Alternatives and similar repositories for byovd-watchdog

Users that are interested in byovd-watchdog are comparing it to the libraries listed below

• cbwang505 / FilesystemEoPDesktopSystemShell
  Folder Or File Delete to Get System Shell on Current Session Desktop
  ☆45Updated 8 months ago
• SafeBreach-Labs / CortexVortex
  ☆80Updated last year
• whokilleddb / sinister-vsix
  Blog/Journal on how to backdoor VSCode extensions
  ☆73Updated last month
• 0xTriboulet / rssh-rs
  ☆53Updated 3 months ago
• fin3ss3g0d / NativeThreadpool
  Work, timer, and wait callback example using solely Native Windows APIs.
  ☆89Updated last year
• Karkas66 / CelestialSpark
  Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …
  ☆103Updated 5 months ago
• 0xv1n / Havoc-ProfileGenerator
  malleable profile generator GUI for Havoc
  ☆55Updated 2 years ago
• tccontre / Reg-Restore-Persistence-Mole
  a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…
  ☆51Updated 2 years ago
• HullaBrian / COMmander
  .NET tool used to enrich RPC telemetry
  ☆100Updated 3 months ago
• zarkones / BloodfangC2
  Modern PIC implant for Windows (64 & 32 bit)
  ☆103Updated last month
• dmcxblue / WSL-Payloads
  A small How-To on creating your own weaponized WSL file
  ☆115Updated last month
• Teach2Breach / hollow_rs
  A Rust PoC implementation of the Early Bird process hollowing technique, inspired by https://github.com/boku7/HOLLOW.
  ☆30Updated 7 months ago
• offalltn / gitC2
  POC of GITHUB simple C2 in rust
  ☆52Updated last month
• HulkOperator / AuthStager
  ☆58Updated 10 months ago
• reveng007 / AMSI-patches-learned-till-now
  I have documented all of the AMSI patches that I learned till now
  ☆73Updated 5 months ago
• pygrum / gimmick
  Section-based payload obfuscation technique for x64
  ☆64Updated last year
• Octoberfest7 / Enumprotections_BOF
  A BOF to enumerate system process, their protection levels, and more.
  ☆119Updated 9 months ago
• kr0tt / EarlyExceptionHandling
  Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH
  ☆62Updated 2 weeks ago
• OtterHacker / Hooker
  ☆108Updated 10 months ago
• Kudaes / CustomEntryPoint
  Select any exported function in a dll as the new dll's entry point.
  ☆82Updated 10 months ago
• flostyen / windows-persistence
  Windows Persistence IT-Security
  ☆104Updated 6 months ago
• ghostbyt3 / BYOVDFinder
  Identifies LOLDrivers that are not blocked by the active HVCI policy — ideal for BYOVD scenarios.
  ☆69Updated last month
• oldboy21 / JayFinder
  Find DLLs with RWX section
  ☆81Updated 2 years ago
• Faran-17 / Hellshazzard
  Indirect Syscall implementation to bypass userland NTAPIs hooking.
  ☆84Updated last year
• zero2504 / FrostLock-Injection
  FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…
  ☆27Updated 5 months ago
• rad9800 / FileRenameJunctionsEDRDisable
  ☆157Updated 9 months ago
• tijme / conferences
  Some of the presentations, workshops, and labs I gave at public conferences.
  ☆34Updated last week
• xalicex / LOLDrivers_finder
  ☆87Updated 2 years ago
• 0xRedpoll / SignalKeyBOF
  BOF to decrypt Signal Desktop chat logs
  ☆71Updated 6 months ago
• inb1ts / birdnet-poc
  Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.
  ☆40Updated 2 years ago