CVE-2025-7771

This repository provides a detailed technical analysis of BYOVD (Bring-Your-Own-Vulnerable-Driver) techniques, focusing on CVE-2026-0828 and CVE-2025-7771. It includes research notes, mitigation strategies, and safe reconnaissance code but does not contain functional exploit code.

The repository contains a functional exploit for CVE-2025-7771, a privilege escalation vulnerability in ThrottleStop.sys due to exposed IOCTLs allowing arbitrary kernel memory read/write. The exploit leverages DeviceIoControl to patch kernel structures and escalate privileges.

This repository contains a functional exploit PoC for CVE-2025-7771, demonstrating arbitrary physical memory and I/O port read/write via the ThrottleStop driver. The exploit leverages vulnerable IOCTLs to perform these operations and includes code for virtual-to-physical address translation.

The repository contains a functional exploit for CVE-2025-7771, demonstrating arbitrary physical memory read/write via a vulnerable driver (ThrottleStop.sys). It includes code for virtual-to-physical address translation and driver interaction to manipulate kernel memory.

This repository contains a functional exploit for CVE-2025-7771, which abuses the ThrottleStop driver to invoke arbitrary kernel-mode functions from usermode. The exploit demonstrates calling the kernel function 'DbgPrint' as a proof of concept.

This repository contains a functional exploit PoC for CVE-2025-7771, targeting the ThrottleStop.sys driver to achieve arbitrary physical memory read/write and virtual-to-physical address translation. The exploit leverages Superfetch for address translation and provides commands for process protection/hiding.

This repository contains a functional proof-of-concept exploit for CVE-2025-7771, demonstrating local privilege escalation via unrestricted IOCTL interfaces in ThrottleStop.sys. The exploit leverages physical memory read/write operations to achieve arbitrary code execution in kernel context.

This repository contains a functional proof-of-concept exploit for CVE-2025-7771, leveraging arbitrary physical memory read/write capabilities in the ThrottleStop driver to manipulate Protected Process Light (PPL) protection levels on Windows Server 2022.

This repository contains a functional Rust-based exploit for CVE-2025-7771, leveraging a vulnerable driver binary embedded as a static array to achieve arbitrary read/write primitives. The exploit includes components for driver interaction, service management, and memory manipulation, indicating a local privilege escalation (LPE) attack.

The repository contains a scanner for CVE-2024-21762, a Fortinet SSL VPN vulnerability, which checks for the presence of the vulnerability by sending crafted HTTP requests. It also includes writeups for other CVEs like CVE-2024-10654, detailing authentication bypass vulnerabilities in TOTOLINK devices.

This repository contains a functional exploit PoC for CVE-2025-7771, demonstrating arbitrary physical memory and I/O port read/write via the ThrottleStop driver. The exploit leverages vulnerable IOCTLs to achieve these operations and includes code for virtual-to-physical address translation.