Skip to content

nw8g/dead-av

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
src
src
 
 
BdApiUtil64.sys
BdApiUtil64.sys
 
 
CMakeLists.txt
CMakeLists.txt
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

dead-av

yo what dis is:
antivirus/EDR process killer using vulnerable driver

based on BdApiUtil-Killer 🤷‍♂️

quick start

# clone it
git clone https://github.com/nw8g/dead-av.git && cd dead-av

# build
make

# place BdApiUtil64.sys next to avk.exe
# run as admin
./avk.exe

what it kills

kills 100+ security processes continuously:

  • Windows Defender (msmpeng, smartscreen, etc)
  • CrowdStrike Falcon variants
  • SentinelOne agents
  • Carbon Black
  • Symantec/Norton/McAfee
  • Malwarebytes/Kaspersky/Bitdefender
  • Analysis tools
  • EDR/SIEM agents (Elastic, Splunk, Tanium, etc)

basically… if it moves and smells like protection, it kills it

how it works

  1. loads BdApiUtil64.sys as a Windows service
  2. scans processes every 2–3 seconds
  3. kills targets from kernel space via ioctl 0x800024B4
  4. runs forever until you hit ctrl+c

build options

make            # normal build
make release    # optimized 
make clean      # clean files

example output

dead-av in action

requirements

  • Windows x64
  • Admin privileges
  • BdApiUtil64.sys driver file
  • g++ or Visual Studio

About

kill all EDR and AVs processes

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages