ZeroMemoryEx/Terminator

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/ZeroMemoryEx/Terminator)

ZeroMemoryEx / Terminator

Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes

☆1,044

Alternatives and similar repositories for Terminator

Users that are interested in Terminator are comparing it to the libraries listed below

Sorting:

ZeroMemoryEx / Blackout
View on GitHub
kill anti-malware protected processes ( BYOVD )
☆968Jul 21, 2023Updated 2 years ago
mertdas / SharpTerminator
View on GitHub
Terminate AV/EDR Processes using kernel driver
☆352Jun 12, 2023Updated 2 years ago
ZeroMemoryEx / Amsi-Killer
View on GitHub
Lifetime AMSI bypass
☆671Sep 26, 2023Updated 2 years ago
lem0nSec / ShellGhost
View on GitHub
A memory-based evasion technique which makes shellcode invisible from process start to end.
☆1,198Oct 16, 2023Updated 2 years ago
WKL-Sec / HiddenDesktop
View on GitHub
HVNC for Cobalt Strike
☆1,304Dec 7, 2023Updated 2 years ago
SaadAhla / FilelessPELoader
View on GitHub
Loading Remote AES Encrypted PE in memory , Decrypted it and run it
☆1,023Aug 29, 2023Updated 2 years ago
ZeroMemoryEx / Chaos-Rootkit
View on GitHub
Now You See Me, Now You Don't
☆1,028Jan 23, 2026Updated last month
Dec0ne / HWSyscalls
View on GitHub
HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
☆719Jul 19, 2023Updated 2 years ago
kyleavery / AceLdr
View on GitHub
Cobalt Strike UDRL for memory scanner evasion.
☆1,008Jun 4, 2024Updated last year
fortra / nanodump
View on GitHub
The swiss army knife of LSASS dumping
☆2,081Sep 17, 2024Updated last year
reveng007 / DarkWidow
View on GitHub
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
☆787Jan 26, 2026Updated last month
Maldev-Academy / HellHall
View on GitHub
Performing Indirect Clean Syscalls
☆605Apr 19, 2023Updated 2 years ago
netero1010 / EDRSilencer
View on GitHub
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the …
☆1,828Nov 3, 2024Updated last year
trustedsec / CS-Remote-OPs-BOF
View on GitHub
Remote operations commands implemented using Beacon Object Files
☆1,139Mar 5, 2026Updated 2 weeks ago
wavestone-cdt / EDRSandblast
View on GitHub
☆1,793Aug 30, 2024Updated last year
Octoberfest7 / Inline-Execute-PE
View on GitHub
Execute unmanaged Windows executables in CobaltStrike Beacons
☆714Mar 4, 2023Updated 3 years ago
antonioCoco / SspiUacBypass
View on GitHub
Bypassing UAC with SSPI Datagram Contexts
☆465Sep 24, 2023Updated 2 years ago
CCob / ThreadlessInject
View on GitHub
Threadless Process Injection using remote function hooking.
☆810Sep 4, 2024Updated last year
boku7 / BokuLoader
View on GitHub
A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
☆1,401Nov 22, 2023Updated 2 years ago
0xEr3bus / PoolPartyBof
View on GitHub
A beacon object file implementation of PoolParty Process Injection Technique.
☆436Dec 21, 2023Updated 2 years ago
klezVirus / SysWhispers3
View on GitHub
SysWhispers on Steroids - AV/EDR evasion via direct system calls.
☆1,601Jul 31, 2024Updated last year
tastypepperoni / PPLBlade
View on GitHub
Protected Process Dumper Tool
☆583Aug 30, 2023Updated 2 years ago
Dec0ne / DavRelayUp
View on GitHub
DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the …
☆568Jun 5, 2023Updated 2 years ago
georgesotiriadis / Chimera
View on GitHub
Automated DLL Sideloading Tool With EDR Evasion Capabilities
☆505Dec 19, 2023Updated 2 years ago
klezVirus / inceptor
View on GitHub
Template-Driven AV/EDR Evasion Framework
☆1,784Nov 3, 2023Updated 2 years ago
XiaoliChan / wmiexec-Pro
View on GitHub
New generation of wmiexec.py
☆1,269Jan 5, 2026Updated 2 months ago
myzxcg / RealBlindingEDR
View on GitHub
Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThrea…
☆1,295Jun 21, 2024Updated last year
netero1010 / GhostTask
View on GitHub
A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
☆618Jan 2, 2025Updated last year
fortra / No-Consolation
View on GitHub
A BOF that runs unmanaged PEs inline
☆683Oct 23, 2024Updated last year
optiv / Freeze.rs
View on GitHub
Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST
☆722Aug 18, 2023Updated 2 years ago
Kudaes / EPI
View on GitHub
Threadless Process Injection through entry point hijacking
☆351Sep 10, 2024Updated last year
klezVirus / SilentMoonwalk
View on GitHub
PoC Implementation of a fully dynamic call stack spoofer
☆926Jul 20, 2024Updated last year
gabriellandau / PPLFault
View on GitHub
☆564Feb 22, 2024Updated 2 years ago
CognisysGroup / HadesLdr
View on GitHub
Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
☆293Jul 15, 2023Updated 2 years ago
MaorSabag / TrueSightKiller
View on GitHub
CPP AV/EDR Killer
☆480Nov 28, 2023Updated 2 years ago
S3cur3Th1sSh1t / Ruy-Lopez
View on GitHub
☆319Jun 28, 2023Updated 2 years ago
wh0amitz / KRBUACBypass
View on GitHub
UAC Bypass By Abusing Kerberos Tickets
☆507Aug 10, 2023Updated 2 years ago
pard0p / CallstackSpoofingPOC
View on GitHub
C++ self-Injecting dropper based on various EDR evasion techniques.
☆426Feb 11, 2024Updated 2 years ago
MalwareTech / EDR-Preloader
View on GitHub
An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
☆542Feb 13, 2024Updated 2 years ago