Found arbitrary process termination that bypasses PPL (can kill any process on the system, including EDR/AV) and arbitrary process protection via ObRegisterCallbacks, all behind 4 layers of trivial authentication. It's a full BYOVD toolkit similar to the mhyprot2 situation from Genshin Impact that was also used by ransomware groups.

The best part is that the driver ships with every install and is never even loaded by the game.

Full PoC: https://github.com/svespalec/TowerOfFlaws