WindowsExploitationResources
Resources for Windows exploit development
Install / Use
/learn @FULLSHADE/WindowsExploitationResourcesREADME
Advanced Windows exploit development resources
Some resources, links, books, and papers related to mostly Windows Internals and anything Windows kernel related. Mostly talks and videos that I enjoyed watching.
⚠️ These are all resources that I have personally used and gone through
Really important resources
- terminus project
- React OS Win32k
- Geoff Chappell - Kernel-Mode Windows
- HEVD Vulnerable driver
- FLARE Kernel Shellcode Loader
- Vergilius - Undocumented kernel structures
- Windows X86-64 System Call Table
- Vulnerable Driver Megathread
Must watch / read (if you could chose a few) - all time favorites
- ⭐ Kernel Mode Threats and Practical Defenses
- ⭐ Morten Schenk - Taking Windows 10 Kernel Exploitation to the next level
- ⭐ The Life & Death of Kernel Object Abuse
- ⭐ Windows 10 Mitigation Improvements
Windows Rootkits
Talks / video recordings
- 11 part playlist - Rootkits: What they are, and how to find them
- Hooking Nirvana
- Alex Ionescu - Advancing the State of UEFI Bootkits
- BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
- Numchecker: A System Approach for Kernel Rootkit Detection
- DEF CON 26 - Ring 0 Ring 2 Rootkits Bypassing Defenses
- Black Hat Windows 2001 - Kernel Mode Rootkits
- Black Hat Windows 2004 - DKOM (Direct Kernel Object Manipulation)
- RTFM SigSegv1 - From corrupted memory dump to rootkit detection
Articles / papers
- Dissecting Turla Rootkit Malware Using Dynamic Analysis
- A quick insight into the Driver Signature Enforcement
- WINDOWS DRIVER SIGNING BYPASS BY DERUSB
- A Basic Windows DKOM Rootkit
- Manipulating ActiveProcessLinks to Hide Processes in Userland
Windows kernel mitigations
Talks / video recordings
- BlueHat v18 || Hardening hyper-v through offensive security research
- BYPASS CONTROL FLOW GUARD COMPREHENSIVELY - this is cfg not kCFG
- BlueHat v18 || Mitigation Bypass: The Past, Present, and Future
- Windows Offender Reverse Engineering Windows Defender's Antivirus Emulator
- Windows 10 Mitigation Improvements (really good talk)
- Overview of Windows 10 Requirements for TPM, HVCI and SecureBoot
- Examining the Guardians of Windows 10 Security - Chuanda Ding
- Analysis of the Attack Surface of Windows 10 Virtualization-Based Security
- A Dive in to Hyper-V Architecture & Vulnerabilities
- the last kaslr leak
- BlueHat v18 || A mitigation for kernel toctou vulnerabilities
- REcon 2013 - I got 99 problems but a kernel pointer ain't one
- SMEP: What is it, and how to beat it on Windows
- BlueHat IL 2020 - David Weston - Keeping Windows Secure
- Advancing Windows Security — David Weston
- OffensiveCon18 - The Evolution of CFI Attacks and Defenses
Articles / papers
General mitigation papers
- Hardening Windows 10 with zero-day exploit mitigations
- TAKING WINDOWS 10 KERNEL EXPLOITATION TO THE NEXT LEVEL
kASLR
- KASLR Bypass Mitigations in Windows 8.1
- Devlopment of a new Windows 10 KASLR bypass - in one winDBG command
SMEP
- Bypassing Intel SMEP on Windows 8 x64 Using Return-oriented Programming
- Return Oriented Programming Tutorial
- Stack Buffer Overflow (SMEP Bypass)
- Windows 10 x64 and Bypassing SMEP
- SMEP: What is it, and how to beat it on Windows
CET
- Security Analysis of Processor Instruction Set Architecture for Enforcing Control-Flow Integrity
- A Technical Look at Intel’s Control-flow Enforcement Technology
- Control-flow Enforcement Technology Specification
- Intel CET Answers Call to Protect Against Common Malware Threats
- R.I.P ROP: CET Internals in Windows 20H1
Windows kernel shellcode
Articles / papers
- Loading Kernel Shellcode
- Windows Kernel Shellcodes - a compendium
- Windows Kernel Shellcode on Windows 10 – Part 1
- Windows Kernel Shellcode on Windows 10 – Part 2
- Windows Kernel Shellcode on Windows 10 – Part 3
- Panic! At The Kernel - Token Stealing Payloads Revisited on Windows 10 x64 and Bypassing SMEP
- Token Abuse for Privilege Escalation in Kernel
- Introduction to Shellcode Development
- Introduction to Windows shellcode development – Part 1
- DoublePulsar Initial SMB Backdoor Ring 0 Shellcode Analysis
- Exploring Injected Threads
Windows kernel exploitation
Talks / video recordings
- HITB2016AMS - Kernel Exploit Hunting And Mitigation
- Ilja van Sprundel: Windows drivers attack surface
- REcon 2015 - This Time Font hunt you down in 4 bytes
- Exploiting a Windows 10 PagedPool off-by-one overflow (WCTF 2018)
- Windows kernel exploitation techniques - Adrien Garin - LSE Week 2016
- Hackingz Ze Komputerz - Exploiting CAPCOM.SYS - Part 1
- Hackingz Ze Komputerz - Exploiting CAPCOM.SYS - Part 2
- [The 3 Way06 Practical Windows Kernel Exploitation
Related Skills
node-connect
352.0kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
111.1kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
352.0kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
352.0kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
View on GitHub80/100
Security Score
Audited on Apr 2, 2026
No findings