γπγProof of concept on BYOVD attack
β166Dec 7, 2024Updated last year
Alternatives and similar repositories for Reaper
Users that are interested in Reaper are comparing it to the libraries listed below
Sorting:
- β60Dec 15, 2023Updated 2 years ago
- C# AV/EDR Killer using less-known driver (BYOVD)β185Nov 10, 2023Updated 2 years ago
- Terminate AV/EDR leveraging BYOVD attackβ103Mar 21, 2025Updated last year
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.β290May 27, 2024Updated last year
- Terminate AV/EDR Processes using kernel driverβ352Jun 12, 2023Updated 2 years ago
- An interactive shell to spoof some LOLBins command lineβ188Jan 27, 2024Updated 2 years ago
- A variation of ProcessOverwriting to execute shellcode on an executable's sectionβ148Dec 16, 2023Updated 2 years ago
- Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.β408Mar 16, 2026Updated last week
- γβ οΈγPerforming a BYOVD on the truesight.sys driverβ44Dec 7, 2024Updated last year
- CIA UAC bypass implementation of Stinger that obtains the token from an auto-elevated process, modifies it, and reuses it to execute as Aβ¦β302Feb 2, 2026Updated last month
- γβοΈγDetect which native Windows API's (NtAPI) are being hookedβ39Dec 7, 2024Updated last year
- β123Oct 9, 2023Updated 2 years ago
- Lateral Movement via the .NET Profilerβ100Nov 21, 2024Updated last year
- Modify managed functions from unmanaged codeβ53Feb 1, 2024Updated 2 years ago
- Kill AV/EDR leveraging BYOVD attackβ394Jul 11, 2023Updated 2 years ago
- β70Oct 30, 2023Updated 2 years ago
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.β326Apr 12, 2024Updated last year
- Basic interactive Windows kernel offensive toolkit written in Cβ137Sep 20, 2025Updated 6 months ago
- Work, timer, and wait callback example using solely Native Windows APIs.β88Feb 11, 2024Updated 2 years ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it uselessβ39Jul 12, 2024Updated last year
- Source generator to add D/Invoke and indirect syscall methods to a C# project.β190Mar 4, 2024Updated 2 years ago
- An App Domain Manager Injection DLL PoC on steroidsβ212Dec 14, 2023Updated 2 years ago
- γπ§±γTest a list of payloads and see if you can bypass itβ62Jun 4, 2022Updated 3 years ago
- Reproducing Spyboy technique to terminate all EDR/XDR/AVs processesβ1,044Jun 20, 2023Updated 2 years ago
- Exploitation of echo_driver.sysβ170Sep 16, 2023Updated 2 years ago
- kill anti-malware protected processes ( BYOVD )β968Jul 21, 2023Updated 2 years ago
- A memory-based evasion technique which makes shellcode invisible from process start to end.β1,198Oct 16, 2023Updated 2 years ago
- Deobfuscation of XorStringsNetβ14Nov 5, 2024Updated last year
- Analyse your malware to surgically obfuscate itβ524Dec 17, 2025Updated 3 months ago
- Remote Shellcode Injectorβ219Aug 27, 2023Updated 2 years ago
- Bypass the Event Trace Windows(ETW) and unhook ntdll.β116Sep 29, 2023Updated 2 years ago
- Automated DLL Sideloading Tool With EDR Evasion Capabilitiesβ505Dec 19, 2023Updated 2 years ago
- RDPCredentialStealer it's an implant that steal credentials provided by users in RDP using API Hooking with Detours in C++β263Mar 11, 2026Updated last week
- A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.β444Jul 8, 2024Updated last year
- RunPE implementation with multiple evasive techniques (1)β384Sep 22, 2023Updated 2 years ago
- C++ self-Injecting dropper based on various EDR evasion techniques.β426Feb 11, 2024Updated 2 years ago
- .net config loaderβ349Nov 9, 2023Updated 2 years ago
- Execute shellcode files with rundll32β218Jan 28, 2024Updated 2 years ago
- Extracting NetNTLM without touching lsass.exeβ244Nov 27, 2023Updated 2 years ago