Proof of Concepts code for Bring Your Own Vulnerable Driver techniques
☆100Aug 21, 2025Updated 7 months ago
Alternatives and similar repositories for BYOVD_EDRKiller
Users that are interested in BYOVD_EDRKiller are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Proof of Concepts code for Bring Your Own Vulnerable Driver techniques☆215Aug 21, 2025Updated 7 months ago
- Detect BypassUAC using AMSI☆29Feb 18, 2025Updated last year
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆191Jan 17, 2026Updated 2 months ago
- Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows …☆265Sep 23, 2025Updated 6 months ago
- Remap ntdll.dll using only NTAPI functions with a suspended process☆28Apr 13, 2025Updated last year
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆40Aug 5, 2025Updated 8 months ago
- Moonwalk++: Simple POC Combining StackMoonwalking and Memory Encryption☆215Dec 17, 2025Updated 3 months ago
- Patches the AmsiScan function in clr.dll allowing for unrestricted assembly loading in .NET☆54May 5, 2025Updated 11 months ago
- Things i do because i saw it on twitter on a weekend☆58Jul 20, 2025Updated 8 months ago
- A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow☆18Jun 26, 2025Updated 9 months ago
- Folder Or File Delete to Get System Shell on Current Session Desktop☆47Jan 14, 2025Updated last year
- Docker container for running CobaltStrike 4.7 and above☆25Mar 20, 2025Updated last year
- Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …☆52Nov 2, 2025Updated 5 months ago
- Simulate per-process disconnection in red team environments☆113Jun 6, 2025Updated 10 months ago
- Deploy open-source AI quickly and easily - Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- A C# tool for extracting information from SCCM PXE boot media.☆52Jan 14, 2026Updated 3 months ago
- A small WinRM client designed for interacting with JEA endpoints.☆13Aug 29, 2024Updated last year
- Just a nice little shellcode loader using unconventional methods to avoid using signatured APIs☆23Jul 11, 2025Updated 9 months ago
- CVE-2024-43451 is a Windows NTLM vulnerability that allows an attacker to force authentication and capture NTLM hashes by using malicious…☆15Jan 21, 2025Updated last year
- Vectored Exception Handling Squared☆31Dec 27, 2025Updated 3 months ago
- PoC to self-delete a binary in C#☆35Feb 6, 2024Updated 2 years ago
- ☆13Jul 29, 2024Updated last year
- havoc2nginx is a simple python script that converts Havoc Framework's yaotl malleable c2 profile to Nginx configuration file format. Most…☆12May 8, 2023Updated 2 years ago
- Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege☆227Nov 23, 2023Updated 2 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…☆100Mar 20, 2023Updated 3 years ago
- ☆16Nov 23, 2021Updated 4 years ago
- A simple tool for enumerating dynamic endpoints on a DCE/RPC remote or local endpoint mapper.☆15Oct 9, 2020Updated 5 years ago
- Manage Shadows Copies via the VSS API using C#, C++, Crystal or Python. Working on Windows 11☆86Jan 26, 2026Updated 2 months ago
- Collect Windows telemetry for Maldev☆469Jan 30, 2026Updated 2 months ago
- Obex – Blocking unwanted DLLs in user mode☆285Sep 18, 2025Updated 6 months ago
- Hackers to Hackers Conference (H2HC) presentation in São Paulo☆38Dec 16, 2024Updated last year
- Built for red teamers, by red teamers - an MCP tool for malware development, OPSEC testing, and supporting custom loader design during re…☆44Aug 10, 2025Updated 8 months ago
- ☆54Oct 13, 2025Updated 6 months ago
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- Run native PE or .NET executables entirely in-memory. Build the loader as an .exe or .dll—DllMain is Cobalt Strike UDRL-compatible☆274Jun 18, 2025Updated 9 months ago
- A New Exploitation Technique for Visual Studio Projects☆13Nov 5, 2023Updated 2 years ago
- Locate dlls and function addresses without PEB Walk and EAT parsing☆105Nov 7, 2025Updated 5 months ago
- Local SYSTEM auth trigger for relaying - X☆154Jul 23, 2025Updated 8 months ago
- Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!☆545May 9, 2025Updated 11 months ago
- Enumerate active EDR's on the system☆152Sep 23, 2025Updated 6 months ago
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆170May 30, 2024Updated last year