Kernel Driver Utility

BYOVD research use cases featuring vulnerable driver discovery and reverse engineering methodology. (CVE-2025-52915, CVE-2025-1055,).

🤖 Kill The Protected Process 🤖

KslDump — Why bring your own knife when Defender already left one in the kitchen?

yet another AV killer tool using BYOVD

Windows rootkit designed to work with BYOVD exploits

Another BYOVD process killer. works on all EDR's. fully signed.

「💀」Proof of concept on BYOVD attack

BYOVD hunter to help prioritize windows drivers worth manual analysis

Driver Reverse & Exploitation

DSE & PG bypass via BYOVD attack

「⚠️」Performing a BYOVD on the truesight.sys driver

Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.

Advanced PoC & Research for CVE-2026-0828 (Safetica) and CVE-2025-7771 (ThrottleStop). Analysis of BYOVD (Bring Your Own Vulnerable Driver) TTPs for Ring 0 process termination and physical memory R/W. Researching EDR-Killer patterns, PPL bypasses, and kernel-mode primitives used by MedusaLocker and other threat actors.

📟 a tiny code that performs kernel-mode read/write using CVE-2023-38817.

Some basic info, resources, and code snippets about windows kernel exploitation

A BYOVD technique abuse tool

Rust-based Windows kernel driver research project with a companion user-mode client for IOCTL-based experiments with process, token, PPL, and callback internals. Designed for authorized lab testing and Windows driver development study.

A simple PoC demonstrating the vulnerability in the ThrottleStop.sys driver, showcasing arbitrary physical memory read and write capabilities, as well as virtual-to-physical address translation using Superfetch.

Dump ntoskrnl.exe important offsets for building your navigation system in the Windows Kernel, using Radare2 and Rust