https://github.com/zer0condition/mhydeath

Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.
https://github.com/zer0condition/mhydeath

Last synced: 20 days ago
JSON representation

Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.

• Host: GitHub
• URL: https://github.com/zer0condition/mhydeath
• Owner: zer0condition
• Created: 2023-08-22T07:15:36.000Z (over 1 year ago)
• Default Branch: master
• Last Pushed: 2023-08-22T08:01:04.000Z (over 1 year ago)
• Last Synced: 2024-11-07T11:43:51.540Z (6 months ago)
• Language: C++
• Homepage:
• Size: 18.3 MB
• Stars: 380
• Watchers: 7
• Forks: 67
• Open Issues: 1
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-edr-bypass - zer0condition/mhydeath: Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.

README

        
# mhydeath

Abusing mhyprotect (not mhyprot2) to kill AVs / EDRs / XDRs / Protected Processes.

# Resources

https://github.com/ZeroMemoryEx/Terminator


https://github.com/kkent030315/evil-mhyprot-cli

# Demo

 Crowdstrike Falcon and MsDefender 


![Demo](demo.gif)