Playing with unsecured driver(s) allowing access to protected handles.
procexp.exe load "%cd%\procexp.sys"
procexp.exe ps
procexp.exe kill pid_or_exename
procexp.exe unload "%cd%\procexp.sys"
Bunch of other drivers to look at : https://guidedhacking.com/threads/how-to-bypass-kernel-anticheat-develop-drivers.11325/