abusing Process Hacker driver to terminate other processes (BYOVD)
☆83May 23, 2023Updated 2 years ago
Alternatives and similar repositories for Overlord
Users that are interested in Overlord are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Bypass Malware Sandbox Evasion Ram check☆139Jan 3, 2023Updated 3 years ago
- kill anti-malware protected processes ( BYOVD )☆978Jul 21, 2023Updated 2 years ago
- Hook system calls on Windows by using Kaspersky's hypervisor☆17Dec 25, 2024Updated last year
- Kernel Mode Driver for Elevating Process Privileges☆132Mar 23, 2023Updated 3 years ago
- This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for loc…☆55May 8, 2023Updated 3 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes☆1,055Jun 20, 2023Updated 2 years ago
- Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime☆312Aug 2, 2023Updated 2 years ago
- APT38 Tactic PoC for Stealing 0days from security researchers☆336May 30, 2025Updated 11 months ago
- Bypass Malware Time Delays☆105Sep 23, 2022Updated 3 years ago
- Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote m…☆174Apr 27, 2023Updated 3 years ago
- A simple BOF (Beacon Object File) to search files in the system☆17Dec 2, 2023Updated 2 years ago
- Coffee is a loader for ELF (Executable and Linkable Format) object files written in Rust. Coffee是一个用Rust语言编写的ELF object文件的加载器☆63Apr 29, 2024Updated 2 years ago
- Now You See Me, Now You Don't☆1,046Jan 23, 2026Updated 3 months ago
- Hide Port In Windows☆42Oct 24, 2024Updated last year
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Implementation of ITaskHandler in C++☆14Feb 11, 2023Updated 3 years ago
- bring your own vulnerable driver☆119May 17, 2023Updated 3 years ago
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆180Feb 10, 2023Updated 3 years ago
- simple user-mode Rootkit☆106Oct 24, 2022Updated 3 years ago
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆94Mar 23, 2023Updated 3 years ago
- PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.☆625Sep 26, 2023Updated 2 years ago
- Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2☆295Jul 15, 2023Updated 2 years ago
- Lifetime AMSI bypass☆676Sep 26, 2023Updated 2 years ago
- Threadless Process Injection using remote function hooking.☆817Sep 4, 2024Updated last year
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- C or BOF file to extract WebKit master key to decrypt user cookie☆207Apr 29, 2024Updated 2 years ago
- dlopen() filelessly a shared object or even a program (and run it).☆58Aug 31, 2023Updated 2 years ago
- use aswArPot.sys to kill process☆69Aug 26, 2022Updated 3 years ago
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆46Jul 16, 2023Updated 2 years ago
- Execute unmanaged Windows executables in CobaltStrike Beacons☆721Mar 4, 2023Updated 3 years ago
- Simple x86 Trampoline Hook☆44Aug 3, 2022Updated 3 years ago
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modules☆43May 6, 2023Updated 3 years ago
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆799Jan 26, 2026Updated 3 months ago
- SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and publishe…☆63Aug 31, 2022Updated 3 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Bypassing UAC with SSPI Datagram Contexts☆468Sep 24, 2023Updated 2 years ago
- EDR Detector that can find what kind of endpoint solution is being used according to drivers in the system.☆95Nov 5, 2021Updated 4 years ago
- This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …☆267Apr 29, 2023Updated 3 years ago
- ☆569Feb 22, 2024Updated 2 years ago
- PE obfuscator with Evasion in mind☆215Apr 25, 2023Updated 3 years ago
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆204Aug 2, 2023Updated 2 years ago
- Small PoC of using a Microsoft signed executable as a lolbin.☆143Feb 27, 2023Updated 3 years ago