A user-mode code and its rootkit that will Kill EDR Processes permanently by leveraging the power of Process Creation Blocking Kernel Callback Routine registering and ZwTerminateProcess.
To compile the client, you will need to have Visual Studio 2022 installed and then just build the project like any other Visual Studio project.
To compile the project, you will need the following tools:
- Visual Studio 2022
- Windows Driver Kit
- In the project properties, go to “Linker > Command Line” and add the following option which is going to disable the integrity check:
Clone the repository and build the driver.
To test it in your testing environment run those commands with elevated cmd:
bcdedit /set testsigning onAfter rebooting, create a service and run the driver:
sc create dark type= kernel binPath= C:\Path\To\Driver\dark.sys
sc start dark