Proof of Concepts code for Bring Your Own Vulnerable Driver techniques
☆210Aug 21, 2025Updated 6 months ago
Alternatives and similar repositories for BYOVD_read_write_primitive
Users that are interested in BYOVD_read_write_primitive are comparing it to the libraries listed below
Sorting:
- Local SYSTEM auth trigger for relaying - X☆155Jul 23, 2025Updated 7 months ago
- Beacon Object File (BOF) to obtain Entra tokens via authcode flow.☆123Jan 17, 2026Updated last month
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆104Feb 25, 2025Updated last year
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆186Jan 17, 2026Updated last month
- Reaping treasures from strings in remote processes memory☆285Feb 8, 2025Updated last year
- Shellcode Loader Utilizing ETW Events☆67Feb 26, 2025Updated last year
- Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows …☆264Sep 23, 2025Updated 5 months ago
- A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass☆167Sep 22, 2025Updated 5 months ago
- Windows rootkit designed to work with BYOVD exploits☆216Jan 18, 2025Updated last year
- Lateral Movement as loggedon User via Speech Named Pipe COM & ISpeechNamedPipe + COM Hijacking☆138Jul 2, 2025Updated 7 months ago
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆266Apr 8, 2025Updated 10 months ago
- A simple Sleepmask BOF example☆167Nov 24, 2025Updated 3 months ago
- A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …☆334Mar 6, 2025Updated 11 months ago
- ☆146Nov 6, 2025Updated 3 months ago
- Parses cached certificate templates from a Windows Registry file and displays them in the same style as Certipy does☆95Jul 3, 2025Updated 7 months ago
- ForsHops☆59Mar 25, 2025Updated 11 months ago
- ☆53Sep 23, 2025Updated 5 months ago
- Just a nice little shellcode loader using unconventional methods to avoid using signatured APIs☆23Jul 11, 2025Updated 7 months ago
- Mentally ill EtwTi parser☆68Jan 11, 2026Updated last month
- Port of Cobalt Strike's Process Inject Kit☆191Dec 1, 2024Updated last year
- ☆64Dec 19, 2024Updated last year
- An alternative to the builtin clipboard feature in Cobalt Strike that adds the capability to enable/disable and dump the clipboard histor…☆103Jan 9, 2026Updated last month
- Remote DLL Injection with Timer-based Shellcode Execution☆154Jul 18, 2025Updated 7 months ago
- Sleep obfuscation☆268Dec 13, 2024Updated last year
- Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!☆537May 9, 2025Updated 9 months ago
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆195Feb 6, 2025Updated last year
- Using call gadgets to break the call stack signature used by Elastic on proxying a module load. Provided as a Crystal Palace shared libra…☆75Nov 6, 2025Updated 3 months ago
- Proof of Concepts code for Bring Your Own Vulnerable Driver techniques☆91Aug 21, 2025Updated 6 months ago
- ForsHops☆152Mar 25, 2025Updated 11 months ago
- BOF to decrypt Signal Desktop chat logs☆71Feb 20, 2025Updated last year
- Blog/Journal on how to backdoor VSCode extensions☆76Updated this week
- Bypass user-land hooks by syscall tampering via the Trap Flag☆139Aug 25, 2025Updated 6 months ago
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆128Oct 4, 2024Updated last year
- ☆126Jan 23, 2025Updated last year
- Open Source C&C Specification☆277Feb 28, 2025Updated last year
- ☆159Dec 13, 2024Updated last year
- Cobalt Strike BOF for evasive .NET assembly execution☆308Mar 31, 2025Updated 11 months ago
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆261Oct 16, 2024Updated last year
- A reflective DLL development template for the Rust programming language☆114Nov 4, 2025Updated 3 months ago