EvilBytecode / EDR-XDR-AV-Killer

Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver
242 stars 43 forks source link

windows build #2

Closed sec13b closed 3 months ago

sec13b commented 3 months ago

C:\Users\work\Desktop\BypassUAC\test\EDR-XDR-AV-Killer>"C:\Program Files\Go\bin\go.exe" build . go: go.mod file not found in current directory or any parent directory; see 'go help modules'

C:\Users\work\Desktop\BypassUAC\test\EDR-XDR-AV-Killer>

EvilBytecode commented 3 months ago

go mod init wow Do that cmd above

sec13b commented 3 months ago

mcafee detect the sys file and delete

image

image

its any option to encode the .sys file in bin file ,maybe can be detected