BYOVD tool for manipulating Windows Protected Process Light (PPL) protection at the kernel level.
☆88May 25, 2026Updated last month
Alternatives and similar repositories for PPLShade
Users that are interested in PPLShade are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Another BYOVD process killer. works on all EDR's. fully signed.☆285May 19, 2026Updated last month
- Activation Context Hijacking Evasion Tool☆293Jun 17, 2026Updated 3 weeks ago
- Kernel Process Termination Tool ( CVE-2026-0828 exploit)☆37Apr 2, 2026Updated 3 months ago
- Havoc BOF implementation of BYOVD attack to terminate PPL-protected EDR processes using a signed Microsoft kernel driver.☆39Apr 6, 2026Updated 3 months ago
- Combining KslDump and GhostKatz to dump LSASS using no-fix KslD.sys memory read to bypass PPL. Extracts MSV1_0 NT hashes and WDigest clea…☆73Mar 25, 2026Updated 3 months ago
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- A credential extraction BOF for Veeam Backup and Replication and Veeam One☆78Jul 1, 2026Updated last week
- Async BOF to automatically extract or renew Kerberos TGTs on a target system.☆134Updated this week
- Async port scanner BOF. Supports IP/port ranges, CIDR notation and hostnames.☆18Jun 17, 2026Updated 3 weeks ago
- ☆42Jul 1, 2026Updated last week
- PolyEngine is an evasive PE packer designed for CTF challenges and low-level Windows security education. It focuses on bypassing EDR and …☆147Jun 10, 2026Updated last month
- Repository hosting a hypothetical EDR Spoofer, as discovered originally by Nightmare-Eclipse☆41May 27, 2026Updated last month
- KslDump — Why bring your own knife when Defender already left one in the kitchen?☆392Apr 13, 2026Updated 3 months ago
- Crystal Palace Evasion kit for Sliver☆96Jun 13, 2026Updated last month
- Set of PoC to abuse Windows minifilters functionality☆93May 1, 2026Updated 2 months ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Evasive loader for .NET Framework assemblies☆44May 14, 2026Updated 2 months ago
- BOF POC of the DSCourier project / invoking WinGet via COM☆90Apr 23, 2026Updated 2 months ago
- Polymorphic PE rewriter for Windows x64 , rewrites binaries into semantically identical but byte-different variants☆192Jun 6, 2026Updated last month
- A C++ based BYOVD (Bring Your Own Vulnerable Driver) security research and testing project. It supports kernel-level operations including…☆88Updated this week
- Modify machine code in binaries with alternative x64 assembly opcodes for AV evasion☆225Jul 7, 2026Updated last week
- A Cobalt Strike BOF implementation of the SilentHarvest registry dumping technique☆182Apr 14, 2026Updated 3 months ago
- Beacon Object File to Enable Chrome DevTools Protocol (CDP)☆116Jul 1, 2026Updated last week
- open source port/reimplementation of the Cobalt Strike BOF Loader as is☆73Mar 8, 2026Updated 4 months ago
- A compiled language for Windows position-independent x86-64 shellcode and Beacon Object Files.☆170Jun 28, 2026Updated 2 weeks ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- A simple research-focused AES-based shellcode loader demonstrating in-memory execution and NTAPI techniques to help understand how custom…☆49Feb 19, 2026Updated 4 months ago
- Another new coercion primitive with LPE - machine-account NTLM coercion from a non-admin user via Windows Store InstallService plugin res…☆86Jun 20, 2026Updated 3 weeks ago
- A tool uses the QoS Policy (Pacer.sys) to throttle Endpoint Detection and Response (EDR) agents from connecting to the server.☆300Jun 13, 2026Updated last month
- A way to maintain long-term access to Windows LAPS for lateral movement in AD via installing an Offensive LAPS RPC backdoor on a DC.☆30Jun 9, 2025Updated last year
- Havoc C2 BOF port of the KslD.sys BYOVD technique. Credential extraction from lsass via physical memory — no OpenProcess, no auditable AP…☆142Apr 22, 2026Updated 2 months ago
- Evasive loader for .NET Framework assemblies☆82May 12, 2026Updated 2 months ago
- A sleepmask based on Ekko that preserves unwind data at sleep time.☆54Mar 30, 2026Updated 3 months ago
- Full exploit code for CVE-2026-40369 - A Windows kernel arbitrary write vulnerability that allows browser sandbox escape from all browser…☆254May 18, 2026Updated last month
- A POC tool for exploring dev-tunnels☆66May 5, 2026Updated 2 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Next-Generation BOF Template | BOF Linter | Obj Rewriter☆58Dec 4, 2025Updated 7 months ago
- Monitor the Windows Event Log with grep-like features or filtering for specific Event IDs☆134Mar 26, 2026Updated 3 months ago
- a minimal, position-independent C shellcode framework for Windows x64. compiles entirely on Linux☆61Jun 13, 2026Updated last month
- PoC for CVE-2026-3609 - XIGNCODE3 xhunter1.sys handle leak enabling PPL bypass and LSASS dumping☆29May 12, 2026Updated 2 months ago
- AdaptixC2 default beacon agent extended to support Crystal Palace loaders.☆62May 4, 2026Updated 2 months ago
- Static analysis & exploitation-triage toolkit for Windows kernel drivers. Discover IOCTLs, Symbolic Links, and check cert , and Downlaods…☆191Apr 27, 2026Updated 2 months ago
- Convert your shellcode into an ASCII string☆128Jun 27, 2025Updated last year