Kernel Driver Utility

BYOVD research use cases featuring vulnerable driver discovery and reverse engineering methodology. (CVE-2025-52915, CVE-2025-1055,).

🤖 Kill The Protected Process 🤖

yet another AV killer tool using BYOVD

Windows rootkit designed to work with BYOVD exploits

PoC exploit for the vulnerable WatchDog Anti-Malware driver (amsdk.sys) – weaponized to kill protected EDR/AV processes via BYOVD.

KslDump — Why bring your own knife when Defender already left one in the kitchen?

「💀」Proof of concept on BYOVD attack

BYOVD hunter to help prioritize windows drivers worth manual analysis

Driver Reverse & Exploitation

DSE & PG bypass via BYOVD attack

PoC exploit for the vulnerable (eb.sys or UnknownKiller.sys) – weaponized to kill protected EDR/AV processes via BYOVD.

「⚠️」Performing a BYOVD on the truesight.sys driver

Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.

📟 a tiny code that performs kernel-mode read/write using CVE-2023-38817.

Some basic info, resources, and code snippets about windows kernel exploitation

vulnerable drivers for windows machines.

A BYOVD technique abuse tool

Dump ntoskrnl.exe important offsets for building your navigation system in the Windows Kernel, using Radare2 and Rust

A simple PoC demonstrating the vulnerability in the ThrottleStop.sys driver, showcasing arbitrary physical memory read and write capabilities, as well as virtual-to-physical address translation using Superfetch.