[ Hidden Content! ]
hi, wanted to share this beautiful example of a rookit, witch kills off AVs and EDRs.
made by SaadAhla, a legend witch you probably have already heard of before, it's ring0 witch means that you need to sign it in order to use it(install driver), or you can exploit a vuln driver, you can check out LOLdrivers for more on that, but i wouldn't recommend that. You could also social engineer a user into enabling testsigning, now you're probably gonna call me a fag for suggesting that but hear me out, in some specific circumstances it could work, like for example a fake kernel-level/driver cheat
it's triggered from a normal ring3 binary.
https://github.com/SaadAhla/dark-kill/tree/main