From ed33c60db48f8dbc9c5f455b32f27b0e46e7ebb8 Mon Sep 17 00:00:00 2001
From: Joas A Santos <34966120+CyberSecurityUP@users.noreply.github.com>
Date: Sun, 14 Dec 2025 14:52:06 -0300
Subject: [PATCH] Create prompt-01

---
 .../Drivers-Exploitation/prompt-01            | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 Reverse-Engineer/Drivers-Exploitation/prompt-01

diff --git a/Reverse-Engineer/Drivers-Exploitation/prompt-01 b/Reverse-Engineer/Drivers-Exploitation/prompt-01
new file mode 100644
index 0000000..a221e9c
--- /dev/null
+++ b/Reverse-Engineer/Drivers-Exploitation/prompt-01
@@ -0,0 +1,33 @@
+Your task is to analyze a driver DriverName.sys in IDA Pro. You can use the MCP tools to retrieve information. In general use the following strategy:
+
+Analyze the provided driver code focusing on:
+1. Exposed IOCTLs (Input/Output Control) - identify opcodes
+2. Missing or insufficient input validations
+3. Possibilities of buffer overflow (stack or heap)
+4. Arbitrary memory read/write operations
+5. Token/privilege manipulation
+6. Exposed function pointers that can be overwritten
+7. Race conditions
+8. Use of dangerous functions such as memcpy, strcpy without validation
+
+Specifically look for:
+- Accessible process/thread handles
+- Operations with EPROCESS/ETHREAD structures
+- Access to arbitrary PID/TID
+- Ability to read/write kernel memory
+- Registered callback functions that can be manipulated
+- Control of function pointers through exposed structures
+
+Create a PoC that exploits the vulnerabilities found for:
+a) Privilege escalation (SYSTEM/NT) AUTHORITY)
+b) Denial of Service (system/driver crash)
+c) Arbitrary kernel memory read
+d) Arbitrary kernel memory write
+
+Analysis format:
+
+1. Identify all IOCTLs and their functionalities
+2. Map data structures and parameters
+3. Identify missing validations
+4. Develop exploit primitives
+5. Build a complete exploit