## https://sploitus.com/exploit?id=E6B99220-1A2F-5D85-A00F-A8102C86A5D1
# SliffDriver LPE
Local privilege escalation exploit for a signed kernel driver exposing arbitrary
physical memory mapping to any low-privileged process via IOCTL `0x80002004`.
Chains FoxKeDriver64.sys (VAโPA translation) + WinNotify.sys (kernel read)
+ SliffDriver for fully automated SYSTEM token theft.
Tested on Windows 10 22H2 Build 19045. For other versions update the offsets
in the code using WinDbg.
## Compile
Open x64 Native Tools Command Prompt (Visual Studio) and run:
```bash
cl.exe exploit.c /o exploit.exe
```
## Run
```bash
exploit.exe
```
Remember to load all 3 drivers before running the exploit
No admin required. Run from a normal `cmd.exe` as a standard user.
## Demo
https://youtu.be/NZRLX9E_rc0
## Write-up
https://medium.com/@haider303mustafa/applockerflter-sliffdriver-sys-full-kernel-exploit-chain-from-driver-recon-to-system-shell-b57d87738308
## Disclaimer
For educational purposes only. Do not run on systems you do not own.