Preferably in a sneaky fashion. I guess on Windows we might refer to Kernel Modules as Drivers. Although i could be wrong. I am far more acquainted with such matters including proper nomenclature on Linux based systems. So for the purpose of this thread i will be using the term kernel module.
In any case, i have a couple Windows environments running in VM,for general Windows development, including low level stuff. I got kernel debugging tools of various kinds, both from Microsoft and some that have been developed by security experts, that do low level security and exploit dev targeting Windows for a living.
Now i have the driver development kit, which allows me to install kernel modules in my Windows VM, and i have the ADK, which means i can create what would on Linux be considered a bootstrapping script, but the ADK is more than that, it allows me to create images that are fully customized from the button up. It is generally used in enterprise setting where the IT team has to deploy multiple instances of Windows that are completely customized to fit the needs of the organization. Don't want Cortana? N problem simply remove it from the install script, need certain registry entries changed? Go ahead. It would in fact be perfect to set up a Windows install that has no telemetry, no built in protections for messing with the kernel and security/system critical components and i eventually plan on releasing a special deploy geared towards exploit, rootkit and bootkit development.
However, even with such a deploy and more generally the Driver Development Kit i am still stuck to installing any kernel module or driver to the box i developed it on, or the deploys i made with the ADK. I'd like to be able to develop a firmware and other stuff targeting the kernel, and distribute it so that everyone may enjoy Soph's Firmware Solutions.
Now there's tools like the one below, and it's pretty handy for testing.https://www.osronline.com/article.cfm%5earticle=157.htm
However that driver loader wouldn't be very handy to do stuff like:
That with, remotely through a reverse shell or as part of a malware. Obviously this thread is purely for educational purposes. But i wanted to ask any of you that might have experience with this sort of stuff what the best way to go about something like this would be. Even if you don't have any personal experience with this kind of thing i'd be down to hear your thoughts and discuss the possibilities.