← All drivers
Field Guide · Family
PoisonX (GentleKiller EDR bypass)
PoisonX is a Microsoft-signed kernel driver with an undocumented process-termination IOCTL, weaponized by the GentleKiller framework and the Gentlemen data-extortion service to disable endpoint protection software. Xcitium documented the reverse-engineering of its CrowdStrike bypass in 2026.
18
Drivers
18
Vulnerable
0
Malicious
18
With Field Notes
poisonx.sys
vulnerable✎
poisonx10.sys
vulnerable✎
poisonx11.sys
vulnerable✎
poisonx12.sys
vulnerable✎
poisonx13.sys
vulnerable✎
poisonx14.sys
vulnerable✎
poisonx15.sys
vulnerable✎
poisonx16.sys
vulnerable✎
poisonx17.sys
vulnerable✎
poisonx18.sys
vulnerable✎
poisonx2.sys
vulnerable✎
poisonx3.sys
vulnerable✎
poisonx4.sys
vulnerable✎
poisonx5.sys
vulnerable✎
poisonx6.sys
vulnerable✎
poisonx7.sys
vulnerable✎
poisonx8.sys
vulnerable✎
poisonx9.sys
vulnerable✎
Family grouping is Vera's. Status data comes from the public LOLDrivers project.
