Stopping Vulnerable Driver Attacks – they have added ‘first seen’ to detect bring your own vulnerable driver style attacks


Using vulnerable drivers to gain kernel mode execution.

Key takeaways

Ransomware actors are leveraging vulnerable drivers to tamper with endpoint security products.

Elastic Security released 65 YARA rules to detect vulnerable driver abuse.

Elastic Endpoint (8.3+) protects users from this threat.


In 2018, Gabriel Landau and I presented a talk at Black Hat covering the evolution of kernel mode threats on Windows. The most concerning trend was towards leveraging known good but vuln…

Read More