Hello World
Whoami
Pentest
Cloud
Antivirus Evasion - Defender
EDR BYPASS
Red Team
CTF

Powered by GitBook

On this page

BYOVD
Physical Access

Was this helpful?

EDR BYPASS

EDR Killer

PreviousC2 NextBYOVD

Last updated 1 day ago

BYOVD

Physical Access

GitHub - netero1010/EDRSilencer: A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.GitHub

GitHub - Helixo32/NimBlackout: Kill AV/EDR leveraging BYOVD attackGitHub

GitHub - myzxcg/RealBlindingEDR: Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...GitHub

GitHub - logangoins/Krueger: Proof of Concept (PoC) .NET tool for remotely killing EDR with WDACGitHub

GitHub - cpu0x00/EternelSuspention: a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it uselessGitHub

GitHub - zer0condition/mhydeath: Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.GitHub

GitHub - rad9800/FileRenameJunctionsEDRDisableGitHub

GitHub - ph4nt0mbyt3/Darkside: C# AV/EDR Killer using less-known driver (BYOVD)GitHub

GitHub - lkarlslund/nifo: Nuke It From Orbit - remove AV/EDR with physical accessGitHub