René's URL Explorer Experiment


Title: GitHub - NullArray/WinKernel-Resources: A list of excellent resources for anyone to deepen their understanding with regards to Windows Kernel Exploitation and general low level security.

Open Graph Title: GitHub - NullArray/WinKernel-Resources: A list of excellent resources for anyone to deepen their understanding with regards to Windows Kernel Exploitation and general low level security.

X Title: GitHub - NullArray/WinKernel-Resources: A list of excellent resources for anyone to deepen their understanding with regards to Windows Kernel Exploitation and general low level security.

Description: A list of excellent resources for anyone to deepen their understanding with regards to Windows Kernel Exploitation and general low level security. - NullArray/WinKernel-Resources

Open Graph Description: A list of excellent resources for anyone to deepen their understanding with regards to Windows Kernel Exploitation and general low level security. - NullArray/WinKernel-Resources

X Description: A list of excellent resources for anyone to deepen their understanding with regards to Windows Kernel Exploitation and general low level security. - NullArray/WinKernel-Resources

Opengraph URL: https://github.com/NullArray/WinKernel-Resources

X: @github

direct link

Domain: patch-diff.githubusercontent.com

route-pattern/:user_id/:repository
route-controllerfiles
route-actiondisambiguate
fetch-noncev2:a274a2dc-7ff5-eb82-60de-6b6456b6f4ca
current-catalog-service-hashf3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb
request-idD2AE:16F17F:772486:A71DB0:6970B11E
html-safe-nonce53992d430cf2116491cbac64e54396db2fb57b1794ea31121448d6da4a8b88e5
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJEMkFFOjE2RjE3Rjo3NzI0ODY6QTcxREIwOjY5NzBCMTFFIiwidmlzaXRvcl9pZCI6IjQ1NzAxMDYzODU5NjkyMzAxMTAiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ==
visitor-hmac45aadddb12544b1861c26c25ee3754722daf196cb95cabeca944ff69e921edde
hovercard-subject-tagrepository:408658114
github-keyboard-shortcutsrepository,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location//
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/NullArray/WinKernel-Resources
twitter:imagehttps://opengraph.githubassets.com/9b5d39386d1cfe363117f13b2c7db283c24f131e45cde08c77579c10f17508e0/NullArray/WinKernel-Resources
twitter:cardsummary_large_image
og:imagehttps://opengraph.githubassets.com/9b5d39386d1cfe363117f13b2c7db283c24f131e45cde08c77579c10f17508e0/NullArray/WinKernel-Resources
og:image:altA list of excellent resources for anyone to deepen their understanding with regards to Windows Kernel Exploitation and general low level security. - NullArray/WinKernel-Resources
og:image:width1200
og:image:height600
og:site_nameGitHub
og:typeobject
hostnamegithub.com
expected-hostnamegithub.com
None8e0be80373b724b033cdf8a7b1f78bf5fb6a5d7a2182a9a403aa30894606e390
turbo-cache-controlno-preview
go-importgithub.com/NullArray/WinKernel-Resources git https://github.com/NullArray/WinKernel-Resources.git
octolytics-dimension-user_id13443322
octolytics-dimension-user_loginNullArray
octolytics-dimension-repository_id408658114
octolytics-dimension-repository_nwoNullArray/WinKernel-Resources
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forkfalse
octolytics-dimension-repository_network_root_id408658114
octolytics-dimension-repository_network_root_nwoNullArray/WinKernel-Resources
turbo-body-classeslogged-out env-production page-responsive
disable-turbofalse
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
releaseb8714db0002cf78dc2d2566571807e404d6cb817
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources#start-of-content
https://patch-diff.githubusercontent.com/
Sign in https://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2FNullArray%2FWinKernel-Resources
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub SparkBuild and deploy intelligent appshttps://github.com/features/spark
GitHub ModelsManage and compare promptshttps://github.com/features/models
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
GitHub SponsorsFund open source developershttps://github.com/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/accelerator
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2FNullArray%2FWinKernel-Resources
Sign up https://patch-diff.githubusercontent.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E&source=header-repo&source_repo=NullArray%2FWinKernel-Resources
Reloadhttps://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources
Reloadhttps://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources
Reloadhttps://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources
NullArray https://patch-diff.githubusercontent.com/NullArray
WinKernel-Resourceshttps://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources
Notifications https://patch-diff.githubusercontent.com/login?return_to=%2FNullArray%2FWinKernel-Resources
Fork 37 https://patch-diff.githubusercontent.com/login?return_to=%2FNullArray%2FWinKernel-Resources
Star 164 https://patch-diff.githubusercontent.com/login?return_to=%2FNullArray%2FWinKernel-Resources
BSD-2-Clause license https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/blob/main/LICENSE
164 stars https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/stargazers
37 forks https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/forks
Branches https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/branches
Tags https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/tags
Activity https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/activity
Star https://patch-diff.githubusercontent.com/login?return_to=%2FNullArray%2FWinKernel-Resources
Notifications https://patch-diff.githubusercontent.com/login?return_to=%2FNullArray%2FWinKernel-Resources
Code https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources
Issues 0 https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/issues
Pull requests 0 https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/pulls
Actions https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/actions
Projects 0 https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/projects
Security Uh oh! There was an error while loading. Please reload this page. https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/security
Please reload this pagehttps://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources
Insights https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/pulse
Code https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources
Issues https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/issues
Pull requests https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/pulls
Actions https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/actions
Projects https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/projects
Security https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/security
Insights https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/pulse
Brancheshttps://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/branches
Tagshttps://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/tags
https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/branches
https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/tags
27 Commitshttps://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/commits/main/
https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/commits/main/
Drivershttps://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/tree/main/Drivers
Drivershttps://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/tree/main/Drivers
LICENSEhttps://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/blob/main/LICENSE
LICENSEhttps://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/blob/main/LICENSE
README.mdhttps://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/blob/main/README.md
README.mdhttps://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/blob/main/README.md
READMEhttps://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources
BSD-2-Clause licensehttps://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources
https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources#winkernel-resources
https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources#important-info
React OS Win32khttps://reactos.org/wiki/Techwiki:Win32k
Geoff Chappell - Kernel-Mode Windowshttps://www.geoffchappell.com/studies/windows/km/index.htm
HEVD Vulnerable driverhttps://github.com/hacksysteam/HackSysExtremeVulnerableDriver
FLARE Kernel Shellcode Loaderhttps://github.com/fireeye/flare-kscldr
Vergilius - Undocumented kernel structureshttps://www.vergiliusproject.com/
Windows X86-64 System Call Tablehttps://j00ru.vexillium.org/syscalls/nt/64/
Vulnerable Driver Megathreadhttps://www.unknowncheats.me/forum/anti-cheat-bypass/334557-vulnerable-driver-megathread.html
https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources#must-watch
⭐ Kernel Mode Threats and Practical Defenseshttps://www.youtube.com/watch?v=BBJgKuXzfwc
⭐ Morten Schenk - Taking Windows 10 Kernel Exploitation to the next levelhttps://youtu.be/33Jr1wkaCmQ
⭐ The Life & Death of Kernel Object Abusehttps://youtu.be/_u7d9kLdi0c
⭐ Windows 10 Mitigation Improvementshttps://youtu.be/gCu2GQd0GSE
https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources#windows-rootkits
11 part playlist - Rootkits: What they are, and how to find themhttps://www.youtube.com/watch?v=ewNo_poX7bA&list=PLF58FB7BCB20ED11A
Hooking Nirvanahttps://www.youtube.com/watch?v=pHyWyH804xE
Alex Ionescu - Advancing the State of UEFI Bootkitshttps://www.youtube.com/watch?v=dpG97TBR3Ys
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)https://youtu.be/qVIxFfXpyNc
Numchecker: A System Approach for Kernel Rootkit Detectionhttps://www.youtube.com/watch?v=TgMsMwsfoQ0
DEF CON 26 - Ring 0 Ring 2 Rootkits Bypassing Defenseshttps://www.youtube.com/watch?v=7AEMxaZhdLU
Black Hat Windows 2001 - Kernel Mode Rootkitshttps://www.youtube.com/watch?v=99Znv6tgYS0
Black Hat Windows 2004 - DKOM (Direct Kernel Object Manipulation)https://www.youtube.com/watch?v=1Ie20b5IGgY
RTFM SigSegv1 - From corrupted memory dump to rootkit detectionhttps://www.youtube.com/watch?v=hlhM_q3ZHfQ
Dissecting Turla Rootkit Malware Using Dynamic Analysishttps://www.lastline.com/labsblog/dissecting-turla-rootkit-malware-using-dynamic-analysis/
A quick insight into the Driver Signature Enforcementhttps://j00ru.vexillium.org/2010/06/insight-into-the-driver-signature-enforcement/
WINDOWS DRIVER SIGNING BYPASS BY DERUSBhttp://www.sekoia.fr/blog/windows-driver-signing-bypass-by-derusbi/
A Basic Windows DKOM Rootkithttps://blog.landhb.dev/posts/v9eRa/a-basic-windows-dkom-rootkit-pt-1/
Manipulating ActiveProcessLinks to Hide Processes in Userlandhttps://ired.team/miscellaneous-reversing-forensics/windows-kernel/manipulating-activeprocesslinks-to-unlink-processes-in-userland
https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources#windows-kernel-mitigations
BlueHat v18 || Hardening hyper-v through offensive security researchhttps://www.youtube.com/watch?v=8RCH0vFxWT4
BYPASS CONTROL FLOW GUARD COMPREHENSIVELY - this is cfg not kCFGhttps://www.blackhat.com/docs/us-15/materials/us-15-Zhang-Bypass-Control-Flow-Guard-Comprehensively-wp.pdf
BlueHat v18 || Mitigation Bypass: The Past, Present, and Futurehttps://www.youtube.com/watch?v=WsoFmN3oDw8
Windows Offender Reverse Engineering Windows Defender's Antivirus Emulatorhttps://www.youtube.com/watch?v=LvW68czaEGs
Windows 10 Mitigation Improvements (really good talk)https://www.youtube.com/watch?v=gCu2GQd0GSE
Overview of Windows 10 Requirements for TPM, HVCI and SecureBoothttps://www.youtube.com/watch?v=v149T7p4XLA
Examining the Guardians of Windows 10 Security - Chuanda Dinghttps://www.youtube.com/watch?v=a0AB76YNMlQ
Analysis of the Attack Surface of Windows 10 Virtualization-Based Securityhttps://www.youtube.com/watch?v=_646Gmr_uo0
A Dive in to Hyper-V Architecture & Vulnerabilitieshttps://www.youtube.com/watch?v=2bK_rC81_Eo
the last kaslr leakhttps://www.youtube.com/watch?v=PTnuwchEci0
BlueHat v18 || A mitigation for kernel toctou vulnerabilitieshttps://www.youtube.com/watch?v=YGkhK55jitE
REcon 2013 - I got 99 problems but a kernel pointer ain't one https://www.youtube.com/watch?v=5HbmpPBKVFg
SMEP: What is it, and how to beat it on Windowshttps://j00ru.vexillium.org/2011/06/smep-what-is-it-and-how-to-beat-it-on-windows/
BlueHat IL 2020 - David Weston - Keeping Windows Securehttps://www.youtube.com/watch?v=NlfZG2wTPZU
Advancing Windows Security — David Westonhttps://www.youtube.com/watch?v=FJnGA4XRaq4
OffensiveCon18 - The Evolution of CFI Attacks and Defenseshttps://www.youtube.com/watch?v=oOqpl-2rMTw
Hardening Windows 10 with zero-day exploit mitigationshttps://www.microsoft.com/security/blog/2017/01/13/hardening-windows-10-with-zero-day-exploit-mitigations/
TAKING WINDOWS 10 KERNEL EXPLOITATION TO THE NEXT LEVELhttps://www.blackhat.com/docs/us-17/wednesday/us-17-Schenk-Taking-Windows-10-Kernel-Exploitation-To-The-Next-Level%E2%80%93Leveraging-Write-What-Where-Vulnerabilities-In-Creators-Update-wp.pdf
KASLR Bypass Mitigations in Windows 8.1https://www.crowdstrike.com/blog/kaslr-bypass-mitigations-windows-81/
Devlopment of a new Windows 10 KASLR bypass - in one winDBG commandhttps://www.offensive-security.com/vulndev/development-of-a-new-windows-10-kaslr-bypass-in-one-windbg-command/
Bypassing Intel SMEP on Windows 8 x64 Using Return-oriented Programminghttp://blog.ptsecurity.com/2012/09/bypassing-intel-smep-on-windows-8-x64.html
Return Oriented Programming Tutorialhttps://rstforums.com/forum/topic/106553-rop-for-smep-bypass/
Stack Buffer Overflow (SMEP Bypass)https://www.abatchy.com/2018/01/kernel-exploitation-4
Windows 10 x64 and Bypassing SMEPhttps://connormcgarr.github.io/x64-Kernel-Shellcode-Revisited-and-SMEP-Bypass/
SMEP: What is it, and how to beat it on Windowshttps://j00ru.vexillium.org/2011/06/smep-what-is-it-and-how-to-beat-it-on-windows/
Security Analysis of Processor Instruction Set Architecture for Enforcing Control-Flow Integrityhttps://dl.acm.org/doi/pdf/10.1145/3337167.3337175
A Technical Look at Intel’s Control-flow Enforcement Technologyhttps://software.intel.com/content/www/us/en/develop/articles/technical-look-control-flow-enforcement-technology.html
Control-flow Enforcement Technology Specificationhttps://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf
Intel CET Answers Call to Protect Against Common Malware Threatshttps://newsroom.intel.com/editorials/intel-cet-answers-call-protect-common-malware-threats/
R.I.P ROP: CET Internals in Windows 20H1https://windows-internals.com/cet-on-windows/
https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources#windows-kernel-shellcode
Loading Kernel Shellcodehttps://www.fireeye.com/blog/threat-research/2018/04/loading-kernel-shellcode.html
Windows Kernel Shellcodes - a compendiumhttps://www.matteomalvica.com/blog/2019/07/06/windows-kernel-shellcode/
Windows Kernel Shellcode on Windows 10 – Part 1https://improsec.com/tech-blog/windows-kernel-shellcode-on-windows-10-part-1
Windows Kernel Shellcode on Windows 10 – Part 2https://improsec.com/tech-blog/windows-kernel-shellcode-on-windows-10-part-2
Windows Kernel Shellcode on Windows 10 – Part 3https://improsec.com/tech-blog/windows-kernel-shellcode-on-windows-10-part-3
Panic! At The Kernel - Token Stealing Payloads Revisited on Windows 10 x64 and Bypassing SMEPhttps://connormcgarr.github.io/x64-Kernel-Shellcode-Revisited-and-SMEP-Bypass/
Token Abuse for Privilege Escalation in Kernelhttps://ired.team/miscellaneous-reversing-forensics/windows-kernel/how-kernel-exploits-abuse-tokens-for-privilege-escalation
Introduction to Shellcode Developmenthttps://owasp.org/www-pdf-archive/Introduction_to_shellcode_development.pdf
Introduction to Windows shellcode development – Part 1https://securitycafe.ro/2015/10/30/introduction-to-windows-shellcode-development-part1/
DoublePulsar Initial SMB Backdoor Ring 0 Shellcode Analysishttps://zerosum0x0.blogspot.com/2017/04/doublepulsar-initial-smb-backdoor-ring.html
Exploring Injected Threadshttps://ired.team/miscellaneous-reversing-forensics/get-injectedthread#injecting-shellcode
https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources#windows-kernel-exploitation
HITB2016AMS - Kernel Exploit Hunting And Mitigationhttps://www.youtube.com/watch?v=nvI6w8aW-4Q
Ilja van Sprundel: Windows drivers attack surfacehttps://www.youtube.com/watch?v=qk-OI8Z-1To
REcon 2015 - This Time Font hunt you down in 4 byteshttps://www.youtube.com/watch?v=uvy5BF1Nlio
Exploiting a Windows 10 PagedPool off-by-one overflow (WCTF 2018)https://j00ru.vexillium.org/2018/07/exploiting-a-windows-10-pagedpool-off-by-one/
Windows kernel exploitation techniques - Adrien Garin - LSE Week 2016https://www.youtube.com/watch?v=f8hTwFpRphU
Hackingz Ze Komputerz - Exploiting CAPCOM.SYS - Part 1https://www.youtube.com/watch?v=pJZjWXxUEl4
Hackingz Ze Komputerz - Exploiting CAPCOM.SYS - Part 2https://www.youtube.com/watch?v=UGWqq5kTiso
The 3 Way06 Practical Windows Kernel Exploitationhttps://www.youtube.com/watch?v=hUCmV7uT29I
Reverse Engineering and Bug Hunting on KMDF Drivershttps://www.youtube.com/watch?v=puNkbSTQtXY
Binary Exploit Mitigation and Bypass History - not just kernel https://vimeo.com/379935124
Morten Schenk - Taking Windows 10 Kernel Exploitation to the next levelhttps://www.youtube.com/watch?v=Gu_5kkErQ6Y
REcon 2015 - Reverse Engineering Windows AFD.syshttps://www.youtube.com/watch?v=2sPNUpfTJ5A
Windows Kernel Graphics Driver Attack Surfacehttps://www.youtube.com/watch?v=uzPTyXQ1Oys
Understanding TOCTTOU in the Windows Kernel Font Scaler Enginehttps://www.youtube.com/watch?v=61K3kqTRbzU
Black Hat USA 2013 - Smashing The Font Scaler Engine in Windows Kernelhttps://www.youtube.com/watch?v=efgoislKd8Q
Kernel Exploit Sample Hunting and Mining Contentshttps://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Kernel%20Exploit%20Hunting%20and%20Mitigation-WP.pdf
The entire GreyHatHacker site has great writeupshttps://www.greyhathacker.net/
BlueKeep: A Journey from DoS to RCE (CVE-2019-0708)https://www.malwaretech.com/2019/09/bluekeep-a-journey-from-dos-to-rce-cve-2019-0708.html
Exploiting SMBGhost (CVE-2020-0796) for a Local Privilege Escalationhttps://blog.zecops.com/vulnerabilities/exploiting-smbghost-cve-2020-0796-for-a-local-privilege-escalation-writeup-and-poc/
Windows Drivers are True’ly Trickyhttps://googleprojectzero.blogspot.com/2015/10/windows-drivers-are-truely-tricky.html
Taking apart a double zero-day sample discovered in joint hunt with ESEThttps://www.microsoft.com/security/blog/2018/07/02/taking-apart-a-double-zero-day-sample-discovered-in-joint-hunt-with-eset/
Sharks in the Pool :: Mixed Object Exploitation in the Windows Kernel Poolhttps://srcincite.io/blog/2017/09/06/sharks-in-the-pool-mixed-object-exploitation-in-the-windows-kernel-pool.html
Kernel Pool Overflow Exploitation in Real World: Windows 10https://www.gatewatcher.com/en/news/blog/kernel-pool-overflow-exploitation-in-real-world-windows-10
Kernel Pool Overflow Exploitation in Real World - Windows 7https://www.gatewatcher.com/en/news/blog/kernel-pool-overflow-exploitation-in-real-world-windows-7
Kernel Pool Exploitation on Windows 7https://www.exploit-db.com/docs/english/16032-kernel-pool-exploitation-on-windows-7.pdf
Easy local Windows Kernel exploitationhttps://media.blackhat.com/bh-us-12/Briefings/Cerrudo/BH_US_12_Cerrudo_Windows_Kernel_WP.pdf
Exploiting CVE-2014-4113https://labs.f-secure.com/assets/BlogFiles/mwri-lab-exploiting-cve-2014-4113.pdf
Pwn2Own 2014 - AFD.sys Dangling Pointer Vulnerabilityhttps://www.siberas.de/papers/Pwn2Own_2014_AFD.sys_privilege_escalation.pdf
Symantec Endpoint protection 0dayhttps://www.offensive-security.com/vulndev/symantec-endpoint-protection-0day/
Analysing the NULL SecurityDescriptor kernel exploitation mitigation in the latest Windows 10 v1607 Build 14393https://labs.nettitude.com/blog/analysing-the-null-securitydescriptor-kernel-exploitation-mitigation-in-the-latest-windows-10-v1607-build-14393/
nt!_SEP_TOKEN_PRIVILEGES - Single Write EoP Protecthttps://www.exploit-db.com/docs/english/41924-nt!_sep_token_privileges---single-write-eop-protect.pdf
Token Abuse for Privilege Escalation in Kernelhttps://ired.team/miscellaneous-reversing-forensics/windows-kernel/how-kernel-exploits-abuse-tokens-for-privilege-escalation
https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources#windows-kernel-gdi-exploitation
Abusing GDI for ring0 exploit primitives Evolutionhttps://www.youtube.com/watch?v=ruuVkTuNUSc
Demystifying Windows Kernel Exploitation by Abusing GDI Objectshttps://www.youtube.com/watch?v=2chDv_wTymc
CommSec D1 - The Life & Death of Kernel Object Abusehttps://www.youtube.com/watch?v=_u7d9kLdi0c
Kernel Object Abuse by Type Isolationhttps://www.youtube.com/watch?v=kOV-Y9HcJWM
Turning CVE-2017-14961 into full arbitrary read / write with PALETTE objectshttps://web.archive.org/web/20191220090640/http://theevilbit.blogspot.com/2017/11/turning-cve-2017-14961-ikarus-antivirus.html
Zero-day exploit (CVE-2018-8453) used in targeted attackshttps://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/
The zero-day exploits of Operation WizardOpiumhttps://securelist.com/the-zero-day-exploits-of-operation-wizardopium/97086/
Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpiumhttps://securelist.com/windows-0-day-exploit-cve-2019-1458-used-in-operation-wizardopium/95432/
Abusing GDI Objects for ring0 Primitives Revolutionhttps://sensepost.com/blog/2017/abusing-gdi-objects-for-ring0-primitives-revolution/
https://www.coresecurity.com/core-labs/articles/abusing-gdi-for-ring0-exploit-primitiveshttps://www.coresecurity.com/core-labs/articles/abusing-gdi-for-ring0-exploit-primitives
A Tale Of Bitmaps: Leaking GDI Objects Post Windows 10 Anniversary Editionhttps://labs.f-secure.com/archive/a-tale-of-bitmaps/
CSW2017 Peng qiu shefang zhong win32k dark_compositionhttps://www.slideshare.net/CanSecWest/csw2017-peng-qiushefangzhong-win32k-darkcompositionfinnalfinnalrmmark
Kernel Exploitation -> GDI Bitmap Abuse (Win7-10 32/64bit)https://www.fuzzysecurity.com/tutorials/expDev/21.html
https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources#windows-kernel-win32ksys-research
BlackHat 2011 - Kernel Attacks Through User-Mode Callbackshttps://www.youtube.com/watch?v=EkGDSqpfzgg
CVE-2020-1054 Analysishttps://0xeb-bp.github.io/blog/2020/06/15/cve-2020-1054-analysis.html
TFW you-get-really-excited-you-patch-diffed-a-0day-used-in-the-wild-but-then-find-out-it-is-the-wrong-vulnhttps://googleprojectzero.blogspot.com/2020/04/tfw-you-get-really-excited-you-patch.html
One Bit To Rule A System: Analyzing CVE-2016-7255 Exploit In The Wildhttps://blog.trendmicro.com/trendlabs-security-intelligence/one-bit-rule-system-analyzing-cve-2016-7255-exploit-wild/
Reverse Engineering the Win32k Type Isolation Mitigationhttps://blog.quarkslab.com/reverse-engineering-the-win32k-type-isolation-mitigation.html
A new exploit for zero-day vulnerability CVE-2018-8589https://securelist.com/a-new-exploit-for-zero-day-vulnerability-cve-2018-8589/88845/
Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005https://www.microsoft.com/security/blog/2017/03/27/detecting-and-mitigating-elevation-of-privilege-exploit-for-cve-2017-0005/
Exploring CVE-2015-1701 — A Win32k Elevation of Privilege Vulnerability Used in Targeted Attacks https://blog.trendmicro.com/trendlabs-security-intelligence/exploring-cve-2015-1701-a-win32k-elevation-of-privilege-vulnerability-used-in-targeted-attacks/
Exploiting the win32k!xxxEnableWndSBArrows use-after-freehttps://www.nccgroup.trust/globalassets/our-research/uk/blog-post/2015-07-07_-_exploiting_cve_2015_0057.pdf
New zero-day vulnerability CVE-2019-0859 in win32k.syshttps://securelist.com/new-win32k-zero-day-cve-2019-0859/90435/
Windows zero‑day CVE‑2019‑1132 exploited in targeted attackshttps://www.welivesecurity.com/2019/07/10/windows-zero-day-cve-2019-1132-exploit/
Windows Kernel Local Denial-of-Service #1: win32k!NtUserThunkedMenuItemInfohttps://j00ru.vexillium.org/2017/02/windows-kernel-local-denial-of-service-1/
Windows Kernel Local Denial-of-Service #2: win32k!NtDCompositionBeginFramehttps://j00ru.vexillium.org/2017/02/windows-kernel-local-denial-of-service-2/
Windows Kernel Local Denial-of-Service #4: nt!NtAccessCheck and familyhttps://j00ru.vexillium.org/2017/04/windows-kernel-local-denial-of-service-4/
Windows Kernel Local Denial-of-Service #5: win32k!NtGdiGetDIBitsInternalhttps://j00ru.vexillium.org/2017/04/windows-kernel-local-denial-of-service-5/
Windows win32k.sys menus and some “close, but no cigar” bugshttps://j00ru.vexillium.org/2013/09/windows-win32k-sys-menus-and-some-close-but-no-cigar-bugs/
Windows Kernel Internals - Win32K.syshttp://pasotech.altervista.org/windows_internals/Win32KSYS.pdf
https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources#windows-kernel-logic-bugs
Get Off the Kernel if You Can't Drive - DEF CON 27 Conferencehttps://www.youtube.com/watch?v=tzWq5iUiKKg
A vulnerable driver: lesson almost learnedhttps://securelist.com/elevation-of-privileges-in-namco-driver/83707/
CVE-2020-12138 - Privilege Escalation in ATI Technologies Inc. Driver atillk64.syshttps://h0mbre.github.io/atillk64_exploit/
CVE-2019-18845 - Viper RGB Driver Local Privilege Escalationhttps://www.activecyber.us/activelabs/viper-rgb-driver-local-privilege-escalation-cve-2019-18845
CVE-2020-8808 - CORSAIR iCUE Driver Local Privilege Escalationhttps://www.activecyber.us/activelabs/corsair-icue-driver-local-privilege-escalation-cve-2020-8808
Logic bugs in Razer rzpnk.syshttps://www.fuzzysecurity.com/tutorials/expDev/23.html
Dell SupportAssist Driver - Local Privilege Escalationhttp://dronesec.pw/blog/2018/05/17/dell-supportassist-local-privilege-escalation/
MSI ntiolib.sys/winio.sys local privilege escalationhttp://blog.rewolf.pl/blog/?p=1630
CVE-2019-8372 - Local Privilege Elevation in LG Kernel Driverhttp://www.jackson-t.ca/lg-driver-lpe.html
Reading Physical Memory using Carbon Black's Endpoint driverhttps://billdemirkapi.me/Reading-Physical-Memory-using-Carbon-Black/
ASUS UEFI Update Driver Physical Memory Read/Writehttps://codeinsecurity.wordpress.com/2016/06/12/asus-uefi-update-driver-physical-memory-readwrite/
Privilege escalation vulnerabilities found in over 40 Windows Drivershttps://mspoweruser.com/privilege-escalation-vulnerabilities-found-in-over-40-windows-drivers/
Blackat - KERNEL MODE THREATS AND PRACTICAL DEFENSEShttps://i.blackhat.com/us-18/Thu-August-9/us-18-Desimone-Kernel-Mode-Threats-and-Practical-Defenses.pdf
Weaponizing vulnerable driver for privilege escalation— Gigabyte Edition!https://medium.com/@fsx30/weaponizing-vulnerable-driver-for-privilege-escalation-gigabyte-edition-e73ee523598b
https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources#windows-kernel-driver-development
Windows Kernel Programming - 14 part playlisthttps://youtu.be/XUlbYRFFYf0
Windows Driver Development - 19 part playlisthttps://youtu.be/T5VtaP-wtkk
Developing Kernel Drivers with Modern C++ - Pavel Yosifovichhttps://www.youtube.com/watch?v=AsSMKL5vaXw
Winsock Kernel Overview Topicshttps://docs.microsoft.com/en-us/windows-hardware/drivers/network/introduction-to-winsock-kernel
Driver Development Part 1: Introduction to Drivershttps://www.codeproject.com/Articles/9504/Driver-Development-Part-1-Introduction-to-Drivers
Driver Development Part 2: Introduction to Implementing IOCTLshttps://www.codeproject.com/Articles/9575/Driver-Development-Part-2-Introduction-to-Implemen
Driver Development Part 3: Introduction to driver contextshttps://www.codeproject.com/Articles/9636/Driver-Development-Part-3-Introduction-to-driver-c
Driver Development Part 4: Introduction to device stackshttps://www.codeproject.com/Articles/9766/Driver-Development-Part-4-Introduction-to-device-s
Creating IOCTL Requests in Drivershttps://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/creating-ioctl-requests-in-drivers
Windows Drivers Part 2: IOCTLshttps://cylus.org/windows-drivers-part-2-ioctls-c678526f90ae
Sending Commands From Your Userland Program to Your Kernel Driver using IOCTLhttps://ired.team/miscellaneous-reversing-forensics/windows-kernel/sending-commands-from-userland-to-your-kernel-driver-using-ioctl
https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources#windows-internals
Pluralsight - Windows Internals 1https://www.pluralsight.com/courses/windows-internals
Pluralsight - Windows Internals 2https://www.pluralsight.com/courses/windows-internals2
Pluralsight - Windows Internals 3https://www.pluralsight.com/courses/windows-internals-3
Pluralsight - Windows 10 Internals: Systems and Processeshttps://www.pluralsight.com/courses/windows-10-internals-threads-memory-security
Pluralsight - Windows 10 Internals - Threads, Memory and Securityhttps://www.pluralsight.com/courses/windows-10-internals-system-processes
Alex Ionescu Insection: AWEsomely Exploiting Shared Memory Objectshttps://vimeo.com/133292423
Windows Internalshttps://www.youtube.com/watch?v=vz15OqiYYXo
Windows 10 Segment Heap Internalshttps://www.youtube.com/watch?v=hetZx78SQ_A
Windows Kernel Vulnerability Research and Exploitation - Gilad Bakashttps://www.youtube.com/watch?v=aRZ5Wi-NWXs
NIC 5th Anniversary - Windows 10 internalshttps://youtu.be/ffYiIUOUAUs
Black Hat USA 2012 - Windows 8 Heap Intervalshttps://www.youtube.com/watch?v=XxlzK0CLFN0
Whitepaper - WINDOWS 10 SEGMENT HEAP INTERNALShttps://www.blackhat.com/docs/us-16/materials/us-16-Yason-Windows-10-Segment-Heap-Internals-wp.pdf
The Quest for the SSDTshttps://www.codeproject.com/Articles/1191465/The-Quest-for-the-SSDTs
System Service Descriptor Table - SSDThttps://ired.team/miscellaneous-reversing-forensics/windows-kernel/glimpse-into-ssdt-in-windows-x64-kernel
Interrupt Descriptor Table - IDThttps://ired.team/miscellaneous-reversing-forensics/windows-kernel/interrupt-descriptor-table-idt
Exploring Process Environment Blockhttps://ired.team/miscellaneous-reversing-forensics/exploring-process-environment-block
Windows Pool Managerhttps://www.osr.com/nt-insider/2014-issue1/windows-pool-manager/
Parsing PE File Headers with C++https://ired.team/miscellaneous-reversing-forensics/pe-file-header-parser-in-c++
Digging Into Handles, Callbacks & ObjectTypeshttps://rayanfam.com/topics/reversing-windows-internals-part1/
https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources#advanced-windows-debugging
Hacking Livestream #28: Windows Kernel Debugging Part Ihttps://www.youtube.com/watch?v=s5gOW-N9AAo
Hacking Livestream #29: Windows Kernel Debugging Part IIhttps://www.youtube.com/watch?v=4Xo_FAx6P0A
Hacking Livestream #30: Windows Kernel Debugging Part IIIhttps://www.youtube.com/watch?v=7zTtVYjjquA
WinDbg Basics for Malware Analysishttps://www.youtube.com/watch?v=QuFJpH3My7A
Windows Debugging and Troubleshootinghttps://www.youtube.com/watch?v=2rGS5fYGtJ4
CNIT 126 10: Kernel Debugging with WinDbghttps://www.youtube.com/watch?v=8sVZsxoCpSc
Windows Kernel Debugging Part Ihttps://www.youtube.com/watch?v=s5gOW-N9AAo
Microsoft Patch Analysis for Exploitationhttps://www.youtube.com/watch?v=xMMQnok44IY
Windows Kernel Debugging Fundamentalshttps://app.pluralsight.com/library/courses/windows-debugging-fundamentals
Debug Tutorial Part 1: Beginning Debugging Using CDB and NTSDhttps://www.codeproject.com/Articles/6469/Debug-Tutorial-Part-1-Beginning-Debugging-Using-CD
Debug Tutorial Part 2: The Stackhttps://www.codeproject.com/Articles/6470/Debug-Tutorial-Part-2-The-Stack
Debug Tutorial Part 3: The Heaphttps://www.codeproject.com/Articles/6489/Debug-Tutorial-Part-3-The-Heap
Debug Tutorial Part 4: Writing WINDBG Extensionshttps://www.codeproject.com/Articles/6522/Debug-Tutorial-Part-4-Writing-WINDBG-Extensions
Debug Tutorial Part 5: Handle Leakshttps://www.codeproject.com/Articles/6988/Debug-Tutorial-Part-5-Handle-Leaks
Debug Tutorial Part 6: Navigating The Kernel Debuggehttps://www.codeproject.com/Articles/7913/Debug-Tutorial-Part-6-Navigating-The-Kernel-Debugg
Debug Tutorial Part 7: Locks and Synchronization Objectshttps://www.codeproject.com/Articles/7919/Debug-Tutorial-Part-7-Locks-and-Synchronization-Ob
Getting Started with WinDbg - kernelmodehttps://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/getting-started-with-windbg--kernel-mode-
Windows Debuggers: Part 1: A WinDbg Tutorialhttps://www.codeproject.com/Articles/6084/Windows-Debuggers-Part-1-A-WinDbg-Tutorial#_Toc64133674
https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources#0days---apt-advanced-malware-research
W32.Duqu: The Precursor to the Next Stuxnethttps://www.youtube.com/watch?v=SbkXffokmPE
Kernel Mode Threats and Practical Defenseshttps://www.youtube.com/watch?v=BBJgKuXzfwc
Selling 0-Days to Governments and Offensive Security Companieshttps://www.youtube.com/watch?v=ZDHHGZlEfsQ
https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources#rootkits
Spectrehttps://github.com/D4stiny/spectre
Windows Hijackhttps://github.com/thesecretclub/window_hijack
SCShellhttps://github.com/Mr-Un1k0d3r/SCShell
Phys-MEM R/whttps://github.com/zouxianyu/PhysicalMemoryRW
KernelHiddenExecutehttps://github.com/zouxianyu/KernelHiddenExecute
Gina_Publichttps://github.com/isoadam/gina_public
driverless-basic-driverhttps://github.com/GayPig/driverless-basic-driver
SMB Doorhttps://github.com/zerosum0x0/smbdoor
BypassDriverDetectionhttps://github.com/KIDofot/BypassDriverDetection_And_Kill360Process
UTK Modulehttps://github.com/longmode/UTKModule
cheat-driverhttps://github.com/nkga/cheat-driver
HWIDFakerhttps://github.com/lantaoxu/HWIDFaker
puppetstringshttps://github.com/zerosum0x0/puppetstrings
XHunterhttps://github.com/Psychotropos/xhunter1_privesc
ETR-Zerohttps://github.com/HoShiMin/EnjoyTheRing0
WinDriver x32https://github.com/hackedteam/driver-win32
WinDriver x64https://github.com/hackedteam/driver-win64
CSurage's Rootkithttps://github.com/csurage/Rootkit
Greenkit Rootkithttps://github.com/Nervous/GreenKit-Rootkit
R77-Rootkithttps://github.com/bytecode-77/r77-rootkit
WinReg-Rootkithttps://github.com/Cr4sh/WindowsRegistryRootkit
Multiple Windows Rootkitshttps://github.com/Alifcccccc/Windows-Rootkits
DRV-Hidehttps://github.com/Cr4sh/DrvHide-PoC
FakeMBRhttps://github.com/MalwareTech/FakeMBR
PTBBypasshttps://github.com/Cr4sh/PTBypass-PoC
KungFu-Malwarehttps://github.com/psaneme/Kung-Fu-Malware
Trojan - Cockrroachhttps://github.com/MinhasKamal/TrojanCockroach
https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources#bootkits
umaphttps://github.com/btbd/umap
rk2017https://github.com/DeviceObject/rk2017
ChangeDiskSectorhttps://github.com/DeviceObject/ChangeDiskSector
Uefi_HelloWorldhttps://github.com/DeviceObject/Uefi_HelloWorld
ShitDrvhttps://github.com/DeviceObject/ShitDrv
DarkCloudhttps://github.com/DeviceObject/DarkCloud
Rovnixhttps://github.com/nyx0/Rovnix
TinyXPBhttps://github.com/MalwareTech/TinyXPB
Win64-Rovnix-VBR-Bootkithttps://github.com/m0n0ph1/Win64-Rovnix-VBR-Bootkit
Gozi-MBRhttps://github.com/NextSecurity/Gozi-MBR-rootkit
vector-edkhttps://github.com/NextSecurity/vector-edk
bootyhttps://github.com/ahixon/booty
AcidBox: Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizationshttps://unit42.paloaltonetworks.com/acidbox-rare-malware/
The zero-day exploits of Operation WizardOpiumhttps://securelist.com/the-zero-day-exploits-of-operation-wizardopium/97086/
Zero-day exploit (CVE-2018-8453) used in targeted attackshttps://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/
EternalBlue – Everything There Is To Knowhttps://research.checkpoint.com/2017/eternalblue-everything-know/
Digging Into a Windows Kernel Privilege Escalation Vulnerability: CVE-2016-7255https://www.mcafee.com/blogs/other-blogs/mcafee-labs/digging-windows-kernel-privilege-escalation-vulnerability-cve-2016-7255/
https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources#video-game-cheating-kernel-mode-stuff-sometimes
Unveiling the Underground World of Anti-Cheatshttps://www.youtube.com/watch?v=yJHyHU5UjTg
drvmap - driver manual mapper using capcomhttps://www.unknowncheats.me/forum/anti-cheat-bypass/252685-drvmap-driver-manual-mapper-using-capcom.html
All methods of retrieving unique identifiers(HWIDs) on your PChttps://www.unknowncheats.me/forum/anti-cheat-bypass/333662-methods-retrieving-unique-identifiers-hwids-pc.html
Driver aka Kernel Mode cheatinghttps://www.unknowncheats.me/forum/anti-cheat-bypass/271733-driver-aka-kernel-mode.html
https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources#hyper-v-and-vm--sandbox-escape
Vulnerability Exploitation In Docker Container Environmentshttps://www.youtube.com/watch?v=77-jaeUKH7c
Modern Exploitation of the SVGA Device for Guest-to-Host Escapeshttps://www.youtube.com/watch?v=Y-G2WJ2cBKE
REcon 2014 - Breaking Out of VirtualBox through 3D Accelerationhttps://www.youtube.com/watch?v=i29bAx6W1uI
36C3 - The Great Escape of ESXihttps://www.youtube.com/watch?v=XHDwsvywX50
BlueHat v18 || Straight outta VMwarehttps://www.youtube.com/watch?v=o36N5wi_ZFs
Hardening hyper-v through offensive security researchhttps://www.youtube.com/watch?v=8RCH0vFxWT4
A Driver in to Hyper v Architecture&Vulnerabilitieshttps://www.youtube.com/watch?v=p28eTnKo8sw
The HyperV Architecture and its Memory Managerhttps://recon.cx/media-archive/2017/mtl/recon2017-mtl-10-andrea-allievi-The-HyperV-Architecture-and-its-Memory-Manager.mp4
Ring 0 to Ring -1 Exploitation with Hyper-V IPChttps://www.youtube.com/watch?v=_NaRZvrs8xY
Exploiting the Hyper-V IDE Emulator to Escape the Virtual Machinehttps://www.youtube.com/watch?v=50xxJEODO3M
A Dive in to Hyper-V Architecture & Vulnerabilitieshttps://www.youtube.com/watch?v=2bK_rC81_Eo
Hyper-V memory internals. EXO partition memory accesshttps://hvinternals.blogspot.com/2020/06/hyper-v-memory-internals-exo-partition.html
Ventures into Hyper-V - Fuzzing hypercallshttps://labs.f-secure.com/blog/ventures-into-hyper-v-part-1-fuzzing-hypercalls
Fuzzing para-virtualized devices in Hyper-Vhttps://msrc-blog.microsoft.com/2019/01/28/fuzzing-para-virtualized-devices-in-hyper-v/
First Steps in Hyper-V Researchhttps://msrc-blog.microsoft.com/2018/12/10/first-steps-in-hyper-v-research/
Windows Sandbox Attack Surface Analysishttps://googleprojectzero.blogspot.com/2015/11/windows-sandbox-attack-surface-analysis.html
https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources#fuzzing
HITBGSEC 2016 - Fuzzing The Windows Kernelhttps://www.youtube.com/watch?v=X3YlDHTL5mA
Windows Kernel Vulnerability Research and Exploitationhttps://www.youtube.com/watch?v=aRZ5Wi-NWXs
Bugs on the Windshield: Fuzzing the Windows Kernelhttps://www.youtube.com/watch?v=-BkjkimINC8
Windows Kernel Fuzzing for Intermediate Learners https://www.youtube.com/watch?v=wnNyPcerjJo
Windows Kernel Fuzzing For Beginners - Ben Nagyhttps://www.youtube.com/watch?v=FY-33TUKlqY
Disobey 2018 - Building Windows Kernel fuzzer https://www.youtube.com/watch?v=mpXQvto4Vy4
For The Win: The Art Of The Windows Kernel Fuzzing https://www.youtube.com/watch?v=9FPuKfwucsw
RECON 2019 - Vectorized Emulation Putting it all togetherhttps://www.youtube.com/watch?v=x4LPhwbTs9E
A year of Windows kernel font fuzzing #1: the resultshttps://googleprojectzero.blogspot.com/2016/06/a-year-of-windows-kernel-font-fuzzing-1_27.html
A year of Windows kernel font fuzzing #2: the techniqueshttps://googleprojectzero.blogspot.com/2016/07/a-year-of-windows-kernel-font-fuzzing-2.html
https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources#windows-browser-exploitation
Digging for IE11 Sandbox Escapes Part 1https://www.youtube.com/watch?v=q9dnYno_Moc
https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources#interesting-books
https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources#related-certifications-and-courses
Readme https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources#readme-ov-file
BSD-2-Clause license https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources#BSD-2-Clause-1-ov-file
Please reload this pagehttps://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources
Activityhttps://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/activity
164 starshttps://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/stargazers
9 watchinghttps://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/watchers
37 forkshttps://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/forks
Report repository https://patch-diff.githubusercontent.com/contact/report-content?content_url=https%3A%2F%2Fgithub.com%2FNullArray%2FWinKernel-Resources&report=NullArray+%28user%29
Releaseshttps://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/releases
Packages 0https://patch-diff.githubusercontent.com/users/NullArray/packages?repo_name=WinKernel-Resources
Please reload this pagehttps://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources
C++ 36.8% https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/search?l=c%2B%2B
HTML 31.0% https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/search?l=html
C 23.9% https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/search?l=c
ASL 8.3% https://patch-diff.githubusercontent.com/NullArray/WinKernel-Resources/search?l=asl
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width

URLs of crawlers that visited me.