Alternatives and similar repositories for NSecSoftBYOVD

Users that are interested in NSecSoftBYOVD are comparing it to the libraries listed below

• RayRRT / BOFs

  View on GitHub
  Beacon Object Files (BOFs) for Cobalt Strike and Havoc C2. Implementations of Active Directory attacks and post-exploitation techniques.
  ☆99Jan 26, 2026Updated 3 weeks ago
• rxOred / process-hollowing

  View on GitHub
  process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread
  ☆31Jan 9, 2022Updated 4 years ago
• CyberSecurityUP / ProcessKiller-BYOVD

  View on GitHub
  BYOVD Technique Example using viragt64 driver
  ☆69Jul 25, 2024Updated last year
• Adaptix-Framework / templates-extender

  View on GitHub
  Templates for developing your own listeners and agents for AdaptixC2.
  ☆44Feb 3, 2026Updated last week
• joaoviictorti / rustbof

  View on GitHub
  A Rust template for writing Beacon Object Files (BOFs)
  ☆87Updated this week
• 0xRobert / mimikatz-rs

  View on GitHub
  Rusty Mimikatz - All credits to: github.com/ThottySploity/mimiRust (Original author deleted account so I uploaded for community use)
  ☆20Nov 24, 2022Updated 3 years ago
• affix / rusty-hollow

  View on GitHub
  Unix Process hollowing in rust
  ☆22Dec 16, 2024Updated last year
• TwoSevenOneT / EDR-Redir

  View on GitHub
  EDR-Redir : a tool used to redirect the EDR's folder to another location.
  ☆222Nov 6, 2025Updated 3 months ago
• T1erno / bin2shellcode

  View on GitHub
  C++ tool and library for converting .bin files to shellcode in multiple output formats.
  ☆33Aug 18, 2025Updated 5 months ago
• 0xflux / Rust-Hells-Gate

  View on GitHub
  Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust
  ☆82Jun 4, 2024Updated last year
• yinsel / CVE-2024-35250-BOF

  View on GitHub
  CVE-2024-35250 的 Beacon Object File (BOF) 实现。
  ☆24Nov 28, 2024Updated last year
• pard0p / Remote-BOF-Runner

  View on GitHub
  Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …
  ☆88Jan 2, 2026Updated last month
• hasherezade / waiting_thread_hijacking

  View on GitHub
  Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread
  ☆262Aug 31, 2025Updated 5 months ago
• 0xTriboulet / rssh-rs

  View on GitHub
  ☆55May 31, 2025Updated 8 months ago
• leonjza / port-jump

  View on GitHub
  Some security by obscurity using port-jumping.
  ☆14Aug 21, 2025Updated 5 months ago
• EvilWhales / ShadowDropper

  View on GitHub
  ShadowDropper is a utility for covertly delivering and executing payloads on a target system.
  ☆26Jul 4, 2025Updated 7 months ago
• 123ojp / VxLAN-Scanner

  View on GitHub
  This is a VxLAN PoC code for Talks: From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and Evasion
  ☆28Jul 21, 2025Updated 6 months ago
• buldansec / EnableEFS

  View on GitHub
  Enable EFS service as low priv user (PE & BOF)
  ☆21Jul 6, 2025Updated 7 months ago
• matro7sh / bof-collection

  View on GitHub
  collection of beacon object file (Cobalt strike)
  ☆12Jan 21, 2023Updated 3 years ago
• j3h4ck / WatchDogKiller

  View on GitHub
  PoC exploit for the vulnerable WatchDog Anti-Malware driver (amsdk.sys) – weaponized to kill protected EDR/AV processes via BYOVD.
  ☆180Sep 11, 2025Updated 5 months ago
• moom825 / XenoStealer

  View on GitHub
  ☆52Sep 26, 2024Updated last year
• alexlee820 / PatchedCLRLoader

  View on GitHub
  .NET assembly loader with patching AMSI and ETW bypass
  ☆31Apr 16, 2025Updated 10 months ago
• Nicolas-Arsenault / Havoc-C2-RCE-2024

  View on GitHub
  Abusing SSRF to deliver an authenticated command injection payload
  ☆30Sep 1, 2025Updated 5 months ago
• maxDcb / C2Implant

  View on GitHub
  Windows C++ Implant for Exploration C2
  ☆44Jan 26, 2026Updated 3 weeks ago
• synacktiv / GroupPolicyBackdoor

  View on GitHub
  Group Policy Objects manipulation and exploitation framework
  ☆289Dec 7, 2025Updated 2 months ago
• Leo4j / Invoke-RunAsSystem

  View on GitHub
  A simple script to elevate current session to SYSTEM (needs to be run as Administrator)
  ☆15Nov 11, 2024Updated last year
• Nero22k / Kernel-Programming-2023

  View on GitHub
  Repository of different kernel drivers written while studying Windows NT Driver development
  ☆12Apr 14, 2024Updated last year
• xalicex / Get-DLL-and-Function-Addresses

  View on GitHub
  GetModuleHandle (via PEB) and GetProcAddress (via EAT) like
  ☆32Feb 7, 2022Updated 4 years ago
• 0xJs / EnumEDRs

  View on GitHub
  Enumerate active EDR's on the system
  ☆150Sep 23, 2025Updated 4 months ago
• 0xthirteen / WMI_Proc_Dump

  View on GitHub
  Dump processes over WMI with MSFT_MTProcess
  ☆81Updated this week
• TwoSevenOneT / CreateProcessAsPPL

  View on GitHub
  This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.
  ☆294Nov 1, 2025Updated 3 months ago
• bitdefender / hypervinject-poc

  View on GitHub
  ☆58Jul 31, 2025Updated 6 months ago
• Tylous / Dent

  View on GitHub
  A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.
  ☆15Apr 4, 2023Updated 2 years ago
• x64dbg / lz4

  View on GitHub
  ☆14Dec 26, 2024Updated last year
• 0x3rhy / BOF-DCOMPotato-PrintNotify

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…
  ☆13Feb 4, 2024Updated 2 years ago
• joaoviictorti / uwd

  View on GitHub
  Call Stack Spoofing for Rust
  ☆210Jan 28, 2026Updated 2 weeks ago
• Yeeb1 / MagicBOFs

  View on GitHub
  A small set of Beacon Object Files (BOFs) that I developed over the time with a Magic: The Gathering theme.
  ☆16Jul 15, 2025Updated 7 months ago
• kyxiaxiang / 360WFP_Exploit

  View on GitHub
  BYOVD: Use 360 ​​WFP driver to block EDR/XDR network connection.
  ☆41Updated this week
• m7rick / Havoc-DLLHijack

  View on GitHub
  A tool to assist DLL hijacking via the Havoc GUI
  ☆12Jan 9, 2024Updated 2 years ago