A C++ based BYOVD (Bring Your Own Vulnerable Driver) security research and testing project. It supports kernel-level operations including privilege escalation, physical memory R/W, and removing process protection via vulnerable drivers
☆88Jul 14, 2026Updated this week
Alternatives and similar repositories for UsingBYOVD
Users that are interested in UsingBYOVD are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- rust wrappers for kernel mode synchronization primitives☆16Feb 14, 2026Updated 5 months ago
- Havoc BOF implementation of BYOVD attack to terminate PPL-protected EDR processes using a signed Microsoft kernel driver.☆39Apr 6, 2026Updated 3 months ago
- Plugx 开源情报集合☆24Dec 10, 2024Updated last year
- BYOVD tool for manipulating Windows Protected Process Light (PPL) protection at the kernel level.☆88May 25, 2026Updated last month
- Binary Hollowing☆99Sep 10, 2024Updated last year
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- ☆22Jan 15, 2025Updated last year
- WebStrike 是一套以 Chromium 系浏览器扩展(Manifest V3) 为受控端点的指挥与控制(C2)套件。与传统以进程/驱动为主的 C2 相比,其工作重心落在 浏览器安全域:在合规授权与攻防演练场景下,可显著降低与终端 EDR 在 进程注入、驱动 、内核回调…☆58Updated this week
- Blocking Windows EDR agents by registering an own IPC-object in the Object Manager’s namespace (CVE-2023-3280, CVE-2024-5909, CVE-2024-20…☆37Feb 27, 2025Updated last year
- 使用 rust 实现 CobaltStrike 的 beacon || Using Rust to implement CobaltStrike's Beacon☆210Jul 5, 2025Updated last year
- A tool uses the QoS Policy (Pacer.sys) to throttle Endpoint Detection and Response (EDR) agents from connecting to the server.☆300Jun 13, 2026Updated last month
- tsh多终端代理通信☆21Feb 26, 2025Updated last year
- EDRUnChoker - fileless WMI defense that removes EDRChoker QoS throttling policies☆43Jun 8, 2026Updated last month
- A nim implementation of sRDI☆20Oct 18, 2023Updated 2 years ago
- Evasive loader for .NET Framework assemblies☆44May 14, 2026Updated 2 months ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- PoC for CVE-2026-3609 - XIGNCODE3 xhunter1.sys handle leak enabling PPL bypass and LSASS dumping☆29May 12, 2026Updated 2 months ago
- A Cobalt Strike BOF implementation of the SilentHarvest registry dumping technique☆182Apr 14, 2026Updated 3 months ago
- 重构Beacon☆166Aug 19, 2024Updated last year
- 常用功能的DLL插件☆87Sep 24, 2025Updated 9 months ago
- bootkit驱动映射,三环进 程注入加载指定模块☆13Oct 8, 2024Updated last year
- Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…☆103Mar 20, 2023Updated 3 years ago
- 集权利用工具☆166Feb 28, 2025Updated last year
- ☆36Mar 4, 2025Updated last year
- create schtasks bypass AV☆24Jul 14, 2024Updated 2 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Another BYOVD process killer. works on all EDR's. fully signed.☆285May 19, 2026Updated last month
- 免杀☆12May 6, 2024Updated 2 years ago
- NSecSoftBYOVD POC☆61Feb 12, 2026Updated 5 months ago
- Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThrea…☆1,321Jun 21, 2024Updated 2 years ago
- An advanced utility for converting Windows Portable Executable (PE) files to position-independent code (PIC) shellcode. It enables execut…☆66Mar 1, 2025Updated last year
- A stealthier approach to WMI-based command execution using Impacket without touching the disk.☆85Mar 15, 2026Updated 3 months ago
- 一种通过进程注入实现强制关闭部分杀软进程的方法(以360安全卫士和360杀毒为例)☆139Dec 26, 2023Updated 2 years ago
- Cobalt Strike BOF that Add a user to localgroup by samr☆142Nov 30, 2022Updated 3 years ago
- BYOVD: Use 360 WFP driver to block EDR/XDR network connection.☆128Feb 10, 2026Updated 5 months ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- AppX RPC Local Privilege Escalation - Windows 10/11☆93May 21, 2026Updated last month
- 主要用于隐藏进程真实路径,进程带windows真签名☆120Oct 15, 2024Updated last year
- rust 免杀,方法记录 - 偶尔更新☆95Apr 25, 2024Updated 2 years ago
- ☆31Apr 2, 2026Updated 3 months ago
- 制作 shellcode 的模板☆32Oct 30, 2024Updated last year
- A fileless C2 framework written in pure x64 Linux Assembly with zero libc dependencies. Features dynamic protocol pivoting between raw IC…☆85Jun 5, 2026Updated last month
- Static analysis & exploitation-triage toolkit for Windows kernel drivers. Discover IOCTLs, Symbolic Links, and check cert , and Downlaods…☆191Apr 27, 2026Updated 2 months ago