • NonPagedPool
  • Insecure Kernel Resource Access

Building The Driver

  1. Install Visual Studio 2017
  2. Install Windows Driver Kit
  3. Run the appropriate driver builder Build_HEVD_Vulnerable_x86.bat or Build_HEVD_Vulnerable_x64.bat

Download

If you do not want to build HackSys Extreme Vulnerable Driver from source, you could download pre-built executables for the latest release:

Installing The Driver

Use OSR Driver Loader to install HackSys Extreme Vulnerable Driver

Testing

The HackSys Extreme Vulnerable Driver and the respective exploits have been tested on Windows 7 SP1 x86 and Windows 10 x64

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Leave a Comment
Share
Published by
Varshini
Tags: cybersecurityHEVDinformationsecuritykalilinuxkalilinuxtools
2 years ago

Recent Posts

Admin Panel Dorks : A Complete List of Google Dorks

Introduction Google Dorking is a technique where advanced search operators are used to uncover information…

1 hour ago

Best Linux Distros in 2026

Linux is renowned for its versatility, open-source nature, and security. Whether you're a beginner, developer,…

2 hours ago

Top 10 Cyber Insurance Companies in 2026

Cyber insurance helps businesses and individuals mitigate financial losses from data breaches, ransomware, extortion, legal…

2 hours ago

Ransomware Incident Response

Ransomware is one of the most dangerous and destructive forms of cybercrime today. With cybercriminals…

4 hours ago

Best Social Media Search Engines and Tools for 2026

Social media is a key part of our daily lives, with millions of users sharing…

6 hours ago

How to Remove Your Personal Information from Data Broker Websites (2026 Guide)

What Are Data Brokers? Data brokers are companies that collect, aggregate, and sell personal information,…

6 hours ago