54 EDR Killers Use BYOVD to Exploit 34 Signed Vulnerable Drivers and Disable Security A new analysis found 54 EDR killers abusing 34 vulnerable drivers via the bring your own vulnerable driver (BYOVD) technique to gain kernel privileges and disable endpoint protections before encryption. These tools are developed by closed ransomware groups, proof-of-concept forkers, and marketplace sellers and include examples such as DemoKiller, EDRSilencer, and...

54 EDR killers exploit 34 signed vulnerable drivers using BYOVD to gain kernel privileges and disable endpoint protections before encryption. Tools come from ransomware groups, POC forkers, and marketplace sellers. #KernelExploitation #EDRKiller

2/14 Alternative Exploitation: Instead of the write-up's method, @chc4 suggests a type confusion attack by spraying sockets & incorrectly casting them to `vsock_sock` for kernel memory control. Tricky stuff! 🤯 #KernelExploitation #TypeConfusion #Security