Alternatives and similar repositories for BYOVD-DriverKiller

Users that are interested in BYOVD-DriverKiller are comparing it to the libraries listed below

• EvilBytecode / Ebyte-Syscalls

  View on GitHub
  Obfuscating function calls using Vectored Exception Handlers by redirecting execution through exception-based control flow. Uses byte swa…
  ☆114Oct 30, 2025Updated 3 months ago
• The-Viper-One / Invoke-PassTheCert

  View on GitHub
  Pure PowerShell port of PassTheCert tool to authenticate to an LDAP/S server with a certificate through Schannel
  ☆59Apr 13, 2025Updated 10 months ago
• winsecurity / AMSI-Bypass-HWBP

  View on GitHub
  ☆26Aug 11, 2025Updated 6 months ago
• volticks / CVE-2025-21692-poc

  View on GitHub
  Proof of concept source code and misc files for my CVE-2025-21692 exploit, kernel version 6.6.75
  ☆39Sep 16, 2025Updated 4 months ago
• whokilleddb / funcshenanigans

  View on GitHub
  A bunch of shenanigans using functions, VEH and more
  ☆37Jun 8, 2025Updated 8 months ago
• pwardle / ReflectiveLoader

  View on GitHub
  A Reflective Loader for macOS
  ☆146Jul 20, 2025Updated 6 months ago
• ioncodes / SilentLoad

  View on GitHub
  "Service-less" driver loading
  ☆184Nov 28, 2024Updated last year
• mwnickerson / COMHijackBOF

  View on GitHub
  ☆37Nov 25, 2025Updated 2 months ago
• ahron-chet / GuardBypassToolkit

  View on GitHub
  A tool that bypasses Windows Defender by manually loading DLLs, parsing EAT directly, and updating IAT with unhooked functions to run M…
  ☆21Jul 14, 2024Updated last year
• JohnSwiftC / rustdllproxy

  View on GitHub
  Generate Proxy DLLs in Rust
  ☆47Sep 2, 2025Updated 5 months ago
• pard0p / Remote-BOF-Runner

  View on GitHub
  Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …
  ☆88Jan 2, 2026Updated last month
• Teach2Breach / snapinject_rs

  View on GitHub
  A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …
  ☆50Jan 25, 2025Updated last year
• R41N3RZUF477 / QuickAssist_UAC_Bypass

  View on GitHub
  UAC Bypass using UIAccess program QuickAssist
  ☆208Nov 30, 2025Updated 2 months ago
• klezVirus / AIDA64DRIVER-EoP

  View on GitHub
  AIDA64DRIVER Elevation of Privilege Vulnerability
  ☆16Oct 25, 2024Updated last year
• RedyOpsResearchLabs / CVE-2020-7283-McAfee-Total-Protection-MTP-16.0.R26-EoP

  View on GitHub
  ☆13Jul 14, 2020Updated 5 years ago
• Pwnd4 / DefenseEvasion

  View on GitHub
  Bypassing AV, EDR, Application Whitelisting and ASR Rules
  ☆13Apr 18, 2023Updated 2 years ago
• SecTheBit / MalDevelopment

  View on GitHub
  All my POC related to malware development
  ☆14May 13, 2024Updated last year
• cybersectroll / TrollAMSIdotnet

  View on GitHub
  ☆16Jun 15, 2025Updated 8 months ago
• zxd1994 / IoInject

  View on GitHub
  无痕注入1
  ☆11Jun 1, 2021Updated 4 years ago
• KickedDroid / loadstar

  View on GitHub
  A different approach to writing BOFs in rust.
  ☆18Aug 20, 2025Updated 5 months ago
• RATandC2 / FilelessNtdllReflection

  View on GitHub
  Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…
  ☆16Jan 7, 2023Updated 3 years ago
• rad9800 / BootExecuteEDR

  View on GitHub
  ☆409Dec 8, 2024Updated last year
• almounah / go-buena-clr

  View on GitHub
  Good CLR Host with Native patchless AMSI Bypass
  ☆102Apr 18, 2025Updated 9 months ago
• Teach2Breach / rpeloader

  View on GitHub
  use python on windows with full submodule support without installation
  ☆30Jan 23, 2025Updated last year
• DarkSpaceSecurity / DocEx

  View on GitHub
  APT Emulation tool to exfiltrate sensitive .docx, .pptx, .xlsx, .pdf files
  ☆96Apr 2, 2025Updated 10 months ago
• 0xHossam / HuffLoader

  View on GitHub
  Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.
  ☆282Apr 6, 2025Updated 10 months ago
• TwoSevenOneT / EDR-Redir

  View on GitHub
  EDR-Redir : a tool used to redirect the EDR's folder to another location.
  ☆222Nov 6, 2025Updated 3 months ago
• evm-sec / high-pcode

  View on GitHub
  Output high level Pcode (PcodeAST) in Ghidra
  ☆16Apr 7, 2023Updated 2 years ago
• 0x3rhy / BOF-DCOMPotato-PrintNotify

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…
  ☆13Feb 4, 2024Updated 2 years ago
• audibleblink / dllexical

  View on GitHub
  easy dll proxying in go
  ☆14Apr 24, 2022Updated 3 years ago
• TheManticoreProject / FindOldSIDTraces

  View on GitHub
  A cross-platform tool to find traces of old SIDs remaining in LDAP objects of the Active Directory
  ☆25Jun 29, 2025Updated 7 months ago
• youlha1 / thebear

  View on GitHub
  the bear is an infostealer (grabber) malware written in C and assembly with the focus on evading detection.
  ☆13Sep 8, 2024Updated last year
• elceef / yara-rulz

  View on GitHub
  Collection of generic YARA rules
  ☆16Aug 17, 2025Updated 5 months ago
• Lavender-exe / WKL-Tools

  View on GitHub
  List of tools to use in the Advance Red Team Operations course from White Knight Labs
  ☆14Dec 22, 2024Updated last year
• 0xRedpoll / ludus_mythic_teamserver

  View on GitHub
  Ludus role for deploying a Mythic Teamserver onto Linux servers
  ☆23Mar 16, 2025Updated 10 months ago
• tehstoni / LexiCrypt

  View on GitHub
  Shellcode encryptor using a substitution cipher with a randomly generated key.
  ☆142Jan 18, 2025Updated last year
• RedTeamPentesting / keycred

  View on GitHub
  Generate and Manage KeyCredentialLinks
  ☆241Jan 30, 2026Updated 2 weeks ago
• MythicAgents / Xenon

  View on GitHub
  A Mythic agent for Windows written in C
  ☆156Feb 7, 2026Updated last week
• brosck / L1LKiller

  View on GitHub
  「⚠️」Performing a BYOVD on the truesight.sys driver
  ☆44Dec 7, 2024Updated last year