Sunday, June 26, 2022

Detecting and Hunting for the Malicious NetFilter Driver

Category: Detection and Threat Hunting


During the week of June 21st, 2021, information security researchers from G Data discovered that a driver for Microsoft Windows named “netfilter.sys” had a backdoor added by a 3rd party that Microsoft then signed as a part of the Microsoft OEM program. The malicious file is installed on a victim’s system as a component of an attack as part of the post-exploitation process. This means that the attacker must either have gained administrative privil…

Read More

Latest news
Related news