Arbitrary Process Termination via IOCTL in K7RKScan.sys

This repository is a collection of operational Proof-of-Concept (PoC) exploits demonstrating the Bring Your Own Vulnerable Driver (BYOVD) technique to kill protected processes on Windows systems. Each subdirectory targets a specific vulnerable driver, with a Rust-based executable that loads the driver as a service, opens a device handle, and sends a crafted IOCTL to terminate a process by name or PID. The exploits require the vulnerable driver file to be present in the same directory as the executable and are designed for local execution with administrative privileges. The repository covers multiple drivers, including those from Baidu Antivirus (BdApiUtil64.sys, CVE-2024-51324), K7 Ultimate Security (K7RKScan.sys, CVE-2025-52915, CVE-2025-1055), ThreatFire System Monitor (sysmon.sys), Tg Soft (viragt64.sys), and Topaz Antifraud (wsftprm.sys, CVE-2023-52271). The main entry points are the Rust 'main.rs' files in each subdirectory. The exploits are not detection scripts but provide real process termination capability, which can be used to disable AV/EDR or other security software. The code is well-structured, modular, and leverages Windows service and device APIs to interact with the drivers. The attack vector is local, requiring administrative access to load the driver. The endpoints include the driver files and their respective device interfaces (e.g., \\.\BdApiUtil, \\.\ksapi64_dev, etc.). This collection is intended for research and educational purposes to demonstrate the risks of unprotected or vulnerable kernel drivers on Windows platforms.