core-jmp

core-jmp

death of core jump

  • Home
  • About
  • Privacy Policy

Homebyovd

Posts tagged: byovd

Protected Process / PPL Control Tool

PPLControlShells — Protected Process / PPL Control shells Tool

February 9, 2026
by oxfemale AVBYOVDcppEDRkernelPrivilegeProtectionwindows

PPLControlShells (the ppexec console tool) is a native Windows PP/PPL experimentation and control utility (x64)designed to help researchers understand, test, and demonstrate how Protected Process (PP) and Protected Process Light (PPL) behave on modern Windows (10/11 + compatible Server builds).

Read More
Снимок экрана 2026-02-03 в 13.50.46

Using EDR-Redir To Break EDR Via Bind Link and Cloud Filter

February 3, 2026
by oxfemale BYOVDBypassingEDRkernelProtectionwindows

the technique of exploiting the Bind Filter driver (bindflt.sys) to redirect folders containing the executable files of EDRs to a location that I completely control.

Read More

Recent Posts

  • EarlyBird APC Injection: A Deep Technical Analysis
  • Bypassing Administrator Protection by Abusing UI Access
  • PPLControlShells — Protected Process / PPL Control shells Tool
  • Process Injection via Component Object Model (COM) IRundown::DoCallback() for run cmd.exe from lsass.exe or other pids
  • Abusing Microsoft Warbird for Shellcode Execution

Recent Comments

No comments to show.

Archives

  • February 2026
  • January 2026
  • November 2025
  • September 2025

Categories

  • Administrator
  • alloc
  • APC
  • ASM
  • Audio
  • AV
  • BYOVD
  • Bypassing
  • Callbacks
  • Containers
  • cpp
  • Crypt
  • Debug
  • EDR
  • Escalation
  • Gadgets
  • Injection
  • kernel
  • Library
  • Loader
  • Plugins
  • powershell
  • PPL
  • Privilege
  • Protection
  • ROP
  • shellcode
  • UAC
  • Uncategorized
  • Warbird
  • WASM
  • winapi
  • winapi
  • windows
Log in
© 2026 core-jmp. All rights reserved.
Shopping Basket