Repository profile
Tool to bypass LSA Protection (aka Protected Process Light)
Repository updates
Get generated gmh5225/PPLKiller development summaries by email, or follow the weekly and monthly RSS feeds.
Sign in to subscribe by email. RSS feeds are public.
Sign in to subscribeTracked growth, recent movement, and commit velocity from stored repository snapshots.
Latest capture 2026-06-24 13:46
1 capture since 2026-06-24
Stars from baseline 0
All tracked data
Frameworks, package managers, ecosystems, and dependency manifests found during catalog scans.
Scanned 2026-06-24 13:46
PPLKiller.sln
dotnet ecosystem,
0 dependencies
Searchable topics, generated tags, and stack labels that explain where this repository fits.
Agent instructions and tool configuration paths found in the repository tree.
Nearest indexed repositories by embedding similarity.
This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.
KslDump — Why bring your own knife when Defender already left one in the kitchen?
Proof of Concepts code for Bring Your Own Vulnerable Driver techniques
PoC exploit for the vulnerable WatchDog Anti-Malware driver (amsdk.sys) – weaponized to kill protected EDR/AV processes via BYOVD.
Proof of Concepts code for Bring Your Own Vulnerable Driver techniques
This bypass is for anti cheats like battleye and EAC. All this does is abuse lsass's handles and use them for yourself. This is quite useful as this is usermode which doesnt require you to find a way to load a driver
