The Gentlemen ransomware group’s GentleKiller framework specifically names CrowdStrike Falcon and BeyondTrust Remote Support as kill targets among 48 security products, using BYOVD kernel-driver exploitation to terminate these tools at ring-0 before ransomware deployment. Related UEFI Secure Boot bypass vulnerabilities affecting eight hardware vendors (Acer, AMD, ASUS, ECS, Getac, GIGABYTE, Toshiba, Uniwill) extend the pre-OS attack surface. No single vendor patch addresses GentleKiller; mitigation requires driver blocklisting, UEFI firmware updates, and detection engineering across all affected platforms.