VULNERABLE Kernel Drivers for Security Research

John Hammond · Advanced ·🔐 Cybersecurity ·2y ago

Key Takeaways

The video discusses vulnerable kernel drivers for security research, including the use of Atomic Red Team and Living Off the Land (LOL) drivers, and provides a comprehensive overview of the tools and techniques used for testing and simulating attacker tradecraft in a benign way. The speaker highlights the importance of community feedback and the addition of new features such as TBS stuff and 2D signed hashes, and provides a step-by-step guide on how to use the HTA generator and vulnerable kernel

Full Transcript

alrighty hey thanks everyone for tuning in I am super excited to be hanging out with a great friend who is doing some incredible work these days Mike Mike hag I'm forgive me is that am I getting your name right dude I feel like it's been too long you're good well hey I know you're doing some incredible stuff with a whole lot of uh projects that are just available to the whole industry to the whole Community I know you've been cooking up with atomic red team I know you've been doing some phenomenal stuff with lull drivers could you just kind of help I don't know fill in in case folks aren't too familiar with who you are and what you're up to and all those awesome initiatives I'd love for you to I don't know take the take the floor my friend thanks um yeah my name is Michael Haig and um been working in the industry I think 12 years or something it's it's been a little while now most recently you know I've been working at Splunk for about two and a half years and the threat research team uh before that I was at Red Canary for four years which was about the time we introduced the Atomic red team tool set um and obviously most recently was the low drivers project uh we started tackling boot loaders and we also released a free like open source version of a sigma rule converter as well um and so yeah my day-to-day job is developing security content related to threats so we just researched the threats developed the content we ship it out to Splunk customers and people consume super cool well hey I don't know if you have any tricks up your sleeve or anything cool that we I don't know could pull out of the hat but some show and tell some demo would be awesome I know hey just two Talking Heads can be a little bit boring dull and dry but if you've got any magic tricks or some upcoming stuff you're excited to Showcase hey I'm all ears my friend sure yeah let's uh let's dive in yeah so kind of the start right um been maintaining Atomic red team for it says Five Years on here I think it's yeah it's going on probably five six years it's been around um you know this project is great for those who want to you know test or simulate attacker Avis you know tradecraft uh in a very kind of like benign way meant to just send things down range get those traces in your logs and then go back and like determine you know what we saw and what we didn't see and so the Project's been awesome um you know we're at over 80 100 Stars which is so mind-blowing um it's integrated with many many different tools out there Enterprise tools all that kind of stuff so it's a very popular project and I've been lately you've probably seen it on Twitter um I LinkedIn too I've been trying to share uh kind of like free atomics and so if you grab one of these free atomics you can submit it as a PR here to the project you get a t-shirt you get a sticker so you can you know be also a contributor to Atomic red team so cool well hey I gotta say I'd love to sing to Praises here I think Atomic red team has become like such an integral part of a whole lot of folks testing just for I don't know making sure like look are we validating uh what could occur in our environment do we have the detection Engineering in place so very very slick yeah yeah it's it's extremely powerful and I mean it started out I mean I think we talked about it a little bit uh in Prior blogs about where a comic came from but at this it was meant to just help during when I was at Red Canary these will be called initial presentation calls uh with like a prospect and we would the customer Prospect would say oh I'm just going to run a bunch of malware and see what you guys catch and I was like well that's not it's not how it goes in the real world you know and so I started to like slowly compile you know the original Atomic um the way the project had looked and so and it was back then it was just copy paste marked down yeah you actually Google it it comes up so here's the original project for fun um yeah it's called bookish Happiness is one of those uh GitHub Auto generated names and you could just go in here and say I want to live off the land today and copy paste just fired up cool yeah so yeah history that's very very cool to see some of the behind the scenes origin story uh yeah yep and I I have a video at least just a small one I think that at least kind of gets a chance to play with atomic red team but it's a super simple super easy like invoke all and then just see what blows up uh but there's nothing wrong with that like that I think is the Allure is just how easy it is to get it going yeah exactly and I mean we've broken into um Cloud atomics we have there's yeah AWS Azure we have some Google stuff um yeah I think there's some 365 obviously Mac and Linux and windows maybe some container stuff in here now I wouldn't be surprised but let me see yeah looks like someone's been contributing so that's pretty cool um yeah that's I mean constantly things are coming in lots of lots of folks out there have you know big environments that they're testing themselves their red team is testing and they kindly share that back which is great because it helps the whole Community as a whole the beauty is uh in case folks weren't familiar all these T Numbers dot whatever these are all mapped to the miter attack framework so like you at least have the same vernacular and terminology and lingo to talk about all this stuff uh and I don't know I think it again is a godsend stop fanboying okay yeah we do have a matrix around here I'm failing to find it on the Fly here but uh there is a minor Matrix oh yeah maybe this is it nope that's not it um yeah the Matrix is around but yep there's all that in the project um you can click through you know based on Mac windows or Linux I think probably Cloud I don't know if the cloud ones are in there but cool I feel like it's right here indexes yeah get the full layers and everything sweet well hey that's a fun teaser but I think is is more of your time now split to this whole new Venture for lull drivers or I don't know what can you help me I don't know fill things in for folks what the heck is low drivers or how do you explain it to some a random fellow at the bar I don't know yeah that's the hardest like elevator pitch right yeah uh here's this new project that uses drivers okay what does that mean what's a driver um yeah so a couple years ago when I was working at Red Canary um we hadn't we had an incident go down and a we had alerted on it and shipped the content to the customer letting them know bad things happened um but there was something still on the end point that intrigued me and so it ended up being a driver and they had installed the driver on the box uh it would it looked completely benign it matched like a Microsoft kind of driver name it was just kind of like oh that's odd and um and so we started digging into it and turned out to be part of this campaign the name of it's really funny is called nugget Phantom and so nugget Phantom like use the old school stuff they wouldn't you know get on the box install their driver do a bunch of things which led to a coin Miner and that's cool um but it really interested me I was like what are these drivers things and at the time Casey Smith and I we really started digging into them and just kind of geeking out and and it was it's just one of these topics that's so hard to like show or explain to Defenders um in an easy way to kind of consume and it's so complex too just like oh it's between hardware and software like what does the driver do how does it begin and oh wait there's vulnerable drivers like what makes a driver vulnerable and so kind of from there two three years ago I just kind of tracked this and last year I did a talk at the Sands D first summit related to drivers and when I finished I I just was like that's cool and I even had a slide that was like if you want to find vulnerable drivers go here or there or there and maybe you'll find some over there like these corners of the internet right and I was just like that doesn't seem right and so I think it was like January or so I just was like you know what I want to build a website I want to put a site together that brings these things together all these like corners of the internet and you know hack forums and game forums like let's just put all these drivers in one place and and so the name living off the land or low drivers comes from uh conversation with Matt Graber and I am about drivers as well um he we would just call them little drivers and we had like a spreadsheet and we were just kind of like tracking and stuff and it just kind of stuck with me um obviously the more known one is byobd bring your own vulnerable driver uh and so if you search Twitter you probably won't find low drivers you'll definitely find byobb um and so the the idea here is let's find as many as possible and share it in one place where Defenders red teamers researchers can go and find these things and make it easy to consume as far as like being able to gather it or have detections for it so we published there's like a generic kind of easy API where you can grab everything on the site in a CSV or a Json if you want some kind of like can detection stuff we have Sigma rules that cover the different pieces of content categories there is a if you drill into one of them so like this one in particular this was a driver used in a campaign contributed by a good friend you can download it so if you wanted to like play with it you could download it you could run the simple service create here and then as I mentioned you know we have like the Yara built in here I don't know if I mentioned that yet but we have Yara uh we got the sigma rules and you got a sysmon config for alerting and blocking which is pretty sweet and then if you wanted to Pivot on just kind of like digging into it we do extract tons of metadata this is probably one of the the more Rich pieces to the project is all this metadata and one when we first added this one the rich PE header hash I was like I don't even know what this is like someone asked for it I think I was like I don't even know what that is I've never heard of it and I mean always be learning right like I was like I don't I have no idea what this is but sure we'll add it and then when we added it and I clicked on one of them and it took me to virus total all these linked to VT and I was like whoa like you could find even more evil this way like this is crazy and so it goes right back into the platform uh and then yeah here's all the all the certificate stuff um we've had requests to add all the TBS stuff the 2D signed hashes um yeah lots of great you know not customer feedback but Community feedback uh coming into the project and being able to add all this so that you know anybody who's curious or wants to know you can like dig through and find everything you need to find on the driver you know a lot of it's happening to where you as the defender or the researcher you almost don't even have to like go and rip it apart for the most part everything's here you're ready to go um obviously if you were trying to play with it from like a the x-blade side or you want to use it in a way like you'd have to take it to the next level so just to add a little bit more color I think because in case folks don't have the immediate Association for like the word driver uh Hey that means like you're hooking into and playing with the stuff that runs on the Kernel or at that kernel level for your computer so if it's vulnerable if it's got some whatever weird misconfigurations or other Oddities then hey maybe you could do some shady nefarious stuff hook into it to make it kill different processes or control different files or pieces and aspects of the file system that you wouldn't otherwise because look you've just got that super duper low level core driver again interacting with the with the kernel so I think it's incredible that like now there's this One-Stop shop to be able to I don't know at least get a lay of the land as to where what all is out there uh and how those can be abused and which of them even are abusable again both for offense and defense as you mentioned but is the download button new maybe I'm naive I feel like I completely missed it some time ago I didn't know you had a little cataloged and archived yeah yeah they're all there uh this is awesome yeah we try to anytime I think if you anytime you see the verified uh Arrow here check um it means that we you know have the driver we verify that it's like you know cross reference with like another resource so like you know mandian blog in this case or uh Microsoft driver block list things like that that's kind of how we verify it it's been seen and then we obviously try to download it and get the driver so that if you want to consume it you can there are some in here might be ever popular rock Explorer maybe that was it actually I know Jimmer is always a Hot Topic right I think I saw actually a lot of folks chatting about these days yep yeah so here's uh the proc Explorer um Naz had gone through and dumped a ton of time into fighting like almost every one that's out there so you can notice the scroll bar just kind of goes on but yeah you can download each one of these individually so if you were looking for like a particular hash that you saw or whatnot yep now can I ask how can folks use this as a springboard because look we've got the download functionality how do they like play with it or I don't know is there a way to just Speed Run getting it set up and actually uh tinkering with some of those commands or those things that you've already noted in there oh so as far as like kicking like get it running on your box yeah okay yeah trying to give you a cool cool segue yeah that's great okay so um so there's obviously a few things with Windows in general like uh most of these will be blocked uh I think um there was some research that came out I think it's like 60 70 percent of everything we have in here will be blocked by by Windows uh either Defender secure boot um yeah all the different pieces that Microsoft has done lately that will prevent 60 70 which is awesome um but there are times where maybe you want to install it either you downgraded your system and you just want to play uh and so one thing I want to share uh is at Texas cyber Summit uh coming up at the end of the month uh we're going to be doing a workshop for low drivers and um we created a cool page here to help uh defenders in the workshop learn a little bit more um the site allows us to kind of like show the initial access to kind of like when the service gets created and so on the back end of this little app that you see here it will create an HTA file that embeds the driver either you upload one or you click one here um it'll embed it into the HTA and just download it uh and then you just obviously double click your HTA it will drop the driver to disk it will randomly generate the name put it in like a random location uh and then um you know work to start it for you and basically just get it rolling for you kind of all in one make it easy for folks to test and see what this looks like and so I mean the giveaway is right we want folks to be able to play with a couple different things like htas a driver being written to disk random name different location non-standard path things like that and then obviously being created and there's there's multiple points of you know detection opportunities here and that's that's the idea of this and so we'll we'll definitely officially release this at uh Texas cyber Summit but there's your there's your sneak peek nice can I ask a horrible question and I don't know if I'm going to be putting you on the spot um but could we are you comfortable oh is there a peek at the source code is it how you all cook this together or is there maybe a demo and again I don't know if you have something at the ready and if not that's totally okay this is still just an awesome idea and I'm excited to see it come to life but but I'd ask in case there are any other fireworks we can set off okay so let's go ahead and dive in let me remember my password on the Fly ah no yeah this is the whole point we you know if you if you listen to atomics on a Friday it's do a demo or or don't right yeah and what is atomics on a Friday in case there are some folks that uh I don't mean to have you keep rambling while you're trying to type here but no you're good uh yeah topics on a Friday uh Paul Michaud and I we get together and we we geek out we showcase Atomic tests talk about detection opportunities and mitigations uh for all of it it's it's really fun it's random and it's been a it's been a really good time sweet hopefully I can get some folks hey coming to hang out and tune into to that show I know you guys have a lot of fun with it and there's Great Value there thank you uh yeah so here is the the base HTA file um it does all kind of the standard stuff you would see kind of in like a air quote let's just one um mostly focused on you know the base64 piece up at the top here it will write a log file to disk um which is kind of cool I think that's what was showing right here actually uh it just kind of gives you high level like hey it was written basic stuff um letting you know it worked and so does the logging um here's your base64 helper decode function and then down here uh this is actually the second one that I created so there's the standard base64 and then I also created another HTA uh which will embed the driver and Basics before reversed um and so this is the reverse one you can kind of see based on that and if I wasn't or if I do a word wrap it will obviously blow up our window here right so yeah let's go ahead and remove that from the moment um so it writes at the disk uh it does a random servicename.sys to the C Windows task directory so there's like you know one of our detection opportunities here and then it'll go through and run service create to start that driver for us and so as I mentioned you could just double tap it where is it at this one and it'll go and kick that off and I just have to test directory open over here and today's the 15th yep and so there's that one and I'm just double checking okay yeah so yeah this is the the correct one um yeah if you noticed on the uh on back on the stream list site there is a version where you can do a uh you can do like a oh God right yeah yeah yeah so you can re-sign it um just for fun and you know just to be able to do it a different way yeah that is so cool [Laughter] is Aurora I see it and I'm just laughing down at the bottom right just going crazy are there any of those that come from hey spinning up the driver or is it just other random shenanigans on your device I it's it's everything else happening in the background yeah it's like yeah if I like click something it freaks out like here's the Bobs there it goes you know anyway I know I stare at it sometimes it's so cool so hey next gist for a lot of folks that do want to get a chance to play with it like look you can pry open that dot sys file like explore the driver itself in either whatever and then I I'm pretty sure hey if you're just sending some of the the device i o control codes see where in the path of its logic you can make it do some Oddball interesting stuff um and potentially just I don't know tell it to manipulate uh things on the device and uh in case any of the hacker red team folks want to play but still hey knowing what happens there so The Blue Team Defender folks can track that and monitor it so cool and look I I think it spread like wildfire I feel like I've seen Twitter or X right a little bit go crazy over that by ovd bring your own vulnerable driver for sure yeah I I will say that at least the last six months it's amped up right as far as like it being reported and big reports um researchers digging into them yeah we've seen multiple tools get dropped that are using drivers now yeah it's definitely gaining a lot of steam and visibility which is awesome well sweet man hey thank you so much for a little bit of the crash course uh it's awesome and I again I want to help I don't know spread the uh the knowledge and get that info out to as many folks as we can because it's an incredible thing here but anything else to Showcase anything else I don't know you wanna uh I don't know mention between any other atomics on a Friday efforts or sweet stuff that you're up to how can folks track you down at Texas summer cyber Summit um yeah so Texas cyber summit we're there on the Friday which I think is like the 28th or 29th I can't remember um we'll be there doing the two-hour Workshop I can find me on Twitter X under M under score haggis LinkedIn kind of all those standard spots and locations yeah yeah yep or uh YouTube at atomics on a Friday nice nice is that that's a live show or is it always on YouTube or is there more on other platforms yeah it's live um we ship it out to Twitter twitch LinkedIn and YouTube so it's the same name across the board cool I know there will be a ton of folks hey interested in all that you guys are cooking up so yeah thank you so much man seriously this was very very cool and uh it's been really cool to hang out um I'd love to get my hands on it and I'm excited to see that HTA generator uh hit the public that'll help really streamline a lot of folks it's just probably a little bit too scared and squeamish to like what do I do with this driver thing yes that'll be good that'll be fun thanks again my friend appreciate everyone tuning in but I'll leave you to it

Original Description

LOLDrivers: https://loldrivers.io/ Mike Haag: https://twitter.com/M_haggis The HTA Generator will be released and in a public Github repository this Friday, September 29! :) Free Cybersecurity Education and Ethical Hacking 🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe! 🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon 🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor 🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/discord ↔ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/instagram ↔ https://jh.live/tiktok 💥 SEND ME MALWARE ➡ https://jh.live/malware
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from John Hammond · John Hammond · 0 of 60

← Previous Next →
1 Code Commentaries? PHP to JavaScript in Bash and PHP!
Code Commentaries? PHP to JavaScript in Bash and PHP!
John Hammond
2 Tutorials? MySQL connection with PHP and Bash!
Tutorials? MySQL connection with PHP and Bash!
John Hammond
3 Variable Naming in Python! Happy Birthday, Linux! Nokia N900!
Variable Naming in Python! Happy Birthday, Linux! Nokia N900!
John Hammond
4 JavaScript Splits The URL!
JavaScript Splits The URL!
John Hammond
5 HTML Tables in Python!
HTML Tables in Python!
John Hammond
6 HTML, Net Shares, GML!
HTML, Net Shares, GML!
John Hammond
7 Python 08 Programming Style and Comments
Python 08 Programming Style and Comments
John Hammond
8 Python 26 Object Oriented Programming
Python 26 Object Oriented Programming
John Hammond
9 75 Python Tutorials, Out Now!
75 Python Tutorials, Out Now!
John Hammond
10 Batch 14 Mathematical Expressions
Batch 14 Mathematical Expressions
John Hammond
11 Batch 85 Array Append
Batch 85 Array Append
John Hammond
12 Batch 86 Array Count
Batch 86 Array Count
John Hammond
13 Batch 87 Array Index
Batch 87 Array Index
John Hammond
14 Batch 88 Array Insert
Batch 88 Array Insert
John Hammond
15 Batch 89 Array Remove
Batch 89 Array Remove
John Hammond
16 Batch 90 Array Reverse
Batch 90 Array Reverse
John Hammond
17 Python [colorama] 00 Installing on Linux
Python [colorama] 00 Installing on Linux
John Hammond
18 Python [colorama] 09 Cursor Position
Python [colorama] 09 Cursor Position
John Hammond
19 Python [hashlib] 02 Algorithms
Python [hashlib] 02 Algorithms
John Hammond
20 Python 00 Installing IDLE on Linux
Python 00 Installing IDLE on Linux
John Hammond
21 Python [pygame] 11 Rectangular Collision Detection
Python [pygame] 11 Rectangular Collision Detection
John Hammond
22 Python [pygame] 12 Platforming Rectangular Collision Resolution
Python [pygame] 12 Platforming Rectangular Collision Resolution
John Hammond
23 Python [XML-RPC] 01 Research
Python [XML-RPC] 01 Research
John Hammond
24 Python [pyenchant] 03 Personal Word Lists
Python [pyenchant] 03 Personal Word Lists
John Hammond
25 FancyURLopener Authentication and User-Agent [urllib] 03
FancyURLopener Authentication and User-Agent [urllib] 03
John Hammond
26 Python 04: PEP8 Coding
Python 04: PEP8 Coding
John Hammond
27 Python Challenge! 17 COOKIES
Python Challenge! 17 COOKIES
John Hammond
28 Google CTF 2016: Ernst Echidna
Google CTF 2016: Ernst Echidna
John Hammond
29 Google CTF 2016: Spotted Quoll
Google CTF 2016: Spotted Quoll
John Hammond
30 Google CTF 2016: Can you Repo It?
Google CTF 2016: Can you Repo It?
John Hammond
31 Google CTF 2016: No Big Deal
Google CTF 2016: No Big Deal
John Hammond
32 Google CTF 2016: In Recorded Conversation
Google CTF 2016: In Recorded Conversation
John Hammond
33 Homemade CTF Challenge: 01 "Orchestra"
Homemade CTF Challenge: 01 "Orchestra"
John Hammond
34 Homemade CTF Challenge: 02 "Bae's Base"
Homemade CTF Challenge: 02 "Bae's Base"
John Hammond
35 Homemade CTF Challenge: 03 "Web Hunt"
Homemade CTF Challenge: 03 "Web Hunt"
John Hammond
36 Homemade CTF Challenge: 04 "UPX"
Homemade CTF Challenge: 04 "UPX"
John Hammond
37 Homemade CTF Challenge: 05 "The Assumption Song"
Homemade CTF Challenge: 05 "The Assumption Song"
John Hammond
38 Homemade CTF Challenge: 06 "A Brisk Stroll"
Homemade CTF Challenge: 06 "A Brisk Stroll"
John Hammond
39 Homemade CTF Challenge: 06 "I lost my password!"
Homemade CTF Challenge: 06 "I lost my password!"
John Hammond
40 web25 :: Mr. Robot : EKOPARTY CTF 2016
web25 :: Mr. Robot : EKOPARTY CTF 2016
John Hammond
41 web50 : RFC 7230 :: EKOPARTY CTF 2016
web50 : RFC 7230 :: EKOPARTY CTF 2016
John Hammond
42 misc50 : Hidden inside EKO :: EKOPARTY CTF 2016
misc50 : Hidden inside EKO :: EKOPARTY CTF 2016
John Hammond
43 Hack The Vote 2016 CTF: Sander's Fan Club [web100]
Hack The Vote 2016 CTF: Sander's Fan Club [web100]
John Hammond
44 Hack The Vote 2016 CTF Warpspeed [forensics150]
Hack The Vote 2016 CTF Warpspeed [forensics150]
John Hammond
45 Juniors CTF 2016 :: Black Suprematic Square
Juniors CTF 2016 :: Black Suprematic Square
John Hammond
46 Juniors CTF 2016 :: Six Strange Tales
Juniors CTF 2016 :: Six Strange Tales
John Hammond
47 Juniors CTF 2016 :: Lost Code
Juniors CTF 2016 :: Lost Code
John Hammond
48 Juniors CTF 2016 :: Here Goes!
Juniors CTF 2016 :: Here Goes!
John Hammond
49 Juniors CTF 2016 :: Southern Cross
Juniors CTF 2016 :: Southern Cross
John Hammond
50 Juniors CTF 2016 :: Clone Attack
Juniors CTF 2016 :: Clone Attack
John Hammond
51 Juniors CTF 2016 :: Dirty Repo
Juniors CTF 2016 :: Dirty Repo
John Hammond
52 Juniors CTF 2016 :: Hackers Blog
Juniors CTF 2016 :: Hackers Blog
John Hammond
53 Juniors CTF 2016 :: Voting!!!
Juniors CTF 2016 :: Voting!!!
John Hammond
54 Juniors CTF 2016 :: The Good, The Bad and The Junkman
Juniors CTF 2016 :: The Good, The Bad and The Junkman
John Hammond
55 Juniors CTF 2016 :: Stop Thief!
Juniors CTF 2016 :: Stop Thief!
John Hammond
56 Juniors CTF 2016 :: ROFL
Juniors CTF 2016 :: ROFL
John Hammond
57 Juniors CTF 2016 :: Restriced Area
Juniors CTF 2016 :: Restriced Area
John Hammond
58 Juniors CTF 2016 :: Oh SSH!
Juniors CTF 2016 :: Oh SSH!
John Hammond
59 HackCon CTF 2017 TRIVIA and BONUS Challenges
HackCon CTF 2017 TRIVIA and BONUS Challenges
John Hammond
60 HackCon CTF 2017 "Bacche" Challenges
HackCon CTF 2017 "Bacche" Challenges
John Hammond

The video provides a comprehensive overview of vulnerable kernel drivers for security research, including the use of Atomic Red Team and Living Off the Land (LOL) drivers. The speaker highlights the importance of community feedback and the addition of new features such as TBS stuff and 2D signed hashes, and provides a step-by-step guide on how to use the HTA generator and vulnerable kernel drivers for security research.

Key Takeaways
  1. Build a website to collect and share vulnerable drivers
  2. Create a generic API for retrieving drivers in CSV or JSON format
  3. Add Sigma rules for detection and Yara rules for identification
  4. Extract metadata from drivers
  5. Add sysmon config for alerting and blocking
  6. Download the drivers from the website
  7. Verify the drivers through cross-referencing with other resources
  8. Create an HTA file using the website's app
  9. Install the drivers on a Windows system
  10. Use the drivers for nefarious activities such as killing processes or controlling files and file system aspects
💡 The use of vulnerable kernel drivers for security research can provide valuable insights into the tactics and techniques used by attackers, and can help defenders improve their detection and response capabilities.

Related Reads

📰
We launched Zalanx — security monitoring for lean SaaS teams
Learn how Zalanx provides security monitoring for lean SaaS teams and why it matters for their protection
Dev.to · Zalanx
📰
OSINT Framework Mimarisi: Dijital İzleri “Actionable Intelligence”a Dönüştürme Protokolleri
Learn how to convert digital footprints into actionable intelligence using OSINT framework architecture
Medium · Cybersecurity
📰
Trust After AI: Why the Physical World Needs a Verification Layer
Learn why AI necessitates a verification layer in the physical world to establish trust
Medium · Cybersecurity
📰
Hunting Phishing Infrastructure on Netlify: Telegram Bot Exfiltration Across Multiple Lure Themes
Learn how to hunt phishing infrastructure on Netlify and uncover Telegram bot exfiltration methods across multiple lure themes
Medium · Cybersecurity
Up next
OpenAI GPT 5 5 Cyber Just Got an Upgrade – Is it BETTER Than Mythos 5 ?
MaxonShire
Watch →