The Hunters Hut
The Hunters Hut

zer0condition/mhydeath

Article Excerpt

Abusing mhyprotect (not mhyprot2) to kill AVs / EDRs / XDRs / Protected Processes.

property
value
tags
edr-evasion,github-repo,offensive-tradecraft,tradecraft-tool
url
https://github.com/zer0condition/mhydeath
original_word_count
24

Long Summary

Mhyprotect is a tool used to protect processes from being killed by malicious actors. However, it can be abused to kill antivirus (AVs), endpoint detection and response (EDRs), extended detection and response (XDRs), and protected processes. This article will discuss two resources that can be used to abuse mhyprotect for malicious purposes.

The first resource is Terminator, a tool developed by ZeroMemoryEx. It is a command line interface (CLI) that can be used to terminate processes and services. It can be used to terminate AVs, EDRs, XDRs, and protected processes. It also has the ability to bypass mhyprotect and terminate processes that are protected by it.

The second resource is evil-mhyprot-cli, a tool developed by kkent030315. It is a CLI that can be used to terminate processes and services. It can be used to terminate AVs, EDRs, XDRs, and protected processes. It also has the ability to bypass mhyprotect and terminate processes that are protected by it.

In conclusion, mhyprotect can be abused to kill AVs, EDRs, XDRs, and protected processes. There are two resources that can be used to abuse mhyprotect for malicious purposes: Terminator and evil-mhyprot-cli. Both of these tools have the ability to bypass mhyprotect and terminate processes that are protected by it. Therefore, it is important to be aware of the potential risks associated with mhyprotect and take steps to protect against malicious actors.

Short Summary

šŸ““ zer0condition/mhydeath

šŸ‘‰šŸ½ Abusing mhyprotect (not mhyprot2) to kill AVs / EDRs / XDRs / Protected Processes. šŸ‘‰šŸ½ Mhyprotect is a tool used to protect processes from being killed by malicious actors. šŸ‘‰šŸ½ It can be abused to kill antivirus (AVs), endpoint detection and response (EDRs), extended detection and response (XDRs), and protected processes. šŸ‘‰šŸ½ The article discusses two resources that can be used to abuse mhyprotect for malicious purposes. šŸ‘‰šŸ½ Terminator is a tool developed by ZeroMemoryEx that can terminate processes and services. šŸ‘‰šŸ½ Terminator can terminate AVs, EDRs, XDRs, and protected processes. šŸ‘‰šŸ½ Terminator has the ability to bypass mhyprotect and terminate protected processes. šŸ‘‰šŸ½ evil-mhyprot-cli is a tool developed by kkent030315 that can terminate processes and services. šŸ‘‰šŸ½ evil-mhyprot-cli can terminate AVs, EDRs, XDRs, and protected processes. šŸ‘‰šŸ½ evil-mhyprot-cli has the ability to bypass mhyprotect and terminate protected processes. šŸ‘‰šŸ½ It is important to be aware of the risks associated with mhyprotect and protect against them.

šŸ”— source link: https://github.com/zer0condition/mhydeath

šŸ”— summarized content: https://hut.threathunterz.com/battlefield-intel/tradecraft-tools/zer0conditionmhydeath

#MhyprotectAbuse #TerminatorTool #EvilMhyprotCLI #ProcessTermination #MaliciousActors

LinkedIn

ThreatHunterz.com