# NSecSoftBYOVD

Update 2026.1.13: The vulnerbility has been assigned the number CVE-2025-68947

Reference: https://bbs.kafan.cn/thread-2284992-1-1.html, https://blog.csdn.net/qq_40827990/article/details/148997201

Same techniques are widely used by Silverfox Group to terminate AV processes

BYOVD

Usage: NSecSoftBYOVD.exe PID

The driver from Shandong Anzai must be under the same directory of the exe.

<img width="991" height="522" alt="屏幕截图 2025-09-15 010247" src="https://github.com/user-attachments/assets/508683a0-4c23-411b-a966-cb84eae08420" />
<img width="980" height="508" alt="屏幕截图 2025-09-15 010323" src="https://github.com/user-attachments/assets/79d85806-7bda-4b3e-9a4f-ab9417513059" />
<img width="989" height="507" alt="屏幕截图 2025-09-15 010502" src="https://github.com/user-attachments/assets/06a34543-e886-4f53-8cff-d613a7fed7cd" />