BlackSnufkin / BYOVD
Some POCs for my BYOVD research and find some vulnerable drivers
☆173Updated 5 months ago
Alternatives and similar repositories for BYOVD:
Users that are interested in BYOVD are comparing it to the libraries listed below
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆273Updated 8 months ago
- A Beacon Object File (BOF) template for Visual Studio☆167Updated 6 months ago
- Generic PE loader for fast prototyping evasion techniques☆213Updated 7 months ago
- Reflective DLL Injection Made Bella☆217Updated last month
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆234Updated 6 months ago
- Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver☆257Updated 2 weeks ago
- Exploitation of process killer drivers☆196Updated last year
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆180Updated last year
- Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution☆167Updated 11 months ago
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆289Updated 10 months ago
- A beacon object file implementation of PoolParty Process Injection Technique.☆367Updated last year
- C++ self-Injecting dropper based on various EDR evasion techniques.☆366Updated last year
- A PoC implementation for dynamically masking call stacks with timers.☆265Updated 2 years ago
- Process injection alternative☆319Updated 5 months ago
- Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.☆389Updated last year
- .NET assembly loader with patchless AMSI and ETW bypass☆313Updated last year
- The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls☆174Updated last year
- Cobalt Strike Beacon Object File for bypassing UAC via the CMSTPLUA COM interface.☆158Updated 2 years ago
- Implementing the ghostly hollowing PE injection technique using tampered syscalls.☆131Updated 8 months ago
- Collect Windows telemetry for Maldev☆298Updated last week
- EDRSandblast-GodFault☆250Updated last year
- CPP AV/EDR Killer☆375Updated last year
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆157Updated 8 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆333Updated last week
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆203Updated 3 months ago
- Use hardware breakpoint to dynamically change SSN in run-time☆246Updated 10 months ago
- Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.☆208Updated last year
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆383Updated 6 months ago
- A vulnerable driver exploited by me (BYOVD) that is capable of terminating several EDRs and antivirus software in the market, rendering t…☆93Updated last month
- WPTaskScheduler RPC Persistence & CVE-2024-49039 via Task Scheduler☆119Updated 3 months ago