"Exploiting a Vulnerable Minifilter Driver to Create a Process Killer"

Antonio Parata, a CrowdStrike security researcher, demonstrated how to use a signed Minifilter Driver in a Bring Your Own Vulnerable Driver (BYOVD) attack to terminate a specific process from the kernel. The BYOVD technique is often used by malware to terminate processes associated with security tools such as an Endpoint Detection and Response (EDR) solution. BYOVD is gaining popularity as attackers realize that terminating the EDR process is a better strategy than using obfuscation techniques to avoid the EDR solution. This article continues to discuss the exploitation of a signed Minifilter Driver in a BYOD attack to create a process killer.

Security Affairs reports "Exploiting a Vulnerable Minifilter Driver to Create a Process Killer"

Submitted by grigby1

Submitted by Gregory Rigby on