Sunbelt Computer Software

STProcessMonitorBYOVD

Reference: https://bbs.kafan.cn/thread-2288675-1-1.html

Usage:

Place the vulnerable driver under the same directory of the exe. The version 11.11.4.0 (the older one) is with CVE-2025-70795 / CVE-2026-0828, compatible with the parameter /Kill; The version 11.26.18 (Updated) is compatible with parameter /Terminate.
/Init - Install the driver. /Kill - Use CVE-2025-70795 / CVE-2026-0828 to terminate processes. /Terminate - Use the updated driver to terminate processes. /Uninst - Unload the driver.

Screenshots

Exploit CVE-2025-70795 / CVE-2026-0828 (Please notice that the '/Kill' operate is without any priviledge)

The updated driver verifys if the control code is from an NT AUTHORITY\SYSTEM process, so we need to get at least Administrator priviledge to use the new driver.

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
STProcessMonitorBYOVD		STProcessMonitorBYOVD
.gitattributes		.gitattributes
.gitignore		.gitignore
README.md		README.md
STProcessMonitorBYOVD.sln		STProcessMonitorBYOVD.sln

Sunbelt Computer Software

PL/B Language Development and Support

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

STProcessMonitorBYOVD

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Sunbelt Computer Software

PL/B Language Development and Support

Folders and files

Latest commit

History

Repository files navigation

STProcessMonitorBYOVD

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages