Identifies LOLDrivers that are not blocked by the active HVCI policy — ideal for BYOVD scenarios.
☆79Jul 25, 2025Updated 7 months ago
Alternatives and similar repositories for BYOVDFinder
Users that are interested in BYOVDFinder are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆85Aug 13, 2024Updated last year
- Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…☆13Feb 4, 2024Updated 2 years ago
- A C++/Asm template for PIC/EXE/DLL malware☆24Aug 12, 2025Updated 7 months ago
- Random BOFs for LDAP tradecraft☆74Sep 9, 2025Updated 6 months ago
- ☆38Mar 28, 2025Updated 11 months ago
- Extra cmdlets to help with quering security related information from Azure☆14Sep 16, 2024Updated last year
- This exploit is utilising AddressOfEntryPoint of process which is RX and using WriteProcessMemory internal magic to change the permission…☆18Oct 31, 2024Updated last year
- Mythic C2 Agent written in x64 PIC C☆84Jan 29, 2025Updated last year
- remote process injections using pool party techniques☆70Jun 29, 2025Updated 8 months ago
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆189Jan 17, 2026Updated 2 months ago
- Slaying multi-language LLVM IR with obfuscation passes to achieve JIT execution☆133Dec 24, 2025Updated 2 months ago
- CyberShield 2025 Intro to EDR Evasion Class☆16Jun 3, 2025Updated 9 months ago
- ☆19Sep 17, 2025Updated 6 months ago
- ☆38Jan 7, 2025Updated last year
- A C# implementation that disables Windows Firewall bypassing UAC☆17Oct 23, 2024Updated last year
- Dump LSASS by spoofing command line arguments to procdump.☆20Oct 21, 2024Updated last year
- ☆48Dec 5, 2025Updated 3 months ago
- FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…☆43Apr 6, 2025Updated 11 months ago
- P4wnP1 A.L.O.A. by MaMe82 is a framework which turns a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming…☆33Jul 5, 2025Updated 8 months ago
- A PoC for Early Cascade process injection technique.☆214Jan 30, 2025Updated last year
- Adversary Emulation Framework☆129Jul 1, 2025Updated 8 months ago
- One-header configurable C++20 COFF loader☆21Jul 21, 2025Updated 8 months ago
- ☆127Jan 23, 2025Updated last year
- Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.☆11May 17, 2024Updated last year
- A tool to convert windows registry export files into windows hive files that can be used to replace NTUSER.MAN☆107Jan 26, 2026Updated last month
- Lateral Movement as loggedon User via Speech Named Pipe COM & ISpeechNamedPipe + COM Hijacking☆140Jul 2, 2025Updated 8 months ago
- A chrome extension that shows the time but steals the cookies in the back for demonstration purposes.☆23Mar 10, 2025Updated last year
- HTML smuggling is not an evil, it can be useful☆14Jan 28, 2023Updated 3 years ago
- Local SYSTEM auth trigger for relaying - X☆154Jul 23, 2025Updated 8 months ago
- ☆62Feb 12, 2026Updated last month
- ☆136Feb 11, 2025Updated last year
- Info related to the Outflank training: Microsoft Office Offensive Tradecraft☆52May 16, 2024Updated last year
- A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …☆335Mar 6, 2025Updated last year
- Hide your P/Invoke signatures through other people's signed assemblies☆211Mar 10, 2024Updated 2 years ago
- shell code example☆68Dec 12, 2025Updated 3 months ago
- ☆33Mar 19, 2025Updated last year
- Creating them Golden Tickets☆14Aug 16, 2025Updated 7 months ago
- Azure Post Exploitation Framework☆245Oct 27, 2025Updated 4 months ago
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆268Apr 8, 2025Updated 11 months ago