Kernel Driver Utility

🤖 Kill The Protected Process 🤖

BYOVD research use cases featuring vulnerable driver discovery and reverse engineering methodology. (CVE-2025-52915, CVE-2025-1055,).

yet another AV killer tool using BYOVD

Windows rootkit designed to work with BYOVD exploits

PoC exploit for the vulnerable WatchDog Anti-Malware driver (amsdk.sys) – weaponized to kill protected EDR/AV processes via BYOVD.

「💀」Proof of concept on BYOVD attack

Driver Reverse & Exploitation

DSE & PG bypass via BYOVD attack

「⚠️」Performing a BYOVD on the truesight.sys driver

BYOVD hunter to help prioritize windows drivers worth manual analysis

Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.

📟 a tiny code that performs kernel-mode read/write using CVE-2023-38817.

Some basic info, resources, and code snippets about windows kernel exploitation

Dump ntoskrnl.exe important offsets for building your navigation system in the Windows Kernel, using Radare2 and Rust

BYOVD IOCs (Based LOLDrivers)

Backstab rewrite in nim, AV/EDR killer

CVE-2022-22077 is a high-severity vulnerability (CVSS score 7.8) affecting the RTCore64.sys driver distributed with MSI Center

This exploit rebuilds and exploit the CVE-2019-16098 which is in driver Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. Instead of hardcoded base address of Ntoskrnl.exe, I calculated it dynamically and recalulated the fields offsets

The project demonstrates a simple detection method for SSDT Hook in User Mode via BYOVD