Skip to content
/ STProcessMonitorBYOVD Public

The PoC for CVE-2025-70795 / CVE-2026-0828 and its update

39 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ANYLNK/STProcessMonitorBYOVD

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
STProcessMonitorBYOVD
STProcessMonitorBYOVD
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
STProcessMonitorBYOVD.sln
STProcessMonitorBYOVD.sln
 
 

Repository files navigation

STProcessMonitorBYOVD

Reference: https://bbs.kafan.cn/thread-2288675-1-1.html

Usage:

  1. Place the vulnerable driver under the same directory of the exe. The version 11.11.4.0 (the older one) is with CVE-2025-70795 / CVE-2026-0828, compatible with the parameter /Kill; The version 11.26.18 (Updated) is compatible with parameter /Terminate.

  2. /Init - Install the driver. /Kill - Use CVE-2025-70795 / CVE-2026-0828 to terminate processes. /Terminate - Use the updated driver to terminate processes. /Uninst - Unload the driver.

Screenshots

Exploit CVE-2025-70795 / CVE-2026-0828 (Please notice that the '/Kill' operate is without any priviledge) 屏幕截图 2026-02-14 200828 屏幕截图 2026-02-14 201224

The updated driver verifys if the control code is from an NT Authority/SYSTEM process, so we need to get at least Administrator priviledge to use the new driver.

160139uqz99h29c96anwyg 屏幕截图 2026-02-14 201729

About

The PoC for CVE-2025-70795 / CVE-2026-0828 and its update

Resources

Readme
Activity

Stars

39 stars

Watchers

0 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages