PixisJul 19, 2023
Alice Climent-Pommeret

Finally done!

My latest article introduce the basics of Windows kernel drivers/internals and how to find and exploit process killer drivers using LOLDrivers 🤓

I hope you'll enjoy it! Thanks M. and @r00tbsd for the proofread !

https://alice.climent-pommeret.red/posts/process-killer-driver/

Finding and exploiting process killer drivers with LOL for 3000$

This article describes a quick way to find easy exploitable process killer drivers. There are many ways to identify and exploit process killer drivers. This article is not exhaustive and presents only one (easy) method. Lately, the use of the BYOVD technique to kill AV and EDR agents seems trending. The ZeroMemoryEx Blackout project, the Terminator tool sold (for 3000$) by spyboy are some recent examples. Using vulnerable drivers to kill AV and EDR is not brand new, it’s been used by APTs, Red Teamers, and ransomware gangs for quite some time.

Jul 18, 2023 at 1:43pmWeb
Show threadAlice Climent-PommeretJul 18, 2023

The code related to this blogpost :

- PoCs exploiting vulnerable drivers : https://github.com/xalicex/Killers

- Script to retrieve potential process killer drivers available on LOLDrivers : https://github.com/xalicex/LOLDrivers_finder

GitHub - xalicex/Killers: Exploitation of process killer drivers

Exploitation of process killer drivers. Contribute to xalicex/Killers development by creating an account on GitHub.

GitHub