Some hypervisor research notes. There is also a useful exploit template that you can use to verify / falsify any assumptions you may make while auditing code, and for exploit development.

Overview

Introduction

Over the past few weeks, I've been doing some hypervisor research here and there, with most of my focus being on PCI device emulation code within Virtualbox and QEMU. While doing this research, I've learned quite a few tricks that help a lot when writing proof of concepts to verify / falsify any assumptions you may have about a certain bit of code. They're also very useful in general when writing exploits.

This repo is meant to aggregate all of these tips and tricks in one place, and will hopefully be kept updated by me (or you!).

Contents

Useful links

  1. A full e1000 exploit in an LKM - https://github.com/cchochoy/e1000_fake_driver/
  2. Qemu VM Escape Case Study - http://phrack.org/papers/vm-escape-qemu-case-study.html
You might also like...
A continuation of FSund's pteron-keyboard project. Feel free to contribute, or use these files to make your own! Kits and PCBs are also available through my facebook page.
A continuation of FSund's pteron-keyboard project. Feel free to contribute, or use these files to make your own! Kits and PCBs are also available through my facebook page.

pteron-pcb Intro This project is the evolution of the Pteron-Keyboard project, an incredible ergonomic keyboard that was handwired only. I aimed to in

Northstar-dedicated - Docker container for the Northstar dedicated server. Also includes general notes on running the dedi on Linux. WIP.

northstar-dedicated Docker image for the Northstar dedicated server. Not ready yet (it'll probably be another day or two). Versioning Tentative. Stabl

some notes on Xlib programming

XNOTES(1) X Notes NOTESO(1) NAME xnotes - some notes on Xlib programming DESCRIPTION

This Repo would take notes for some OCW courses which I consider it is excellent.

Excellent OCW This Repo would take notes for some OCW courses which I consider it is excellent. Course Code HomePage Assignment&Note [Done] MIT 6.S096

There are several guides for kernel developers and users

There are several guides for kernel developers and users

This repository is for everyone for Hacktoberfest 2021. Anyone can contribute anything for your Swags (T- Shirt), must be relevant that can add some value to this repository.
This repository is for everyone for Hacktoberfest 2021. Anyone can contribute anything for your Swags (T- Shirt), must be relevant that can add some value to this repository.

Hacktober Fest 2021 For Everyone! Upload Projects or Different Types of Programs in any Language Use this project to make your first contribution to a

Now I shall sing the second kingdom there where the soul of man is cleansed, made worthy to ascend to Heaven.

Inferno® is a distributed operating system, originally developed at Bell Labs, but now developed and maintained by Vita Nuova® as Free Software. Appli

This repo contains demo exploits for CVE-2022-0185. There are two versions here.

CVE-2022-0185 This repo contains demo exploits for CVE-2022-0185. There are two versions here. The non-kctf version (fuse version) specifically target

(FIXED) Since the one on github didn't work. (ALSO INCLUDES .DLL SO YOU CAN JUST INJECT INTO FORTNITE)
(FIXED) Since the one on github didn't work. (ALSO INCLUDES .DLL SO YOU CAN JUST INJECT INTO FORTNITE)

Marathon-Fortnite-Cheat-Fix-Leak Fortnite Marathon Cheat v18.20 FIXED [Leak] Getting started Open .sln with Visual Studio 2019 Compile batch build to

Owner
Faith
Faith
An embedded CAN bus sniffer which is able to monitor any of the vehicle internal CAN bus and perform some action by triggering new CAN messages.

An embedded CAN bus sniffer which is able to monitor any of the vehicle internal CAN bus and perform some action by triggering new CAN messages. In this way certain vehicle functionality can be triggered by responding to custom steering wheel button events, or use the vehicle virtual cockpit to display OBD-PIDs values instead of relying on an external display to present new information to the user

null 16 Nov 13, 2022
The pico can be used to program other devices. Raspberry pi made such an effort. However there is no board yet, that is open-source and can be used with OpenOCD as a general-purpose programmer

pico-probe-programmer The pico can be used to program other devices. Raspberry pi made such an effort. However there is no board yet, that is open-sou

martijn 22 Oct 15, 2022
Libft is an individual project at 42 that requires us to re-create some standard C library functions including some additional ones that can be used later to build a library of useful functions for the rest of the program.

Libft is an individual project at 42 that requires us to re-create some standard C library functions including some additional ones that can be used later to build a library of useful functions for the rest of the program.

Paulo Rafael Ramalho 0 Apr 5, 2022
You may learn how to make successful pull requests and get your first valid open source contribution by using this repository.

Your-First-Contribution You may learn how to make successful pull requests and get your first valid open source contribution by using this repository.

Veshraj Ghimire 24 Aug 23, 2022
Leo Hypervisor. Type 1 hypervisor on Raspberry Pi 4 machine.

Leo Hypervisor Leo. Type 1 hypervisor on Raspberry Pi 4 machine. Set Up This setup was tested on Debian Install Required Dependencies and Toolchain su

Mushahid Hussain 14 Nov 25, 2022
This Program Enables And Disables Hyper-V Hypervisor So You Can Use Other Virtualisation Tools Such As (VMware, VirtualBox) Simultaneously.

Hyper-V-Switch This Program Enables And Disables Hyper-V Hypervisor So You Can Use Other Virtualisation Tools Such As (VMware, VirtualBox) Simultaneou

RaynerSec 4 Nov 10, 2022
A self made HWID Spoofer for Fortnite and Valorant. May also work in Warzone, Apex etc.

HWID-Spoofer A HWID-Spoofer made by me. Tested for Fortnite and Valorant. Really undetected in the moment How to use the Valorant Internal [+] - Downl

gupr0x4 13 Oct 8, 2022
The PNT Integrity Library provides users a method to verify the integrity of the received GPS data and ranging signals, thereby improving resiliency against potential GPS signal loss.

PNT Integrity Library The PNT Integrity Library provides users a method to verify the integrity of the received GPS data and ranging signals, thereby

Cybersecurity and Infrastructure Security Agency 40 Oct 21, 2022
This is the source code for for the Plugin GAS Associate, that is supposed to make your life easier while using Unreal's Gameplay Ability System.

GASAssociate Description: This is the source code for for the Plugin GAS Associate, that is supposed to make your life easier while using Unreal's Gam

Malik Sahab 21 Nov 19, 2022
ContactGot is an offline desktop app, where clients can leave their info, while an administrator can manage which information they need to gather on certain projects.

ContactGot Contents Description How to use Requirements Engineering Installation Documentation Design Architecture Demonstration 1. Description During

Elizaveta 15 Sep 17, 2022