Giters

ricardojba / darthvibrius

Weaponizing kernel level process killing technique from this https://alice.climent-pommeret.red/posts/process-killer-driver/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Darthvibrius

  • Weaponizing kernel level process killing technique based on this article and this code.
  • Darthvibrius terminates all EDR/XDR/AVs processes on its hard-coded list by abusing the kEvP64.sys or the AswArPot.sys loldrivers (modify the code accordingly).

Usage

  • Place the chosen driver in the same directory as the executable and rename it to sys-mon.sys.
  • Run the Darthvibrius as an administrator
  • Keep the Darthvibrius running to prevent Windows from restarting the EDR/XDR/AV services and processes.

About

Weaponizing kernel level process killing technique from this https://alice.climent-pommeret.red/posts/process-killer-driver/

Languages

Language:C++ 100.0%