├── Driver └── vulnerable_driver │ ├── .gitignore │ ├── .vs │ └── vulnerable_driver │ │ └── v16 │ │ ├── .suo │ │ ├── Browse.VC.db │ │ └── ipch │ │ └── AutoPCH │ │ ├── b36961c10380699b │ │ └── DRIVER.ipch │ │ ├── df9966980ea7c2f8 │ │ └── DRIVER.ipch │ │ └── f1ca10c14a00ca1b │ │ └── DRIVER.ipch │ ├── Driver.cpp │ ├── Driver.h │ ├── Ioctl.h │ ├── vulnerable_driver.cer │ ├── vulnerable_driver.inf │ ├── vulnerable_driver.sln │ ├── vulnerable_driver.vcxproj │ ├── vulnerable_driver.vcxproj.filters │ └── vulnerable_driver.vcxproj.user ├── GenericExploit ├── Makefile ├── includes │ ├── Ioctl.h │ ├── debug.h │ ├── exploit.h │ ├── logs.h │ ├── nonpagedpool_utils.h │ ├── pagedpool_utils.h │ ├── pipe_utils.h │ ├── utils.h │ ├── vuln.h │ └── vuln_driver_client.h └── src │ ├── debug.c │ ├── nonpagedpool_utils.c │ ├── pagedpool_utils.c │ ├── pipe_utils.c │ ├── poc_exploit.c │ ├── utils.c │ ├── vuln.c │ └── vuln_driver_client.c ├── README.md ├── Scoop_The_Windows_10_pool.pdf └── slides.pdf /Driver/vulnerable_driver/.gitignore: -------------------------------------------------------------------------------- 1 | x64 2 | -------------------------------------------------------------------------------- /Driver/vulnerable_driver/.vs/vulnerable_driver/v16/.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/Driver/vulnerable_driver/.vs/vulnerable_driver/v16/.suo -------------------------------------------------------------------------------- /Driver/vulnerable_driver/.vs/vulnerable_driver/v16/Browse.VC.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/Driver/vulnerable_driver/.vs/vulnerable_driver/v16/Browse.VC.db -------------------------------------------------------------------------------- /Driver/vulnerable_driver/.vs/vulnerable_driver/v16/ipch/AutoPCH/b36961c10380699b/DRIVER.ipch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/Driver/vulnerable_driver/.vs/vulnerable_driver/v16/ipch/AutoPCH/b36961c10380699b/DRIVER.ipch -------------------------------------------------------------------------------- /Driver/vulnerable_driver/.vs/vulnerable_driver/v16/ipch/AutoPCH/df9966980ea7c2f8/DRIVER.ipch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/Driver/vulnerable_driver/.vs/vulnerable_driver/v16/ipch/AutoPCH/df9966980ea7c2f8/DRIVER.ipch -------------------------------------------------------------------------------- /Driver/vulnerable_driver/.vs/vulnerable_driver/v16/ipch/AutoPCH/f1ca10c14a00ca1b/DRIVER.ipch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/Driver/vulnerable_driver/.vs/vulnerable_driver/v16/ipch/AutoPCH/f1ca10c14a00ca1b/DRIVER.ipch -------------------------------------------------------------------------------- /Driver/vulnerable_driver/Driver.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/Driver/vulnerable_driver/Driver.cpp -------------------------------------------------------------------------------- /Driver/vulnerable_driver/Driver.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/Driver/vulnerable_driver/Driver.h -------------------------------------------------------------------------------- /Driver/vulnerable_driver/Ioctl.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/Driver/vulnerable_driver/Ioctl.h -------------------------------------------------------------------------------- /Driver/vulnerable_driver/vulnerable_driver.cer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/Driver/vulnerable_driver/vulnerable_driver.cer -------------------------------------------------------------------------------- /Driver/vulnerable_driver/vulnerable_driver.inf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/Driver/vulnerable_driver/vulnerable_driver.inf -------------------------------------------------------------------------------- /Driver/vulnerable_driver/vulnerable_driver.sln: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/Driver/vulnerable_driver/vulnerable_driver.sln -------------------------------------------------------------------------------- /Driver/vulnerable_driver/vulnerable_driver.vcxproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/Driver/vulnerable_driver/vulnerable_driver.vcxproj -------------------------------------------------------------------------------- /Driver/vulnerable_driver/vulnerable_driver.vcxproj.filters: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/Driver/vulnerable_driver/vulnerable_driver.vcxproj.filters -------------------------------------------------------------------------------- /Driver/vulnerable_driver/vulnerable_driver.vcxproj.user: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/Driver/vulnerable_driver/vulnerable_driver.vcxproj.user -------------------------------------------------------------------------------- /GenericExploit/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/GenericExploit/Makefile -------------------------------------------------------------------------------- /GenericExploit/includes/Ioctl.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/GenericExploit/includes/Ioctl.h -------------------------------------------------------------------------------- /GenericExploit/includes/debug.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/GenericExploit/includes/debug.h -------------------------------------------------------------------------------- /GenericExploit/includes/exploit.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/GenericExploit/includes/exploit.h -------------------------------------------------------------------------------- /GenericExploit/includes/logs.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/GenericExploit/includes/logs.h -------------------------------------------------------------------------------- /GenericExploit/includes/nonpagedpool_utils.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/GenericExploit/includes/nonpagedpool_utils.h -------------------------------------------------------------------------------- /GenericExploit/includes/pagedpool_utils.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/GenericExploit/includes/pagedpool_utils.h -------------------------------------------------------------------------------- /GenericExploit/includes/pipe_utils.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/GenericExploit/includes/pipe_utils.h -------------------------------------------------------------------------------- /GenericExploit/includes/utils.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/GenericExploit/includes/utils.h -------------------------------------------------------------------------------- /GenericExploit/includes/vuln.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/GenericExploit/includes/vuln.h -------------------------------------------------------------------------------- /GenericExploit/includes/vuln_driver_client.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/GenericExploit/includes/vuln_driver_client.h -------------------------------------------------------------------------------- /GenericExploit/src/debug.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/GenericExploit/src/debug.c -------------------------------------------------------------------------------- /GenericExploit/src/nonpagedpool_utils.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/GenericExploit/src/nonpagedpool_utils.c -------------------------------------------------------------------------------- /GenericExploit/src/pagedpool_utils.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/GenericExploit/src/pagedpool_utils.c -------------------------------------------------------------------------------- /GenericExploit/src/pipe_utils.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/GenericExploit/src/pipe_utils.c -------------------------------------------------------------------------------- /GenericExploit/src/poc_exploit.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/GenericExploit/src/poc_exploit.c -------------------------------------------------------------------------------- /GenericExploit/src/utils.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/GenericExploit/src/utils.c -------------------------------------------------------------------------------- /GenericExploit/src/vuln.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/GenericExploit/src/vuln.c -------------------------------------------------------------------------------- /GenericExploit/src/vuln_driver_client.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/GenericExploit/src/vuln_driver_client.c -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/README.md -------------------------------------------------------------------------------- /Scoop_The_Windows_10_pool.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/Scoop_The_Windows_10_pool.pdf -------------------------------------------------------------------------------- /slides.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion/HEAD/slides.pdf --------------------------------------------------------------------------------