DriverShield — Windows Kernel Driver Vulnerability Scanner & Malware Analysis Upload and analyze Windows .sys driver files for vulnerabilities, dangerous APIs, exploit patterns, and malicious behavior.

DriverShield is live — a free platform for analyzing Windows kernel drivers (.sys) for vulnerabilities, rootkit behavior, and BYOVD attack patterns.

200+ drivers already analyzed through our 14-stage inspection pipeline. API Available.

drivershield.io

#infosec #cybersecurity #BYOVD #threathunting

Cybercriminals exploit 34 vulnerable drivers to disable security systems using BYOVD attacks. Stay vigilant and update your defenses. #CyberSecurity #BYOVD #EDR #Ransomware Link: thedailytechfeed.com/cybercrimina...

54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security it is difficult to hide such malware read more about 54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security

54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security reconbee.com/54-edr-kille...

#EDRkillers #BYOVD #vulnerable #security

VEN0m Ransomware: BYOVD Detection Guide | Focused Hunts Analysis of VEN0m ransomware leveraging BYOVD driver exploitation with Splunk and KQL hunting queries. Includes MITRE ATT&CK mappings and behavioral detection.

VEN0m ransomware uses BYOVD (IMFForceDelete.sys) to kill AV/EDR before encrypting files.

We provide a summary of the threat to help your teams from executive to analysts.

www.focusedhunts.com/blog/hunting...

#ThreatHunting #Ransomware #BYOVD #BlueTeam #FocusedHunts #HuntingOffTheRed #HOTR

SonicWall VPN Breach & BYOVD EDR Killer

~Huntress~
Attackers breached SonicWall VPNs to deploy a BYOVD EDR killer using a revoked EnCase driver.
-
IOCs: 193. 160. 216. 221, 69. 10. 60. 250
-
#BYOVD #SonicWall #ThreatIntel

EDR Killers in Ransomware

~Eset~
Ransomware affiliates increasingly use BYOVD, anti-rootkits, and driverless EDR killers to disable security tools before encryption.
-
IOCs: EDRKillShifter, DemoKiller, AbyssKiller
-
#BYOVD #Ransomware #ThreatIntel

BYOVD-атаки на ядро Windows через драйверы: разбираю механику, воспроизвожу, строю защиту Вы настроили Sysmon, у вас р...

#BYOVD #EDR #Windows #kernel #Sysmon #SIEM #Lazarus #ransomware #reverse #engineering #SOC

Origin | Interest | Match

Warlock Ransomware Attack Chain

~Trendmicro~
Warlock ransomware exploits SharePoint, using BYOVD, Yuze, and tunnels for stealthy domain-wide compromise.
-
IOCs: 198. 13. 158. 193, code. translatevv. com, blnwx. com
-
#BYOVD #Ransomware #ThreatIntel

Fake job applications pack malware that disables EDR : Russian-speaking attackers lure HR staff into downloading ISO files that disable defenses

#Fake job applications pack #malware that kills EDR before stealing data
www.theregister.com/2026/03/10/m...

Russian-speaking cyber criminal targeting corporate HR teams for #DataTheft.
#CyberSecurity #InfoSec #CyberCrime #BlackSanta #BringYourOwnVulnerableDriver #BYOVD

Wormable XMRig Uses BYOVD Exploit
Read More: buff.ly/tYmgrV7

#XMRig #Cryptojacking #BYOVD #BringYourOwnVulnerableDriver #MalwareSpread #AirGappedRisk #ThreatResearch #CyberThreat

New cryptojacking campaign exploits BYOVD and logic bombs to deploy XMRig miner. Stay vigilant! #CyberSecurity #Cryptojacking #XMRig #BYOVD #LogicBomb Link: thedailytechfeed.com/advanced-cry...

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb downloading executables that contain malware read more about Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb reconbee.com/wormable-xmr...

#wormable #XMRigcampaign #XMRig #BYOVD #logicbomb

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. "Analysis of the recovered dropper, persistence triggers, and mining payload reveals a sophisticated, multi-stage infection prioritizing maximum cryptocurrency mining hashrate, often destabilizing the victim

iT4iNT SERVER Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb VDS VPS Cloud #Cybersecurity #Cryptojacking #XMRig #BYOVD #Malware

BYOVD: Silencing AV/EDR with CVE-2023-52271 Bring Your Own Vulnerable Device (BYOVD) is a technique used in red teaming that allows users to perform kernel-level actions by exploiting a vulnerable, legitimately signed kernel device driver. Dri...

BYOVD: Silencing AV/EDR with CVE-2023-52271 by @vict0ni.bsky.social

0x00sec.org/byovd-silenc...

#edr #cyber #cve #byovd #security #exploitation

【海外セキュリティ情報まとめ】リモート会議の落とし穴と私用スマホ…「目視」を欺く最新脅威｜Mb_SEC | 海外サイバーセキュリティ情報 今回は、従来の境界防御やウイルス対策ソフトだけでは守り切れない領域のニュースを紹介します。 リモート会議を逆手に取るAI偽動画、会社の外側にある個人のSNS、そしてセキュリティソフトを無力化するランサムウェア。攻撃者はシステムそのものではなく、人間と運用の隙間を狙っています。 1. 【AI偽動画の脅威】北朝鮮ハッカーによる「偽Zoom会議」の手口 参照元: Mandiant Blog 元...

従来の「境界防御」が通用しない、人間と運用の隙間を狙う脅威が台頭しています。

・北朝鮮による「AI偽動画」を用いたWeb会議詐欺（ClickFix攻撃）
・ドイツ当局が警告する、個人のSNS/チャットツールを標的としたフィッシング
・ランサムウェアBlack Bastaが採用した、セキュリティソフトを無効化するBYOVD攻撃
note.com/mb_sec/n/n5d...

#Mb_SEC #CyberSecurity #InfoSec #Deepfake #BYOVD #情シス

Reynolds ransomware uses BYOVD to disable security before encryption Researchers discovered Reynolds ransomware, which uses BYOVD technique to disable security tools and evade detection before encryption.

Reynolds ransomware is using BYOVD tactics to disable security tools before encryption.

By embedding a vulnerable signed driver, attackers can terminate EDR/AV at the kernel level, shrinking response time and increasing impact.

securityaffairs.com/187869/secur...

#CyberSecurity #Ransomware #BYOVD

New Reynolds ransomware embeds BYOVD tactics to disable EDR systems, complicating detection and mitigation. Stay vigilant! #CyberSecurity #Ransomware #BYOVD #EDR Link: thedailytechfeed.com/reynolds-ran...

Original post on securityaffairs.com

Reynolds ransomware uses BYOVD to disable security before encryption Researchers discovered Reynolds ransomware, which uses BYOVD technique to disable security tools and evade detection before encr...

#Breaking #News #Cyber #Crime #Malware #Security #BYOVD #Cybercrime #Hacking #hacking #news […]

Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools Researchers uncover Reynolds ransomware embedding a vulnerable BYOVD driver to kill EDR defenses, signaling advanced evasion in ransomware attacks.

Reynolds ransomware embeds a BYOVD driver to disable security tools before encryption — trusted drivers turned into attack enablers. Defense must look below the surface. 🚗💣 #BYOVD #Ransomware

Black Basta ransomware now embeds BYOVD tactics directly into payloads, enhancing defense evasion. Stay vigilant and update your security protocols. #CyberSecurity #Ransomware #BYOVD Link: thedailytechfeed.com/black-basta-...

Black Basta ransomware now embeds BYOVD components directly into payloads, enhancing defense evasion. Stay vigilant and update your security measures. #PotatoSecurity #Ransomware #BYOVD Link: thedailytechfeed.com/black-basta-...

Black Basta ransomware now embeds BYOVD components directly into payloads, enhancing defense evasion. Stay vigilant and update your security measures. #CyberSecurity #Ransomware #BYOVD Link: thedailytechfeed.com/black-basta-...

Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver (BYOVD) component for defense evasion purposes within the ransomware payload itself. BYOVD refers to an adversarial technique that abuses legitimate but flawed driver software to escalate privileges and disable Endpoint Detection

iT4iNT SERVER Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools VDS VPS Cloud #Cybersecurity #Ransomware #BYOVD #EDR #ThreatHunting

'Reynolds' Bundles BYOVD With Ransomware Payload Researchers discovered a vulnerable driver embedded in Reynolds' ransomware, illustrating the increasing popularity of the defense evasion technique.

Black Basta is bundling BYOVD techniques into ransomware payloads — abusing legit drivers to kill defenses before detonation. When trust is weaponized, detection must go deeper. 💣🧠 #BYOVD #Ransomware

Using EDR-Redir To Break EDR Via Bind Link and Cloud Filter the technique of exploiting the Bind Filter driver (bindflt.sys) to redirect folders containing the executable files of EDRs to a location that I completely control.

Original text by Zero Salarium


I. OVERVIEW


Endpoint Detection and Response (EDR) always provides strong protection for its executable file locations. #byovd #bypass #drivers #EDR #windows
core-jmp.org/?p=191

New The new Osiris ransomware strain shows links to Medusa and Inc groups, using a custom-signed malicious driver (Poortry/Abyssworker) to disable security software in a sophisticated BYOVD attack.

New Osiris ransomware borrows TTPs from Medusa & Inc gangs. 🐍 It uses a custom-signed driver ('Poortry') to kill EDR/AV before encrypting files. Also uses Rclone for data theft. #Ransomware #Osiris #BYOVD #ThreatIntel

New Osiris Ransomware Uses BYOVD
Read More: buff.ly/gpDP5Ho

#Ransomware #BYOVD #EndpointSecurity #OsirisRansomware #INCGroup #MalwareAnalysis #ThreatActors

New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack been connected to INC ransomware read more about New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack

New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack reconbee.com/new-osiris-r...

#Osiris #ransomware #ransomwareattack #POORTY #BYOVD #cyberattacks

New 'BYOVD' loader behind DeadLock ransomware attack

'Bring Your Own Vulnerable Driver'

blog.talosintelligence.com/byovd-loader...

#CyberSecurity #BYOVD #Deadlock #Ransomware

New A new ransomware group known as

New 'Gentlemen' ransomware group emerges, using advanced tactics like GPO modification for mass deployment and 'Bring Your Own Vulnerable Driver' (BYOVD) to bypass security. Double extortion attacks are on the rise. 🎩 #Ransomware #Gentlemen #BYOVD ...