FreshRSS

🔒
☐ ☆ ✇ The Hacker News

Ransomware Hackers Using AuKill Tool to Disable EDR Software Using BYOVD Attack

By Ravie Lakshmanan — April 24th 2023 at 13:44
Threat actors are employing a previously undocumented "defense evasion tool" dubbed AuKill that's designed to disable endpoint detection and response (EDR) software by means of a Bring Your Own Vulnerable Driver (BYOVD) attack. "The AuKill tool abuses an outdated version of the driver used by version 16.32 of the Microsoft utility, Process Explorer, to disable EDR processes before deploying
☐ ☆ ✇ The Hacker News

BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions

By Ravie Lakshmanan — October 7th 2022 at 06:52
In yet another case of bring your own vulnerable driver (BYOVD) attack, the operators of the BlackByte ransomware are leveraging a flaw in a legitimate Windows driver to bypass security solutions. "The evasion technique supports disabling a whopping list of over 1,000 drivers on which security products rely to provide protection," Sophos threat researcher Andreas Klopsch said in a new technical
❌