xalicex/Killers

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/xalicex/Killers)

xalicex / Killers

Exploitation of process killer drivers

☆202

Alternatives and similar repositories for Killers

Users that are interested in Killers are comparing it to the libraries listed below

Sorting:

ZeroMemoryEx / Blackout
View on GitHub
kill anti-malware protected processes ( BYOVD )
☆968Jul 21, 2023Updated 2 years ago
Idov31 / Jormungandr
View on GitHub
Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
☆243Sep 26, 2023Updated 2 years ago
ZeroMemoryEx / Terminator
View on GitHub
Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes
☆1,042Jun 20, 2023Updated 2 years ago
reveng007 / DarkWidow
View on GitHub
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
☆779Jan 26, 2026Updated last month
iilegacyyii / ThreadlessInject-BOF
View on GitHub
BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released a…
☆394Jan 9, 2024Updated 2 years ago
Kudaes / EPI
View on GitHub
Threadless Process Injection through entry point hijacking
☆350Sep 10, 2024Updated last year
senzee1984 / InflativeLoading
View on GitHub
Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
☆325Apr 12, 2024Updated last year
xalicex / LOLDrivers_finder
View on GitHub
☆89Jul 18, 2023Updated 2 years ago
CognisysGroup / HadesLdr
View on GitHub
Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
☆293Jul 15, 2023Updated 2 years ago
deepinstinct / ContainYourself
View on GitHub
A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.
☆318Aug 31, 2023Updated 2 years ago
mertdas / SharpTerminator
View on GitHub
Terminate AV/EDR Processes using kernel driver
☆352Jun 12, 2023Updated 2 years ago
pwnsauc3 / RWXfinder
View on GitHub
The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section
☆111Jul 15, 2023Updated 2 years ago
Cracked5pider / LdrLibraryEx
View on GitHub
A small x64 library to load dll's into memory.
☆457Nov 6, 2023Updated 2 years ago
XaFF-XaFF / Kernel-Process-Hollowing
View on GitHub
Windows x64 kernel mode rootkit process hollowing POC.
☆189Jun 30, 2023Updated 2 years ago
namazso / MagicSigner
View on GitHub
Signtool for expired certificates
☆515Jun 10, 2023Updated 2 years ago
b1tg / cobaltstrike-beacon-rust
View on GitHub
CobaltStrike beacon in rust
☆208Aug 10, 2024Updated last year
passthehashbrowns / BOFMask
View on GitHub
☆125Jun 28, 2023Updated 2 years ago
CognisysGroup / SweetDreams
View on GitHub
Implementation of Advanced Module Stomping and Heap/Stack Encryption
☆225Jul 25, 2023Updated 2 years ago
ElliotKillick / LdrLockLiberator
View on GitHub
For when DLLMain is the only way
☆424Oct 29, 2024Updated last year
VoldeSec / PatchlessCLRLoader
View on GitHub
.NET assembly loader with patchless AMSI and ETW bypass
☆370Apr 19, 2023Updated 2 years ago
fortra / No-Consolation
View on GitHub
A BOF that runs unmanaged PEs inline
☆681Oct 23, 2024Updated last year
Dec0ne / HWSyscalls
View on GitHub
HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
☆718Jul 19, 2023Updated 2 years ago
gabriellandau / PPLFault
View on GitHub
☆564Feb 22, 2024Updated 2 years ago
susMdT / effective-waffle
View on GitHub
yet another sleep encryption thing. also used the default github repo name for this one.
☆69May 11, 2023Updated 2 years ago
CCob / ThreadlessInject
View on GitHub
Threadless Process Injection using remote function hooking.
☆810Sep 4, 2024Updated last year
S3cur3Th1sSh1t / Ruy-Lopez
View on GitHub
☆319Jun 28, 2023Updated 2 years ago
MaorSabag / TrueSightKiller
View on GitHub
CPP AV/EDR Killer
☆480Nov 28, 2023Updated 2 years ago
ProcessusT / PsNotifRoutineUnloader
View on GitHub
This script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCr…
☆63Feb 11, 2024Updated 2 years ago
lem0nSec / ShellGhost
View on GitHub
A memory-based evasion technique which makes shellcode invisible from process start to end.
☆1,197Oct 16, 2023Updated 2 years ago
Octoberfest7 / DropSpawn_BOF
View on GitHub
CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking
☆285Jun 8, 2023Updated 2 years ago
CymulateResearch / Blindside
View on GitHub
Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms
☆136Dec 20, 2022Updated 3 years ago
Octoberfest7 / MemFiles
View on GitHub
A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk
☆473Jul 6, 2024Updated last year
antonioCoco / SspiUacBypass
View on GitHub
Bypassing UAC with SSPI Datagram Contexts
☆462Sep 24, 2023Updated 2 years ago
f1zm0 / acheron
View on GitHub
indirect syscalls for AV/EDR evasion in Go assembly
☆374Jun 13, 2023Updated 2 years ago
thefLink / Hunt-Weird-Syscalls
View on GitHub
ETW based POC to identify direct and indirect syscalls
☆189Apr 19, 2023Updated 2 years ago
kyleavery / AceLdr
View on GitHub
Cobalt Strike UDRL for memory scanner evasion.
☆1,006Jun 4, 2024Updated last year
icyguider / LatLoader
View on GitHub
PoC module to demonstrate automated lateral movement with the Havoc C2 framework.
☆307Dec 9, 2023Updated 2 years ago
cpu0x00 / SharpReflectivePEInjection
View on GitHub
reflectively load and execute PEs locally and remotely bypassing EDR hooks
☆164Jan 4, 2024Updated 2 years ago
0xEr3bus / PoolPartyBof
View on GitHub
A beacon object file implementation of PoolParty Process Injection Technique.
☆435Dec 21, 2023Updated 2 years ago