A collection of vulnerable signed Windows kernel drivers documented as part of my security research.
Each driver includes the original binary, any associated catalog (.cat) files, and links to the full write-up on my blog.
| Driver | Vendor | Primitive | Write-up |
|---|---|---|---|
FADA64.sys |
Broadcom Corporation | Arbitrary physical memory read (MmMapIoSpace) |
dredsen.github.io |
These drivers are provided for research and educational purposes only — malware analysis, detection engineering, and understanding BYOVD attack surface. Do not load these drivers on systems you do not own or have explicit permission to test.
All samples were sourced from legitimate vendor packages and are publicly documented (or-soon-to-be) in LOLDrivers.