Overlord

• A simple PoC demonstrating BYOVD by abusing the Process Hacker driver to terminate other processes, The sample has been sourced from loldrivers

  

• The driver checks if the requestor has the SeDebug privilege enabled, We can bypass this check by enabling the SeDebug privilege

  

• Then, it copies the handle and other passed parameters, The specific parameters used depend on the IOCTL type

  

• list of process hacker IOCTLs Process Hacker IOCTLs List making it easy to abuse