⁶⁶⁶ | Disable Advanced AV/EDR Systems | Kill protected process | Video proof | Silently and undetectable | ⁶⁶⁶

[Бафомет]

Цена

DM

Контакты

FORUM

Welcome to our shop! Feel at ease and take your time exploring. I'm here to share my expertise and help with any questions you may have. Our product is specifically designed to effectively disable EDR and AV systems, ensuring top-notch performance. All our solutions have been rigorously tested in real-world scenarios using the best tools available. Should you need any assistance or guidance, please reach out. For your security, we process all transactions through a trusted escrow or guarantor system. We look forward to supporting you on your journey!

Technical information

• The product is compatible with Windows OS: Support Win7 (Server 2008R2) ~ Win11 (Server 2025).
• Protected processes can be deleted without any warnings or alarms.
• Administrator privileges are required.
• The product is signed by a trusted vendor, not by any random certificate.
• The tool is user-friendly and easy to use.
• A system reboot is not required. In the event of a reboot or shutdown, the EDR or AV will be disabled.

Actual software support tested

• Cortex.
• Crowdstrike.
• Sentinel One.
• Sophos XDR Intercept X.
• Bitdefender EDR.
• Eset business edition (EDR).
• Avira.
• McAfee.
• Windows Defender.
• Any other EDR/AV can be requested.

Use case

• Eliminate the hassle of paid encryption. After deploying the tool, you can run anything you like.
• Disable AV and EDR systems with a few commands, gaining total control of the machine.
• All EDR processes are terminated automatically.

License

• Reselling or publicly distributing this tool is strictly prohibited.
• The software is sold individually.
• Redistribution or sharing of the software is not permitted.

Legal Disclaimer

The software provided is sold strictly for educational and research purposes only. By purchasing and using this tool, you agree to the following terms and conditions:

1. Educational Use Only: This software is intended solely for educational and research purposes. Any other use is not endorsed or supported by the provider.
2. User Responsibility: The purchaser and user of this software assume full responsibility for compliance with all local, state, and federal laws. The provider shall not be held liable for any illegal or unethical use of the software.
3. No Liability: The provider is not responsible for any damages, losses, or legal actions that may arise from the use of this software. Any consequences resulting from the use or misuse of this tool are the sole responsibility of the user.
4. Indemnification: The user agrees to indemnify and hold harmless the provider from any claims, liabilities, or expenses (including legal fees) arising from the use of the software.
5. Geographic Restrictions: It is strictly prohibited to use this software in CIS (Commonwealth of Independent States) countries.

- By purchasing and using this software, you acknowledge that you have read, understood, and agree to be bound by these terms and conditions. -
​

RUS:

Остерегайтесь мошенников. В последнее время я видел множество самозванцев, которые распространяют мои видео на разных платформах, выдавая себя за меня.

Я работаю только через гаранта (escrow), и у меня нет аккаунтов в Twitter, Telegram или любых других социальных сетях.

Об услугах я объявляю исключительно на двух платформах: на форумах XSS и R?MP.

https://x.com/EvilWhales https://t.me/cryptfileservice

EN:

Beware of scammers. I have recently seen many impersonators sharing my videos on various platforms to pretend to be me.

I only work through escrow and I do not have a Twitter, Telegram, or any other social media accounts.

My services are announced exclusively on two platforms: the XSS and R?MP forums.

https://x.com/EvilWhales https://t.me/cryptfileservice

​

Спойлер: FAQ

Can I execute X product after executing the tool?
- Yes, the only requirement is to have administrator privileges. If the software is executed correctly, you will be able to deploy any software you like.

Could you please conduct a test for me?
- Yes, if you share a VPS and a EDR installer. I am not going to use my licenses for test purposes.

Do you have Telegram?
- No, we do not use Telegram. Please contact us directly via DM.

Do you have tox/jabber, etc?
- No, we do not. The only way to contact us is via direct message on the forum.

 

[detroit_clock]

Great

 

[AllienWare]

Amazing

 

[payloadbtc]

very nice

 

[Marti71]

Кто брал отпишитесь о отзывах?

 

[Marti71]

Кореш KernetlMode что у одного, что у другого возьмете подписку на месяц и будете ждать пока почистят, в итоге к концу месяца вам скажут плати ещО подписка закончилась

 

[Бафомет]

Кореш KernetlMode что у одного, что у другого возьмете подписку на месяц и будете ждать пока почистят, в итоге к концу месяца вам скажут плати ещО подписка закончилась

1.- First of all this tool has non subscription, it is a lifetime subscription. Not monthly, week, or anything like that.

2.- Second of all, I don't know who is "KernetlMode", that member does not even exist, you might want to write "KernelMode". And I personally don't know his service so this is not a comparison between "him/her" or any other member, this is my service so I ask you to come here with respect and politeness and of course, avoid talking about external services or third party tools.

3.- Third of all I don't why are you posting here when you have not the decency of answer on private.

4.- Money don't impress me, so please, try to find other place where you can impress them. Actually you are not going to be able to purchase my service. I am not going to sell you anything. I only work with people who behave appropriately. So I kindly ask you to forget about this service, at least, on my thread

 

[chaos_exe]

looks cool. What language did you use for this killer? if it is .net it is easy to obfuscate

 

[Бафомет]

We work right now on:

• Future projects related to vulnerable drivers relate to kernel direct memory access.
• Remove kernel callbacks for silence all EDR systems (Cortex 8.6.0, Crowdstrike Falcon 7.17.18721.0 and Sentinel One 24.1.4.257, etc...).

What are we interested:

• Private support for teams.
• One time private driver sell for remove kernel callbacks, minifilters, etc...
• Long time development and successful cooperation in the related area.

Thanks for all the support.

---- WE ONLY SELL SIGNED DRIVERS ----


CONTACT ONLY ON DIRECT FORUM DIRECT MESSAGES SYSTEM, DON'T ASK FOR ANY PRIVATE CONTACT TOX/TELEGRAM, ETC...​

 

[Бафомет]

Update:

• The software support now all builds from Win7 (Server 2008R2) ~ Win11 (Server 2025).
• Offsets for windows 11 24H2 and Server 2025 has been updated.

 

[Jubby]

Отличный продукт,полностью выполняет заявленные функции !
Продавец очень порадовал,отзывчивый,может помочь при возникновении каки-либо вопросов и пожеланий.Так же приятно видеть что софт активно развивается и получает частые обновления

 

[ipv8]

Искал такого рода решение, пообщавшись со всеми кто продает\разрабатывает подобного софт. Остановился на этом парне и не пожалел. Впечатление как будто встретился с кем то из старых в свои 18 лет. Куча энергии, много амбиций и уверенностью в том что нерешаемых задач нет. Вместе разобрали софт, где то доработали, где то объяснил как обстоят дела с новейшими EDR и драйверами. Парень живет проектом, а это то что нужно. Чего и всем кодерам,сервисам желаю. Сработались и обменялись идеями.

Удачного бизнеса и честных клиентов.

 

[ElliotDominion]

Бафомет is this still relevant? No updates long time. Looking to buy

 

[Бафомет]

Бафомет is this still relevant? No updates long time. Looking to buy

This remains relevant. There is no need to update something that functions as expected without issue.

Это по-прежнему актуально. Не нужно чинить то, что и так прекрасно работает.

 

[MRK01]

Hi, I'm looking for something to download my apk. Can you help me? I need it for bypassing the Play Store.

 

[Бафомет]

RUS:

Остерегайтесь мошенников. В последнее время я видел множество самозванцев, которые распространяют мои видео на разных платформах, выдавая себя за меня.

Я работаю только через гаранта (escrow), и у меня нет аккаунтов в Twitter, Telegram или любых других социальных сетях.

Об услугах я объявляю исключительно на двух платформах: на форумах XSS и R?MP.

https://x.com/EvilWhales https://t.me/cryptfileservice

EN:

Beware of scammers. I have recently seen many impersonators sharing my videos on various platforms to pretend to be me.

I only work through escrow and I do not have a Twitter, Telegram, or any other social media accounts.

My services are announced exclusively on two platforms: the XSS and R?MP forums.

https://x.com/EvilWhales https://t.me/cryptfileservice

 

[donkey-fuller]

Dam this is interesting as hell, love seeing these tools.

 

[wav]

Kaspersky and CSFalcon killing ?

 

[Бафомет]

Kaspersky and CSFalcon killing ?

EN:

Support for Kaspersky EDR is not yet available, as I do not have a license. If you possess one and wish for its inclusion, providing it to me will allow me to reverse engineer it and integrate support. The main topic notes that requests can be made for additional EDR/AV solutions. A trial version may be an option, but thus far, there has been no request for Kaspersky.

In answer to your question about CrowdStrike Falcon: yes, the software is completely capable of disabling it.

This software is not simply a Proof-of-Concept (PoC) based on publicly known methods such as ZwTerminateProcess IOCTL abuse from a common driver, which ultimately fails to disable the EDR at the kernel level and merely kills protected processes.

The project is a private development built around a kernel driver capable of reading and writing memory, paired with a shellcode loader designed to protect the software from both static and runtime analysis.

Our product removes various kernel callbacks, including:

• ObRegisterCallbacks
• CmRegisterCallback
• PsSetCreateThreadNotifyRoutine
• PsSetCreateProcessNotifyRoutine
• PsSetLoadImageNotifyRoutine
• ObUnRegisterCallbacks
• CmUnRegisterCallback

It also removes every EDR’s minifilters enumerated via FltEnumerateFilters.

All exploitation-related files, including the driver itself, are securely deleted from disk after execution. Even after a computer reboot, the antivirus or EDR software will remain disabled.

RUS:

Поддержка Kaspersky EDR пока недоступна, так как у меня нет лицензии. Если она у вас есть и вы хотите, чтобы её добавили, предоставьте её мне, и я смогу провести обратный инжениринг и интегрировать поддержку. В основном обсуждении указано, что можно запрашивать дополнительные решения EDR/AV. Возможно, подойдёт пробная версия, но на данный момент запросов по Kaspersky не поступало.

Отвечая на ваш вопрос о CrowdStrike Falcon: да, программа полностью способна отключить его.

Этот софт является не просто Proof-of-Concept (PoC), основанным на общеизвестных методах, таких как использование уязвимости ZwTerminateProcess IOCTL в стандартном драйвере, который в конечном итоге не отключает EDR на уровне ядра, а лишь завершает защищенные процессы.

Проект представляет собой частную разработку, построенную вокруг драйвера ядра, способного читать и записывать память, в сочетании с загрузчиком шелл-кода, предназначенным для защиты программы как от статического, так и от динамического анализа.

Наш продукт удаляет различные kernel callback, включая:

• ObRegisterCallbacks
• CmRegisterCallback
• PsSetCreateThreadNotifyRoutine
• PsSetCreateProcessNotifyRoutine
• PsSetLoadImageNotifyRoutine
• ObUnRegisterCallbacks
• CmUnRegisterCallback

А также удаляет все минифильтры EDR, перечисленные через FltEnumerateFilters.

Все файлы, связанные с эксплуатацией, включая сам драйвер, безопасно удаляются с диска после выполнения. Даже после перезагрузки компьютера антивирус или EDR-программы останутся отключёнными.