This repository contains proof-of-concept projects for vulnerabilities identified in SecureAge / SecureAPlus driver components. These PoCs are retained for research, validation, and disclosure documentation after responsible disclosure to the vendor.
The code is provided for defensive security work only. It should be used in an isolated lab environment by authorized researchers, maintainers, or defenders who are validating exposure, reproducing a vendor fix, or studying Windows driver vulnerability patterns.
These issues have been responsibly disclosed. Add the final advisory details here when available:
- Vendor: SecureAge Technology / SecureAPlus
- Product/component: SecureAge / SecureAPlus Windows driver interfaces
- Fixed version(s): 10.9.4
PoC for interacting with the SecureAPlus device interface and demonstrating unauthorized file access behavior through the driver. The project includes code that obtains a handle to the device, sends file-open/read requests through the driver IOCTL path, and writes recovered file content to an output file.
PoC variant focused on validating driver-mediated file read behavior against a controlled test file path. It uses the same general device interaction pattern and is useful as a reduced reproduction harness for the affected file access logic.
PoC for a local privilege escalation path involving a pool overflow condition in the driver. The project demonstrates the vulnerability impact in a lab setting by building read/write primitives from corrupted kernel objects and validating privilege escalation behavior.
The repository is organized as a Visual Studio solution with separate C++ projects. The PoCs were developed for Windows 11 25H2 and expect the affected SecureAge / SecureAPlus driver and device interface to be present on the test system.
Because these projects interact with kernel drivers, successful reproduction depends on the exact product version, Windows build, driver layout, structure offsets, and local system state. The code should be treated as research material rather than a stable exploitation framework.
Use these projects only in an authorized Windows 11 25H2 lab environment. A disposable VM with snapshots is strongly recommended because driver testing can crash or destabilize the system.
General workflow:
- Prepare an isolated Windows 11 25H2 test VM.
- Install the affected SecureAge / SecureAPlus version being validated.
- Confirm the SecureAPlus device interface is present and available to the test user.
- Open
SecureAgeExploit.slnxin Visual Studio. - Select the project that matches the behavior being validated:
SecureAgeExploitfor driver-mediated file read behavior.SamSystemDumpfor the reduced file-read reproduction harness.PoolOverflowLPEfor local privilege escalation impact validation.
- Build the selected project for the target architecture used by the lab system.
- Run the compiled PoC only inside the prepared lab VM.
- Record the product version, Windows build, observed result, crash data if any, and whether the vendor fix prevents reproduction.
For remediation validation, test both the affected version and the fixed version under the same VM conditions. The expected fixed-version result is that the vulnerable driver behavior can no longer be reproduced.
The PoCs are not intended for weaponization, persistence, evasion, unauthorized access, or deployment in production environments. If you are using this repository to validate remediation, prefer vendor patches and supported detection guidance over running exploit code on live systems.