Skip to content

Helixo32/NimBlackout

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 

Repository files navigation

NimBlackout

Nim Version

Note: This project is for educational purposes only. The use of this code for any malicious activity is strictly prohibited. I am not responsible for any misuse of this software.

NimBlackout is an adaptation of the @Blackout project originally developed in C++ by @ZeroMemoryEx, which consists of removing AV/EDRs using the gmer (BYOVD) driver.

The main reason for this project was to understand how BYOVD attacks work, and then to provide a valid PoC developed in Nim.

All credit must goes to the original author @ZeroMemoryEx.

Usage

  • Compilation
    • Linux
      nim --os:windows --cpu:amd64 --gcc.exe:x86_64-w64-mingw32-gcc --gcc.linkerexe:x86_64-w64-mingw32-gcc c NimBlackout.nim
      
    • Windows
      nim c NimBlackout.nim
      
  • Put Blackout.sys driver into current directory
  • Launch NimBlackout (with admin privileges)
    NimBlackout.exe <process name>
    

In order to prevent restarting process (like MsMpEng.exe), keep the program running.

Demo

About

Kill AV/EDR leveraging BYOVD attack

Resources

Stars

Watchers

Forks

Languages