BeneficialCode/KPPL external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

BeneficialCode/KPPL

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/BeneficialCode/KPPL)

Close

BeneficialCode / KPPLView on GitHubMore

• External links
• Readme badge

Kill Protected Process Light Process (include av)

☆57Sep 15, 2023Updated 2 years ago

Alternatives and similar repositories for KPPL

Users that are interested in KPPL are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• Ryze-T / EdrKiller

  View on GitHub
  ☆91Jun 29, 2021Updated 4 years ago
• Allevon412 / PPL_Sandboxer

  View on GitHub
  ☆82Feb 12, 2022Updated 4 years ago
• alfarom256 / StinkyLoader

  View on GitHub
  It stinks
  ☆103Apr 22, 2022Updated 4 years ago
• HadesW / power-kill

  View on GitHub
  power-kill is a project that kill protected processes (such as EDR or AV) by injecting shellcode into high privilege processes
  ☆48Sep 27, 2021Updated 4 years ago
• br-sn / CheekyBlinder

  View on GitHub
  Enumerating and removing kernel callbacks using signed vulnerable drivers
  ☆594Jan 24, 2023Updated 3 years ago
• Serverless GPU API endpoints on Runpod - Get Bonus Credits • Ad
  Skip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
• splunk / PPLinject

  View on GitHub
  Inject unsigned DLL into Protected Process Light (PPL)
  ☆42May 8, 2025Updated last year
• capt-meelo / NtCreateUserProcess

  View on GitHub
  Minimal PoC developed as discuss in https://captmeelo.com/redteam/maldev/2022/05/10/ntcreateuserprocess.html
  ☆143May 10, 2022Updated 4 years ago
• arsium / BypassGetModuleBaseAddressAndGetExportAddress

  View on GitHub
  A proof of concept of real custom GetProcAddress and GetModuleBaseAddress
  ☆21Jul 9, 2022Updated 3 years ago
• morph3 / Windows-RPC-Backdoor

  View on GitHub
  Simple windows rpc server for research purposes only
  ☆83May 29, 2022Updated 3 years ago
• clod81 / loader_process_hollow_copy_in_chunk

  View on GitHub
  About C# loader that copies a chunk at the time of the shellcode in memory in a suspended process, rather that all at once
  ☆13Jul 14, 2022Updated 3 years ago
• Octoberfest7 / KDStab

  View on GitHub
  BOF combination of KillDefender and Backstab
  ☆167Mar 23, 2023Updated 3 years ago
• D0pam1ne705 / Direct-NtCreateUserProcess

  View on GitHub
  Call NtCreateUserProcess directly as normal.
  ☆77May 17, 2022Updated 4 years ago
• HadesW / mhy_exp

  View on GitHub
  Mhy Exp (exploit signed driver)
  ☆140May 17, 2022Updated 4 years ago
• trickster0 / LdrLoadDll-Unhooking

  View on GitHub
  LdrLoadDll Unhooking
  ☆134Jan 16, 2022Updated 4 years ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• A-Normal-User / Pretend_HideVirtualMemory

  View on GitHub
  利用物理内存映射，实现虚拟内存的伪隐藏
  ☆86Sep 15, 2022Updated 3 years ago
• BronzeTicket / ClipboardWindow-Inject

  View on GitHub
  CLIPBRDWNDCLASS process injection technique(BOF) - execute beacon shellcode in callback
  ☆67Sep 15, 2022Updated 3 years ago
• CryptoBreach / UnhookPoC

  View on GitHub
  A small PoC using DInvoke, dynamically mapping a DLL and executing Win32 APIs for process injection.
  ☆10Dec 16, 2021Updated 4 years ago
• Rvn0xsy / GetWindowsCredentials

  View on GitHub
  通过WindowsAPI获取用户凭证，并保存到文件中
  ☆193Jun 18, 2024Updated last year
• ScriptIdiot / sleepmask_ekko_cfg

  View on GitHub
  Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process
  ☆49Mar 15, 2023Updated 3 years ago
• waleedassar / CVE-2022-24483

  View on GitHub
  POC For CVE-2022-24483
  ☆14Apr 12, 2022Updated 4 years ago
• dsnezhkov / HandsFreeCOM

  View on GitHub
  Self-Loading Registration Free COM Functions
  ☆11Nov 12, 2019Updated 6 years ago
• timwhitez / Doge-HeapAlloc

  View on GitHub
  ☆13Sep 2, 2021Updated 4 years ago
• boku7 / xPipe

  View on GitHub
  Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions
  ☆97Mar 8, 2023Updated 3 years ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• carlnykvist / Timestamp_BOF

  View on GitHub
  ☆19Aug 25, 2022Updated 3 years ago
• paranoidninja / DotNetTracer

  View on GitHub
  C code to enable ETW tracing for Dotnet Assemblies
  ☆32Aug 12, 2022Updated 3 years ago
• huoji120 / DuckSandboxDetect

  View on GitHub
  沙箱测试,测评国内常见沙箱的代码与结论
  ☆107Jul 3, 2021Updated 4 years ago
• Chener-03 / AntiHook

  View on GitHub
  扫描以及恢复 r3hook 类
  ☆10Aug 29, 2021Updated 4 years ago
• 1401199262 / Protect_Process

  View on GitHub
  ☆115Feb 11, 2022Updated 4 years ago
• Wra7h / PEResourceInject

  View on GitHub
  ☆62Jun 26, 2022Updated 3 years ago
• apokryptein / secinject

  View on GitHub
  Section Mapping Process Injection (secinject): Cobalt Strike BOF
  ☆104Jan 7, 2022Updated 4 years ago
• lawiet47 / STFUEDR

  View on GitHub
  Silence EDRs by removing kernel callbacks
  ☆239Dec 7, 2020Updated 5 years ago
• LloydLabs / delete-self-poc

  View on GitHub
  A way to delete a locked file, or current running executable, on disk.
  ☆620Nov 5, 2025Updated 6 months ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• antonioCoco / SspiUacBypass

  View on GitHub
  Bypassing UAC with SSPI Datagram Contexts
  ☆467Sep 24, 2023Updated 2 years ago
• zeroperil / HookDump

  View on GitHub
  Security product hook detection
  ☆330Mar 30, 2021Updated 5 years ago
• capt-meelo / KernelCallbackTable-Injection

  View on GitHub
  Code used in this post https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html
  ☆149Apr 21, 2022Updated 4 years ago
• tandasat / CVE-2022-25949

  View on GitHub
  A years-old exploit of a local EoP vulnerability in Kingsoft Antivirus KWatch Driver version 2009.3.17.77.
  ☆38Mar 16, 2022Updated 4 years ago
• 0cch / pdbdownloader

  View on GitHub
  pdb downloader
  ☆32Feb 27, 2024Updated 2 years ago
• DeEpinGh0st / CVE-2022-22978

  View on GitHub
  CVE-2022-22978 Spring-Security bypass Demo
  ☆16Jun 2, 2022Updated 3 years ago
• wh0amitz / BypassCredGuard

  View on GitHub
  Credential Guard Bypass Via Patching Wdigest Memory
  ☆338Feb 3, 2023Updated 3 years ago