CyberSecurityUP / ProcessKiller-BYOVDLinks
BYOVD Technique Example using viragt64 driver
β65Updated last year
Alternatives and similar repositories for ProcessKiller-BYOVD
Users that are interested in ProcessKiller-BYOVD are comparing it to the libraries listed below
Sorting:
- Windows AppLocker Driver (appid.sys) LPEβ71Updated last year
- π‘οΈ A multi-user malleable C2 framework targeting Windows. Written in C++ and Pythonβ45Updated last year
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEHβ133Updated 4 months ago
- API Hammering with C++20β49Updated 3 years ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.β83Updated last year
- Evade behavioral analysis by executing malicious code within trusted Microsoft call stacks, patchless hooking library IAT/EAT.β118Updated 3 weeks ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.β66Updated 2 years ago
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".β85Updated 2 years ago
- Simple PoC to locate hooked functions by EDR in ntdll.dllβ45Updated 2 years ago
- shell code exampleβ67Updated 2 weeks ago
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.β103Updated 10 months ago
- Splitting and executing shellcode across multiple pagesβ103Updated 2 years ago
- a demo module for the kaine agent to execute and inject assembly modulesβ42Updated last year
- Various methods of executing shellcodeβ73Updated 2 years ago
- Reimplementation of the KExecDD DSE bypass technique.β55Updated last year
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loaderβ63Updated 2 years ago
- β98Updated last year
- Linux Process Injection via Seccomp Notifierβ78Updated 3 weeks ago
- A POC of a new βthreadlessβ process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and reβ¦β31Updated 2 years ago
- LibWinHttp is a simplified WinHTTP wrapper designed as a Crystal Palace shared library for implant development. Its primary purpose is toβ¦β41Updated last month
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process holβ¦β70Updated last year
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.β52Updated last year
- Shellcode Loader Utilizing ETW Eventsβ67Updated 10 months ago
- XOR decrypting shellcode using the GPU with OpenCL.β118Updated 7 months ago
- A 64-bit, position-independent code reverse TCP shell for Windows β built in Rust.β85Updated 8 months ago
- A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.β74Updated last year
- Demoting PPL anti-malware services to less than a guest userβ66Updated 11 months ago
- lsassdump via RtlCreateProcessReflection and NanoDumpβ85Updated last year
- Exploiting the KsecDD Windows driver through Server Silosβ75Updated last year
- early cascade injection PoC based on Outflanks blog post, in rustβ61Updated last year