JoasASantos/ProcessKiller-BYOVD external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

JoasASantos/ProcessKiller-BYOVD

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/JoasASantos/ProcessKiller-BYOVD)

Close

JoasASantos / ProcessKiller-BYOVDView on GitHubMore

• External links
• Readme badge

BYOVD Technique Example using viragt64 driver

☆80Jul 25, 2024Updated last year

Alternatives and similar repositories for ProcessKiller-BYOVD

Users that are interested in ProcessKiller-BYOVD are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• jdu2600 / EtwTi-FluctuationMonitor

  View on GitHub
  Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections
  ☆172May 17, 2023Updated 2 years ago
• ANYLNK / NSecSoftBYOVD

  View on GitHub
  NSecSoftBYOVD POC
  ☆58Feb 12, 2026Updated last month
• VirtualAlllocEx / Direct-Syscalls-vs-Indirect-Syscalls

  View on GitHub
  The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
  ☆233Jan 20, 2024Updated 2 years ago
• Crowdfense / CVE-2024-21338

  View on GitHub
  Windows AppLocker Driver (appid.sys) LPE
  ☆76Jul 29, 2024Updated last year
• TwoSevenOneT / CreateProcessAsPPL

  View on GitHub
  This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.
  ☆293Nov 1, 2025Updated 5 months ago
• Proton VPN Special Offer - Get 70% off • Ad
  Special partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
• aniko33 / AlcatrazLdr

  View on GitHub
  Evasive shellcode loader with indirect syscalls, Thread name-calling allocation, PoolParty injection
  ☆10Feb 26, 2025Updated last year
• b1-team / phantom

  View on GitHub
  A memory-based evasion technique which makes shellcode invisible from process start to end.
  ☆17Aug 14, 2023Updated 2 years ago
• JoasASantos / Offensive-Windows-Drivers-Development

  View on GitHub
  ☆163Mar 4, 2025Updated last year
• Helixo32 / NimBlackout

  View on GitHub
  Kill AV/EDR leveraging BYOVD attack
  ☆397Jul 11, 2023Updated 2 years ago
• 0xflux / ETW-Bypass-Rust

  View on GitHub
  Event Tracing for Windows EDR bypass in Rust (usermode)
  ☆39Jun 9, 2024Updated last year
• 0xJs / BYOVD_read_write_primitive

  View on GitHub
  Proof of Concepts code for Bring Your Own Vulnerable Driver techniques
  ☆213Aug 21, 2025Updated 7 months ago
• Cobalt-Strike / sleepmask-vs

  View on GitHub
  A simple Sleepmask BOF example
  ☆173Nov 24, 2025Updated 4 months ago
• Faran-17 / Hellshazzard

  View on GitHub
  Indirect Syscall implementation to bypass userland NTAPIs hooking.
  ☆84Aug 13, 2024Updated last year
• joaoviictorti / userdmp

  View on GitHub
  Rust crate to parse user-mode minidump files generated on Windows
  ☆18Nov 17, 2025Updated 4 months ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• BlackSnufkin / BYOVD

  View on GitHub
  BYOVD research use cases featuring vulnerable driver discovery and reverse engineering methodology. (CVE-2025-52915, CVE-2025-1055,).
  ☆659Feb 24, 2026Updated last month
• VoldeSec / PatchlessCLRLoader

  View on GitHub
  .NET assembly loader with patchless AMSI and ETW bypass
  ☆374Apr 19, 2023Updated 2 years ago
• 0xDivyanshu-new / CVE-2023-29360

  View on GitHub
  POC for CVE-2023-29360
  ☆12Aug 31, 2024Updated last year
• Wra7h / PEResourceInject

  View on GitHub
  ☆61Jun 26, 2022Updated 3 years ago
• msmania / hk

  View on GitHub
  Injector with kernel power
  ☆18Jan 2, 2021Updated 5 years ago
• 7h3w4lk3r / Kill-Floor

  View on GitHub
  AV/EDR killer using BYOVD technique
  ☆44Sep 27, 2024Updated last year
• jonomango / superfetch

  View on GitHub
  Translate virtual addresses to physical addresses from usermode.
  ☆112Jun 7, 2024Updated last year
• Wh04m1001 / PICDumper

  View on GitHub
  ☆26Mar 10, 2022Updated 4 years ago
• Real-Cryillic / Sarla

  View on GitHub
  It's what all the kids are talking about
  ☆12Apr 25, 2023Updated 2 years ago
• Proton VPN Special Offer - Get 70% off • Ad
  Special partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
• ShorSec / DllNotificationInjection

  View on GitHub
  A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…
  ☆32Aug 23, 2023Updated 2 years ago
• MaorSabag / TrueSightKiller

  View on GitHub
  CPP AV/EDR Killer
  ☆480Nov 28, 2023Updated 2 years ago
• VoldeSec / PatchlessInlineExecute-Assembly

  View on GitHub
  Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.
  ☆279Apr 17, 2023Updated 2 years ago
• ldematte / HostedPumpkin

  View on GitHub
  Submission, compilation and execution of C# code snippets, using an unmanaged CLR Host
  ☆59Jan 29, 2015Updated 11 years ago
• ajpc500 / BOFs

  View on GitHub
  Collection of Beacon Object Files
  ☆635Nov 1, 2022Updated 3 years ago
• bad0ps3c / HookSentry

  View on GitHub
  Check if your AV/EDR does inline hooking, displays the hooked functions and allows you to compare them with the original ones.
  ☆37Updated this week
• Ghost53574 / havoc_profile_generator

  View on GitHub
  Havoc C2 profile generator
  ☆107Mar 4, 2026Updated 3 weeks ago
• ColeHouston / Sunder

  View on GitHub
  Windows rootkit designed to work with BYOVD exploits
  ☆218Jan 18, 2025Updated last year
• kkent030315 / CVE-2017-9769

  View on GitHub
  A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing…
  ☆14Nov 8, 2020Updated 5 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• dmcxblue / NtCreateUserProcessBOF

  View on GitHub
  An Aggressor Script that utilizes NtCreateUserProcess to run binaries
  ☆31Jan 30, 2025Updated last year
• thomasxm / Akira-obfuscator

  View on GitHub
  Another LLVM-obfuscator based on LLVM-17. A fork of Arkari
  ☆112Feb 18, 2024Updated 2 years ago
• Nero22k / Kernel-Programming-2023

  View on GitHub
  Repository of different kernel drivers written while studying Windows NT Driver development
  ☆12Apr 14, 2024Updated last year
• Offensive-Panda / RWX_MEMEORY_HUNT_AND_INJECTION_DV

  View on GitHub
  Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.
  ☆291May 27, 2024Updated last year
• Kudaes / CustomEntryPoint

  View on GitHub
  Select any exported function in a dll as the new dll's entry point.
  ☆82Oct 25, 2024Updated last year
• Nitr0-G / DriverLoader

  View on GitHub
  it's a driver injector or driver loader header lib(Windows)
  ☆12Aug 5, 2023Updated 2 years ago
• RalfHacker / CVE-2024-26229-exploit

  View on GitHub
  Windows LPE
  ☆139Jun 11, 2024Updated last year