https://github.com/BlackSnufkin/GhostDriver
yet another AV killer tool using BYOVD
https://github.com/BlackSnufkin/GhostDriver
av-killer byovd evasion redteam rust
Last synced: 28 days ago
JSON representation
yet another AV killer tool using BYOVD
- Host: GitHub
- URL: https://github.com/BlackSnufkin/GhostDriver
- Owner: BlackSnufkin
- License: gpl-3.0
- Created: 2023-12-02T23:56:13.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2023-12-12T13:52:32.000Z (over 1 year ago)
- Last Synced: 2025-04-04T14:09:56.422Z (about 1 month ago)
- Topics: av-killer, byovd, evasion, redteam, rust
- Language: Rust
- Homepage:
- Size: 182 KB
- Stars: 270
- Watchers: 5
- Forks: 38
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-offensive-rust - GhostDriver - GhostDriver is a Rust-built AV killer tool using BYOVD. (Projects)
README
# GhostDriver 👻
## About
GhostDriver is a Rust-built AV killer tool using BYOVD.
## Get Started
1. Install Rust from [rust-lang.org](https://www.rust-lang.org)
2. Clone: `git clone https://github.com/BlackSnufkin/GhostDriver.git`
3. Build: `cargo build --release --target=x86_64-pc-windows-msvc`
4. Run: Execute the GhostDriver binary
## Usage:
```text
GhostDriver.exe 2.0
BlackSnufkin
Kills processes by name using a Ghost Driver
USAGE:
GhostDriver.exe [FLAGS] [OPTIONS]
FLAGS:
-h, --help Prints help information
-v, --version Prints version information
OPTIONS:
-n, --name=process_names
EXAMPLES:
.\GhostDriver.exe -n msmpeng.exe,svchost.exe
.\GhostDriver.exe --name msmpeng.exe
.\GhostDriver.exe (uses default processes)
```
- Change line 3307 for the defualt Process names
```text
// Define default process names
let default_process_names = vec!["msmpeng.exe"];
```
# POC
# Reference
- https://github.com/keowu/BadRentdrv2
- https://unit42.paloaltonetworks.com/agonizing-serpens-targets-israeli-tech-higher-ed-sectors