ZeroMemoryEx/Terminator external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

ZeroMemoryEx/Terminator

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/ZeroMemoryEx/Terminator)

Close

ZeroMemoryEx / TerminatorView on GitHubMore

• External links
• Readme badge

Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes

☆1,040Jun 20, 2023Updated 2 years ago

Alternatives and similar repositories for Terminator

Users that are interested in Terminator are comparing it to the libraries listed below

• ZeroMemoryEx / Blackout

  View on GitHub
  kill anti-malware protected processes ( BYOVD )
  ☆968Jul 21, 2023Updated 2 years ago
• mertdas / SharpTerminator

  View on GitHub
  Terminate AV/EDR Processes using kernel driver
  ☆352Jun 12, 2023Updated 2 years ago
• lem0nSec / ShellGhost

  View on GitHub
  A memory-based evasion technique which makes shellcode invisible from process start to end.
  ☆1,198Oct 16, 2023Updated 2 years ago
• ZeroMemoryEx / Amsi-Killer

  View on GitHub
  Lifetime AMSI bypass
  ☆671Sep 26, 2023Updated 2 years ago
• SaadAhla / FilelessPELoader

  View on GitHub
  Loading Remote AES Encrypted PE in memory , Decrypted it and run it
  ☆1,019Aug 29, 2023Updated 2 years ago
• WKL-Sec / HiddenDesktop

  View on GitHub
  HVNC for Cobalt Strike
  ☆1,298Dec 7, 2023Updated 2 years ago
• ZeroMemoryEx / Chaos-Rootkit

  View on GitHub
  Now You See Me, Now You Don't
  ☆1,024Jan 23, 2026Updated last month
• Dec0ne / HWSyscalls

  View on GitHub
  HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
  ☆718Jul 19, 2023Updated 2 years ago
• kyleavery / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆1,006Jun 4, 2024Updated last year
• reveng007 / DarkWidow

  View on GitHub
  Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
  ☆776Jan 26, 2026Updated last month
• fortra / nanodump

  View on GitHub
  The swiss army knife of LSASS dumping
  ☆2,072Sep 17, 2024Updated last year
• Maldev-Academy / HellHall

  View on GitHub
  Performing Indirect Clean Syscalls
  ☆605Apr 19, 2023Updated 2 years ago
• trustedsec / CS-Remote-OPs-BOF

  View on GitHub
  Remote operations commands implemented using Beacon Object Files
  ☆1,120Updated this week
• netero1010 / EDRSilencer

  View on GitHub
  A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the …
  ☆1,821Nov 3, 2024Updated last year
• klezVirus / SysWhispers3

  View on GitHub
  SysWhispers on Steroids - AV/EDR evasion via direct system calls.
  ☆1,592Jul 31, 2024Updated last year
• wavestone-cdt / EDRSandblast

  View on GitHub
  ☆1,787Aug 30, 2024Updated last year
• antonioCoco / SspiUacBypass

  View on GitHub
  Bypassing UAC with SSPI Datagram Contexts
  ☆461Sep 24, 2023Updated 2 years ago
• Octoberfest7 / Inline-Execute-PE

  View on GitHub
  Execute unmanaged Windows executables in CobaltStrike Beacons
  ☆714Mar 4, 2023Updated 2 years ago
• Dec0ne / DavRelayUp

  View on GitHub
  DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the …
  ☆568Jun 5, 2023Updated 2 years ago
• boku7 / BokuLoader

  View on GitHub
  A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
  ☆1,400Nov 22, 2023Updated 2 years ago
• CCob / ThreadlessInject

  View on GitHub
  Threadless Process Injection using remote function hooking.
  ☆809Sep 4, 2024Updated last year
• 0xEr3bus / PoolPartyBof

  View on GitHub
  A beacon object file implementation of PoolParty Process Injection Technique.
  ☆433Dec 21, 2023Updated 2 years ago
• CognisysGroup / HadesLdr

  View on GitHub
  Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
  ☆293Jul 15, 2023Updated 2 years ago
• XiaoliChan / wmiexec-Pro

  View on GitHub
  New generation of wmiexec.py
  ☆1,254Jan 5, 2026Updated last month
• tastypepperoni / PPLBlade

  View on GitHub
  Protected Process Dumper Tool
  ☆576Aug 30, 2023Updated 2 years ago
• georgesotiriadis / Chimera

  View on GitHub
  Automated DLL Sideloading Tool With EDR Evasion Capabilities
  ☆503Dec 19, 2023Updated 2 years ago
• klezVirus / inceptor

  View on GitHub
  Template-Driven AV/EDR Evasion Framework
  ☆1,777Nov 3, 2023Updated 2 years ago
• optiv / Freeze.rs

  View on GitHub
  Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST
  ☆721Aug 18, 2023Updated 2 years ago
• Yaxser / Backstab

  View on GitHub
  A tool to kill antimalware protected processes
  ☆1,506Jun 19, 2021Updated 4 years ago
• netero1010 / GhostTask

  View on GitHub
  A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
  ☆614Jan 2, 2025Updated last year
• fortra / No-Consolation

  View on GitHub
  A BOF that runs unmanaged PEs inline
  ☆680Oct 23, 2024Updated last year
• wh0amitz / KRBUACBypass

  View on GitHub
  UAC Bypass By Abusing Kerberos Tickets
  ☆508Aug 10, 2023Updated 2 years ago
• myzxcg / RealBlindingEDR

  View on GitHub
  Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThrea…
  ☆1,290Jun 21, 2024Updated last year
• klezVirus / SilentMoonwalk

  View on GitHub
  PoC Implementation of a fully dynamic call stack spoofer
  ☆917Jul 20, 2024Updated last year
• MalwareTech / EDR-Preloader

  View on GitHub
  An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
  ☆539Feb 13, 2024Updated 2 years ago
• Octoberfest7 / DropSpawn_BOF

  View on GitHub
  CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking
  ☆285Jun 8, 2023Updated 2 years ago
• daem0nc0re / TangledWinExec

  View on GitHub
  PoCs and tools for investigation of Windows process execution techniques
  ☆952Feb 2, 2026Updated 3 weeks ago
• matro7sh / BypassAV

  View on GitHub
  This map lists the essential techniques to bypass anti-virus and EDR
  ☆3,155Mar 28, 2025Updated 10 months ago
• pard0p / CallstackSpoofingPOC

  View on GitHub
  C++ self-Injecting dropper based on various EDR evasion techniques.
  ☆427Feb 11, 2024Updated 2 years ago