Giters

xiosec / Terminator

PowerShell script to terminate protected processes such as anti-malware and EDRs.

Repository from Github https://github.comxiosec/TerminatorRepository from Github https://github.comxiosec/Terminator

blueteambypassbypass-antivirusbypass-edrhvciredteamredteam-toolsredteaminggmerhvci-bypassin-memorywin32-api

Invoke-Terminator

xiosec - Terminator stars - Terminator forks - Terminator GitHub release License issues - Terminator

Terminator is a powershell script that terminates protected processes such as anti-malware and EDRs through the gmer driver.

  • in-memory
  • HVCI bypass

Usage

<#
----------------------------
        Terminator

github : github.com/xiosec
twitter: twitter.com/xiosec
----------------------------

* Arguments
    * -ServiceName
    * -ProcName
    * -ProcId
    * -driverPath
    * -AutoKill
#>

Invoke-Terminator -ServiceName terminator -ProcName MsMpEng

inline

powershell -c ". .\Invoke-Terminator.ps1; Invoke-Terminator -ProcName MsMpEng -AutoKill"

Example

In this example, we kill the MsMpEng process, which is related to the antimalware service. MsMpEng

Links

gmer64.sys

Blackout

License

Released under GPL-3.0 by @xiosec

About

PowerShell script to terminate protected processes such as anti-malware and EDRs.

blueteambypassbypass-antivirusbypass-edrhvciredteamredteam-toolsredteaminggmerhvci-bypassin-memorywin32-api

License:GNU General Public License v3.0

Languages

Language:PowerShell 100.0%