EvilBytecode/EDR-XDR-AV-Killer external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

EvilBytecode/EDR-XDR-AV-Killer

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/EvilBytecode/EDR-XDR-AV-Killer)

Close

EvilBytecode / EDR-XDR-AV-KillerView on GitHubMore

• External links
• Readme badge

Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver

☆294Apr 21, 2025Updated 10 months ago

Alternatives and similar repositories for EDR-XDR-AV-Killer

Users that are interested in EDR-XDR-AV-Killer are comparing it to the libraries listed below

• EvilBytecode / GoRedOps

  View on GitHub
  🦫 | GoRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team, with a specific…
  ☆659Apr 27, 2025Updated 10 months ago
• senzee1984 / EDRPrison

  View on GitHub
  Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
  ☆458Aug 2, 2024Updated last year
• cybersectroll / TrollUAC

  View on GitHub
  ☆144May 22, 2024Updated last year
• vxCrypt0r / Voidgate

  View on GitHub
  A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…
  ☆592Jun 12, 2024Updated last year
• WKL-Sec / LayeredSyscall

  View on GitHub
  Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
  ☆298Jul 31, 2024Updated last year
• CICADA8-Research / IHxExec

  View on GitHub
  Process injection alternative
  ☆406Sep 6, 2024Updated last year
• MalwareTech / EDR-Preloader

  View on GitHub
  An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
  ☆539Feb 13, 2024Updated 2 years ago
• EvilBytecode / Nyx-Full-Dll-Unhook

  View on GitHub
  (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.
  ☆51May 22, 2025Updated 9 months ago
• antonioCoco / SspiUacBypass

  View on GitHub
  Bypassing UAC with SSPI Datagram Contexts
  ☆461Sep 24, 2023Updated 2 years ago
• 0xEr3bus / RdpStrike

  View on GitHub
  Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.
  ☆250Jun 11, 2024Updated last year
• trickster0 / NamelessC2

  View on GitHub
  Nameless C2 - A C2 with all its components written in Rust
  ☆283Sep 26, 2024Updated last year
• 0xEr3bus / PoolPartyBof

  View on GitHub
  A beacon object file implementation of PoolParty Process Injection Technique.
  ☆434Dec 21, 2023Updated 2 years ago
• BlackSnufkin / NyxInvoke

  View on GitHub
  NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…
  ☆232Feb 12, 2025Updated last year
• berryalen02 / PECracker

  View on GitHub
  针对PE文件的分离的攻防对抗工具，红队、研究者的好帮手。目前支持文件头伪装、证书区段感染。A no-kill confrontation tool for the separation of PE files, a good helper for red teams and…
  ☆287Aug 20, 2024Updated last year
• myzxcg / RealBlindingEDR

  View on GitHub
  Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThrea…
  ☆1,294Jun 21, 2024Updated last year
• SaadAhla / UnhookingPatch

  View on GitHub
  Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime
  ☆314Aug 2, 2023Updated 2 years ago
• Cipher7 / ApexLdr

  View on GitHub
  ApexLdr is a DLL Payload Loader written in C
  ☆117Jul 17, 2024Updated last year
• mertdas / SharpTerminator

  View on GitHub
  Terminate AV/EDR Processes using kernel driver
  ☆352Jun 12, 2023Updated 2 years ago
• Meowmycks / LetMeowIn

  View on GitHub
  A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.
  ☆443Jul 8, 2024Updated last year
• icyguider / UAC-BOF-Bonanza

  View on GitHub
  Collection of UAC Bypass Techniques Weaponized as BOFs
  ☆607Feb 21, 2024Updated 2 years ago
• MaorSabag / TrueSightKiller

  View on GitHub
  CPP AV/EDR Killer
  ☆480Nov 28, 2023Updated 2 years ago
• b1tg / cobaltstrike-beacon-rust

  View on GitHub
  CobaltStrike beacon in rust
  ☆208Aug 10, 2024Updated last year
• Meckazin / ChromeKatz

  View on GitHub
  Dump cookies and credentials directly from Chrome/Edge process memory
  ☆1,408Jan 19, 2026Updated last month
• synacktiv / DLHell

  View on GitHub
  Local & remote Windows DLL Proxying
  ☆169Jun 17, 2024Updated last year
• safedv / RustiveDump

  View on GitHub
  LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and r…
  ☆384Apr 26, 2025Updated 10 months ago
• ricardojoserf / TrickDump

  View on GitHub
  Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!
  ☆539May 9, 2025Updated 9 months ago
• lsecqt / ThreadlessInject-C-Implementation

  View on GitHub
  This repository implements Threadless Injection in C
  ☆172Dec 23, 2023Updated 2 years ago
• EvilBytecode / RubyRedOps

  View on GitHub
  💎 | RubyRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Ruby
  ☆10Apr 21, 2025Updated 10 months ago
• rad9800 / BootExecuteEDR

  View on GitHub
  ☆409Dec 8, 2024Updated last year
• Cipher7 / ChaiLdr

  View on GitHub
  AV bypass while you sip your Chai!
  ☆224May 17, 2024Updated last year
• Cracked5pider / kaine-assembly

  View on GitHub
  a demo module for the kaine agent to execute and inject assembly modules
  ☆41Aug 28, 2024Updated last year
• EvilBytecode / PPID-Spoofing

  View on GitHub
  Parent Process ID Spoofing, coded in CGo.
  ☆24Apr 21, 2025Updated 10 months ago
• AlteredSecurity / Disable-TamperProtection

  View on GitHub
  A POC to disable TamperProtection and other Defender / MDE components
  ☆254Jun 6, 2024Updated last year
• senzee1984 / Amsi_Bypass_In_2023

  View on GitHub
  Amsi Bypass payload that works on Windwos 11
  ☆378Jul 30, 2023Updated 2 years ago
• NtDallas / KrakenMask

  View on GitHub
  Sleep obfuscation
  ☆268Dec 13, 2024Updated last year
• helviojunior / hookchain

  View on GitHub
  HookChain: A new perspective for Bypassing EDR Solutions
  ☆590Jan 5, 2025Updated last year
• f1zm0 / acheron

  View on GitHub
  indirect syscalls for AV/EDR evasion in Go assembly
  ☆371Jun 13, 2023Updated 2 years ago
• ricardojoserf / NativeDump

  View on GitHub
  Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)
  ☆701May 7, 2025Updated 9 months ago
• EvilBytecode / EByte-VBS-Obfuscator-Go

  View on GitHub
  VBS-Obfuscator-GO is a Go-based tool designed for obfuscating VBScript (VBS) files. It transforms readable VBScript code into a less reco…
  ☆38Apr 21, 2025Updated 10 months ago