The article analyzes a Microsoft-signed vulnerable driver used in a BYOVD attack to kill security processes. By sending crafted IOCTL requests with a target PID, attackers can terminate EDR services such as CrowdStrike Falcon.
Freaking awesome work! I’m not into Windows myself much since decades, but I do see a great effort and experience in the many author’s blog articles… Thank you… for the miracles and great art you do, dear @oxfemale…
Freaking awesome work! I’m not into Windows myself much since decades, but I do see a great effort and experience in the many author’s blog articles… Thank you… for the miracles and great art you do, dear @oxfemale…