Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
akkem
Contributor III
‎09-12-2025 10:45 AM
‎09-12-2025 10:45 AM

BYOVD Attacks

Ransomware group is weaponizing a legitimate but vulnerable driver to disable or kill security process (AV / EDR) on victim machines.

This is accomplished through what's known as a bring-your-own-vulnerable-driver (BYOVD) attack , in which threat actors use the driver's kernel-level access to manipulate and even terminate processes that would otherwise be protected.

 

 

Implement strict driver control policies, ensuring only trusted and patched drivers can be loaded. Continuously monitor for abnormal driver activity and privilege escalation attempts to quickly detect and block BYOVD attacks.

 

Reply
0 Replies