Skip to content
/ T1 Public
forked from ZeroMemoryEx/Terminator

Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes

0 stars 157 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

merterpreter/T1

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
Terminator
Terminator
 
 
vDriver
vDriver
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
Terminator.sln
Terminator.sln
 
 

Repository files navigation

Buy Me A Coffee

Terminator

  • Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes
  • Spyboy sells the software for prices ranging from $300 for a single bypass to $3,000 for an all-in-one bypass for more detail
  • the sample is sourced from loldrivers

usage

  • Place the driver Terminator.sys in the same path as the executable

  • run the program as an administrator

  • keep the program running to prevent the service from restarting the anti-malwares

    image

technical details

  • The driver contains some protectiion mechanism that only allow trusted Process IDs to send IOCTLs, Without adding your process ID to the trusted list, you will receive an 'Access Denied' message every time. However, this can be easily bypassed by sending an IOCTL with our PID to be added to the trusted list, which will then permit us to control numerous critical IOCTLs

    image

About

Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C++ 100.0%