BYOVD Technique Example using viragt64 driver
☆72Jul 25, 2024Updated last year
Alternatives and similar repositories for ProcessKiller-BYOVD
Users that are interested in ProcessKiller-BYOVD are comparing it to the libraries listed below
Sorting:
- NSecSoftBYOVD POC☆57Feb 12, 2026Updated 2 weeks ago
- Evasive shellcode loader with indirect syscalls, Thread name-calling allocation, PoolParty injection☆10Feb 26, 2025Updated last year
- Windows AppLocker Driver (appid.sys) LPE☆75Jul 29, 2024Updated last year
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆169May 17, 2023Updated 2 years ago
- The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls☆228Jan 20, 2024Updated 2 years ago
- Event Tracing for Windows EDR bypass in Rust (usermode)☆39Jun 9, 2024Updated last year
- It's what all the kids are talking about☆12Apr 25, 2023Updated 2 years ago
- ☆165Mar 4, 2025Updated 11 months ago
- Rust crate to parse user-mode minidump files generated on Windows☆18Nov 17, 2025Updated 3 months ago
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆30Jan 30, 2025Updated last year
- AV/EDR killer using BYOVD technique☆44Sep 27, 2024Updated last year
- ☆20Mar 21, 2024Updated last year
- A memory-based evasion technique which makes shellcode invisible from process start to end.☆17Aug 14, 2023Updated 2 years ago
- Submission, compilation and execution of C# code snippets, using an unmanaged CLR Host☆53Jan 29, 2015Updated 11 years ago
- Windows rootkit designed to work with BYOVD exploits☆216Jan 18, 2025Updated last year
- Havoc C2 profile generator☆102Jul 15, 2025Updated 7 months ago
- Injector with kernel power☆18Jan 2, 2021Updated 5 years ago
- This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.☆295Nov 1, 2025Updated 4 months ago
- Playing with packets in C#☆15Aug 16, 2024Updated last year
- Kill AV/EDR leveraging BYOVD attack☆391Jul 11, 2023Updated 2 years ago
- Select any exported function in a dll as the new dll's entry point.☆81Oct 25, 2024Updated last year
- ☆26Mar 10, 2022Updated 3 years ago
- BYOVD research use cases featuring vulnerable driver discovery and reverse engineering methodology. (CVE-2025-52915, CVE-2025-1055,).☆595Updated this week
- Proof of Concepts code for Bring Your Own Vulnerable Driver techniques☆210Aug 21, 2025Updated 6 months ago
- ☆60Jun 26, 2022Updated 3 years ago
- Another LLVM-obfuscator based on LLVM-17. A fork of Arkari☆110Feb 18, 2024Updated 2 years ago
- .NET assembly loader with patchless AMSI and ETW bypass☆368Apr 19, 2023Updated 2 years ago
- Helper Script to convert a Windbg dumped structure (using the 'dt' command) into a C structure. It creates dummy structs for you if neede…☆26Aug 11, 2023Updated 2 years ago
- A C# program featuring an all-in-one bypass for CLM, AppLocker and AMSI using Runspace.☆21Jul 31, 2022Updated 3 years ago
- New Framework Red Team Operations☆20Jun 7, 2021Updated 4 years ago
- This comprehensive and central repository is designed for cybersecurity enthusiasts, researchers, and professionals seeking to stay ahead…☆138May 22, 2025Updated 9 months ago
- POC for CVE-2023-29360☆12Aug 31, 2024Updated last year
- CPP AV/EDR Killer☆480Nov 28, 2023Updated 2 years ago
- Translate virtual addresses to physical addresses from usermode.☆104Jun 7, 2024Updated last year
- PhantomsGate: Advanced Shellcode Injection Technique☆26Jul 15, 2024Updated last year
- My POC implementation of HVNC (Hidden VNC / Hidden Desktop)☆28Dec 30, 2024Updated last year
- A set of programs for analyzing common vulnerabilities in COM☆248Sep 8, 2024Updated last year
- Duplicate not owned Token from Running Process☆74Jul 21, 2023Updated 2 years ago
- AV bypass while you sip your Chai!☆224May 17, 2024Updated last year