BYOVD Technique Example using viragt64 driver
☆77Jul 25, 2024Updated last year
Alternatives and similar repositories for ProcessKiller-BYOVD
Users that are interested in ProcessKiller-BYOVD are comparing it to the libraries listed below
Sorting:
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆169May 17, 2023Updated 2 years ago
- NSecSoftBYOVD POC☆58Feb 12, 2026Updated last month
- Evasive shellcode loader with indirect syscalls, Thread name-calling allocation, PoolParty injection☆10Feb 26, 2025Updated last year
- Windows AppLocker Driver (appid.sys) LPE☆76Jul 29, 2024Updated last year
- ☆164Mar 4, 2025Updated last year
- The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls☆229Jan 20, 2024Updated 2 years ago
- Event Tracing for Windows EDR bypass in Rust (usermode)☆39Jun 9, 2024Updated last year
- It's what all the kids are talking about☆12Apr 25, 2023Updated 2 years ago
- This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.☆295Nov 1, 2025Updated 4 months ago
- Proof of Concepts code for Bring Your Own Vulnerable Driver techniques☆210Aug 21, 2025Updated 6 months ago
- Rust crate to parse user-mode minidump files generated on Windows☆18Nov 17, 2025Updated 3 months ago
- Translate virtual addresses to physical addresses from usermode.☆109Jun 7, 2024Updated last year
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆30Jan 30, 2025Updated last year
- AV/EDR killer using BYOVD technique☆44Sep 27, 2024Updated last year
- A memory-based evasion technique which makes shellcode invisible from process start to end.☆17Aug 14, 2023Updated 2 years ago
- ☆20Mar 21, 2024Updated last year
- Kill AV/EDR leveraging BYOVD attack☆394Jul 11, 2023Updated 2 years ago
- Submission, compilation and execution of C# code snippets, using an unmanaged CLR Host☆53Jan 29, 2015Updated 11 years ago
- Windows rootkit designed to work with BYOVD exploits☆217Jan 18, 2025Updated last year
- Injector with kernel power☆18Jan 2, 2021Updated 5 years ago
- Havoc C2 profile generator☆105Mar 4, 2026Updated last week
- Playing with packets in C#☆15Aug 16, 2024Updated last year
- Select any exported function in a dll as the new dll's entry point.☆82Oct 25, 2024Updated last year
- ☆26Mar 10, 2022Updated 4 years ago
- Helper Script to convert a Windbg dumped structure (using the 'dt' command) into a C structure. It creates dummy structs for you if neede…☆26Aug 11, 2023Updated 2 years ago
- BYOVD research use cases featuring vulnerable driver discovery and reverse engineering methodology. (CVE-2025-52915, CVE-2025-1055,).☆616Feb 24, 2026Updated 2 weeks ago
- ☆61Jun 26, 2022Updated 3 years ago
- Another LLVM-obfuscator based on LLVM-17. A fork of Arkari☆111Feb 18, 2024Updated 2 years ago
- .NET assembly loader with patchless AMSI and ETW bypass☆373Apr 19, 2023Updated 2 years ago
- A C# program featuring an all-in-one bypass for CLM, AppLocker and AMSI using Runspace.☆21Jul 31, 2022Updated 3 years ago
- New Framework Red Team Operations☆20Jun 7, 2021Updated 4 years ago
- POC for CVE-2023-29360☆12Aug 31, 2024Updated last year
- Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.☆276Apr 17, 2023Updated 2 years ago
- This comprehensive and central repository is designed for cybersecurity enthusiasts, researchers, and professionals seeking to stay ahead…☆139May 22, 2025Updated 9 months ago
- CPP AV/EDR Killer☆479Nov 28, 2023Updated 2 years ago
- PhantomsGate: Advanced Shellcode Injection Technique☆27Jul 15, 2024Updated last year
- My POC implementation of HVNC (Hidden VNC / Hidden Desktop)☆28Dec 30, 2024Updated last year
- A set of programs for analyzing common vulnerabilities in COM☆249Sep 8, 2024Updated last year
- A simple Sleepmask BOF example☆169Nov 24, 2025Updated 3 months ago