This repo contains proof-of-concepts (PoCs) demonstrating BYOVD (Bring Your Own Vulnerable Driver) techniques by exploiting flaws in signed drivers. These drivers are either not included in Microsoft's blocklist or have been previously overlooked.
| Driver | MD5 Hash | Download Link | Type | HVCI Blocked | VirusTotal | POC |
|---|---|---|---|---|---|---|
| TrueSight.sys | f53fa44c7b591a2be105344790543369 | LOLDrivers | EDR Killer | No | Result | POC |
| TfSysMon.sys | 761f2e2b759389a472bd3d94141742b9 | LOLDrivers | EDR Killer | Yes | Result | POC |
| Viragt64.sys | 779af226b7b72ff9d78ce1f03d4a3389 | LOLDrivers | EDR Killer | No | Result | POC |
| Winio64.sys | 8fc6cafd4e63a3271edf6a1897a892ae | LOLDrivers | EDR Callback Patch | No | Result | POC |
| RTCore64.sys | 2d8e4f38b36c334d0a32a7324832501d | LOLDrivers | EDR Callback Patch | Not Sure | Result | POC |
- https://vx-underground.org/Archive/Driver%20Collection
- https://github.com/wavestone-cdt/EDRSandblast/
- https://github.com/zeze-zeze/ioctlance
- https://github.com/0xJs/BYOVD_EDRKiller/
- https://github.com/BlackSnufkin/BYOVD
This repository is intended for educational and research purposes only. The PoCs provided here should not be used for any illegal activities or malicious purposes. The maintainers of this repository are not responsible for any misuse of the information and code provided here.