Proof of Concepts code for Bring Your Own Vulnerable Driver techniques
☆109Aug 21, 2025Updated 9 months ago
Alternatives and similar repositories for BYOVD_EDRKiller
Users that are interested in BYOVD_EDRKiller are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Proof of Concepts code for Bring Your Own Vulnerable Driver techniques☆226Aug 21, 2025Updated 9 months ago
- Detect BypassUAC using AMSI☆29Feb 18, 2025Updated last year
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆189Jan 17, 2026Updated 4 months ago
- Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows …☆269Sep 23, 2025Updated 8 months ago
- Remap ntdll.dll using only NTAPI functions with a suspended process☆28Apr 13, 2025Updated last year
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆42Aug 5, 2025Updated 10 months ago
- Moonwalk++: Simple POC Combining StackMoonwalking and Memory Encryption☆226Dec 17, 2025Updated 5 months ago
- Patches the AmsiScan function in clr.dll allowing for unrestricted assembly loading in .NET☆54May 5, 2025Updated last year
- Things i do because i saw it on twitter on a weekend☆57Jul 20, 2025Updated 10 months ago
- A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow☆19Jun 26, 2025Updated 11 months ago
- Folder Or File Delete to Get System Shell on Current Session Desktop☆47Jan 14, 2025Updated last year
- Docker container for running CobaltStrike 4.7 and above☆25Mar 20, 2025Updated last year
- Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …☆54Nov 2, 2025Updated 7 months ago
- A C# tool for extracting information from SCCM PXE boot media.☆57May 21, 2026Updated 3 weeks ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Simulate per-process disconnection in red team environments☆115Jun 6, 2025Updated last year
- A small WinRM client designed for interacting with JEA endpoints.☆19Aug 29, 2024Updated last year
- Just a nice little shellcode loader using unconventional methods to avoid using signatured APIs☆24Jul 11, 2025Updated 11 months ago
- CVE-2024-43451 is a Windows NTLM vulnerability that allows an attacker to force authentication and capture NTLM hashes by using malicious…☆15Jan 21, 2025Updated last year
- Vectored Exception Handling Squared☆30Dec 27, 2025Updated 5 months ago
- PoC to self-delete a binary in C#☆36Feb 6, 2024Updated 2 years ago
- ☆14Jul 29, 2024Updated last year
- havoc2nginx is a simple python script that converts Havoc Framework's yaotl malleable c2 profile to Nginx configuration file format. Most…☆12May 8, 2023Updated 3 years ago
- Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege☆227Nov 23, 2023Updated 2 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…☆101Mar 20, 2023Updated 3 years ago
- ☆16Nov 23, 2021Updated 4 years ago
- A simple tool for enumerating dynamic endpoints on a DCE/RPC remote or local endpoint mapper.☆15Oct 9, 2020Updated 5 years ago
- Manage Shadows Copies via the VSS API using C#, C++, Crystal or Python. Working on Windows 11☆86Jan 26, 2026Updated 4 months ago
- Collect Windows telemetry for Maldev☆486Jun 6, 2026Updated last week
- Built for red teamers, by red teamers - an MCP tool for malware development, OPSEC testing, and supporting custom loader design during re…☆46Aug 10, 2025Updated 10 months ago
- Obex – Blocking unwanted DLLs in user mode☆282Sep 18, 2025Updated 8 months ago
- Hackers to Hackers Conference (H2HC) presentation in São Paulo☆37Dec 16, 2024Updated last year
- ☆55Oct 13, 2025Updated 8 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Run native PE or .NET executables entirely in-memory. Build the loader as an .exe or .dll—DllMain is Cobalt Strike UDRL-compatible☆272Jun 18, 2025Updated 11 months ago
- A New Exploitation Technique for Visual Studio Projects☆13Nov 5, 2023Updated 2 years ago
- Locate dlls and function addresses without PEB Walk and EAT parsing☆108Nov 7, 2025Updated 7 months ago
- Local SYSTEM auth trigger for relaying - X☆158Jul 23, 2025Updated 10 months ago
- Enumerate active EDR's on the system☆153Sep 23, 2025Updated 8 months ago
- Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!☆556May 9, 2025Updated last year
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.☆287Apr 6, 2025Updated last year