Skip to content

nu1lptr0/BYOVD-Process-Terminator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
Process_terminator
Process_terminator
 
 
driver
driver
 
 
x64/Debug
x64/Debug
 
 
README.md
README.md
 
 

Repository files navigation

BYOVD-Process-Terminator

  • Malware authors are using the vulnerabilties in the zam64.sys and zamgaurd64.sys driver to use them as killing the EDRs/AVs processes.
  • These drivers are part of the ZemannaAntiMalware.
  • I have taken the driver from loldrivers.

Usage

  • The compiled version of the binary of can be found here
  • run the program as administrator, Don't forgot to copy the driver also.
  • Give the pid of the process which you want to be terminated as argument.
Usage: process_terminator.exe <pid>
2024-09-19.23-18-49.mp4

Writeup

https://nu1lptr.blogspot.com/2024/09/zam64sys-byovd-process-terminator.html

Inspiration

https://github.com/ZeroMemoryEx/Terminator/tree/master

About

Zamgaurd64.sys Process Terminator

Topics

exploitation windows-driver

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages