APT64 / KernelAVKiller
Antivirus killer using ring-0 kernel driver. Antivirus processes will automatically close while the killer is running.
☆6Updated 2 years ago
Alternatives and similar repositories for KernelAVKiller:
Users that are interested in KernelAVKiller are comparing it to the libraries listed below
- Next gen process injection technique☆45Updated 4 years ago
- A pure C version of SymProcAddress☆26Updated last year
- Piece of code to detect and remove hooks in IAT☆63Updated 2 years ago
- Small tool to play with IOCs caused by Imageload events☆42Updated last year
- Process Ghosting is a technique in which a process is created from a delete pending file. This means the created process is not backed by…☆14Updated 10 months ago
- Red Team Operation's Defense Evasion Technique.☆52Updated 9 months ago
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 2 years ago
- EvtPsst☆53Updated last year
- Classic Process Injection with Memory Evasion Techniques implemantation☆68Updated last year
- An example of COM hijacking using a proxy DLL.☆28Updated 3 years ago
- API Hammering with C++20☆45Updated 2 years ago
- This program is used to perform reflective DLL Injection to a remote process specified by the user.☆65Updated last year
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modules☆41Updated last year
- Reimplementation of the KExecDD DSE bypass technique.☆47Updated 6 months ago
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆83Updated 2 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆87Updated 2 years ago
- Small PoC of using a Microsoft signed executable as a lolbin.☆136Updated 2 years ago
- Enabled / Disable LSA Protection via BYOVD☆66Updated 3 years ago
- Research into removing strings & API call references at compile-time (Anti-Analysis)☆25Updated 9 months ago
- abusing Process Hacker driver to terminate other processes (BYOVD)☆82Updated last year
- Files for http://blog.deniable.org/posts/windows-callbacks/☆73Updated 3 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆70Updated last year
- ☆37Updated last month
- Windows AppLocker Driver (appid.sys) LPE☆53Updated 8 months ago
- Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploits☆28Updated 2 years ago
- A Poc on blocking Procmon from monitoring network events☆100Updated 2 years ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆68Updated last year
- ☆112Updated 2 years ago
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆44Updated last year
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆36Updated last year