Proof of Concepts code for Bring Your Own Vulnerable Driver techniques
☆107Aug 21, 2025Updated 8 months ago
Alternatives and similar repositories for BYOVD_EDRKiller
Users that are interested in BYOVD_EDRKiller are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Proof of Concepts code for Bring Your Own Vulnerable Driver techniques☆219Aug 21, 2025Updated 8 months ago
- Detect BypassUAC using AMSI☆30Feb 18, 2025Updated last year
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆191Jan 17, 2026Updated 3 months ago
- Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows …☆267Sep 23, 2025Updated 7 months ago
- Remap ntdll.dll using only NTAPI functions with a suspended process☆28Apr 13, 2025Updated last year
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆41Aug 5, 2025Updated 9 months ago
- Moonwalk++: Simple POC Combining StackMoonwalking and Memory Encryption☆220Dec 17, 2025Updated 4 months ago
- Patches the AmsiScan function in clr.dll allowing for unrestricted assembly loading in .NET☆53May 5, 2025Updated last year
- Things i do because i saw it on twitter on a weekend☆58Jul 20, 2025Updated 9 months ago
- A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow☆18Jun 26, 2025Updated 10 months ago
- Folder Or File Delete to Get System Shell on Current Session Desktop☆46Jan 14, 2025Updated last year
- Docker container for running CobaltStrike 4.7 and above☆25Mar 20, 2025Updated last year
- Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …☆53Nov 2, 2025Updated 6 months ago
- Simulate per-process disconnection in red team environments☆114Jun 6, 2025Updated 11 months ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- A C# tool for extracting information from SCCM PXE boot media.☆53Jan 14, 2026Updated 3 months ago
- A small WinRM client designed for interacting with JEA endpoints.☆17Aug 29, 2024Updated last year
- Just a nice little shellcode loader using unconventional methods to avoid using signatured APIs☆24Jul 11, 2025Updated 9 months ago
- CVE-2024-43451 is a Windows NTLM vulnerability that allows an attacker to force authentication and capture NTLM hashes by using malicious…☆15Jan 21, 2025Updated last year
- Vectored Exception Handling Squared☆30Dec 27, 2025Updated 4 months ago
- PoC to self-delete a binary in C#☆36Feb 6, 2024Updated 2 years ago
- ☆14Jul 29, 2024Updated last year
- havoc2nginx is a simple python script that converts Havoc Framework's yaotl malleable c2 profile to Nginx configuration file format. Most…☆12May 8, 2023Updated 2 years ago
- Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege☆227Nov 23, 2023Updated 2 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…☆101Mar 20, 2023Updated 3 years ago
- ☆16Nov 23, 2021Updated 4 years ago
- A simple tool for enumerating dynamic endpoints on a DCE/RPC remote or local endpoint mapper.☆15Oct 9, 2020Updated 5 years ago
- Manage Shadows Copies via the VSS API using C#, C++, Crystal or Python. Working on Windows 11☆86Jan 26, 2026Updated 3 months ago
- Collect Windows telemetry for Maldev☆475Updated this week
- Obex – Blocking unwanted DLLs in user mode☆283Sep 18, 2025Updated 7 months ago
- Hackers to Hackers Conference (H2HC) presentation in São Paulo☆37Dec 16, 2024Updated last year
- Built for red teamers, by red teamers - an MCP tool for malware development, OPSEC testing, and supporting custom loader design during re…☆46Aug 10, 2025Updated 8 months ago
- Run native PE or .NET executables entirely in-memory. Build the loader as an .exe or .dll—DllMain is Cobalt Strike UDRL-compatible☆275Jun 18, 2025Updated 10 months ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- ☆55Oct 13, 2025Updated 6 months ago
- A New Exploitation Technique for Visual Studio Projects☆13Nov 5, 2023Updated 2 years ago
- Locate dlls and function addresses without PEB Walk and EAT parsing☆105Nov 7, 2025Updated 5 months ago
- Local SYSTEM auth trigger for relaying - X☆155Jul 23, 2025Updated 9 months ago
- Enumerate active EDR's on the system☆154Sep 23, 2025Updated 7 months ago
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆170May 30, 2024Updated last year
- Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!☆552May 9, 2025Updated 11 months ago