Bring Your Own Driver

EDR killer tool uses signed kernel driver from forensic software

February 6, 2026February 6, 2026 geekfeed0Tagged Bring Your Own Driver, BYOVD, driver, EDR, EDR Bypass, ransomware, windows

Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in attempts to deactivate them. An EDR killer is a malicious tool created specifically to bypass or disable endpoint detection and response (EDR) tools, along with other security solutions. They typically use vulnerable drivers to unhook […]

3 mins read

Akira ransomware abuses CPU tuning tool to disable Microsoft Defender

August 10, 2025August 10, 2025 geekfeed0Tagged Akira, Bring Your Own Driver, BYOVD, ransomware, SonicWall

Akira ransomware is abusing a legitimate Intel CPU tuning driver to turn off Microsoft Defender in attacks from security tools and EDRs running on target machines. The abused driver is ‘rwdrv.sys’ (used by ThrottleStop), which the threat actors register as a service to gain kernel-level access. This driver is likely used to load a second driver, […]

3 mins read

Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks

March 4, 2025March 4, 2025 geekfeed0Tagged Actively Exploited, Bring Your Own Driver, BYOVD, Elevation of Privileges, Microsoft Vulnerable Driver Blocklist, Paragon Partition Manager, Privilege Escalation, ransomware

Microsoft had discovered five Paragon Partition Manager BioNTdrv.sys driver flaws, with one used by ransomware gangs in zero-day attacks to gain SYSTEM privileges in Windows. The vulnerable drivers were exploited in ‘Bring Your Own Vulnerable Driver’ (BYOVD) attacks where threat actors drop the kernel driver on a targeted system to elevate privileges. “An attacker with local access to a […]

4 mins read

New SteelFox malware hijacks Windows PCs using vulnerable driver

November 6, 2024November 6, 2024 geekfeed0Tagged Bring Your Own Driver, BYOVD, Information Stealer, Information-stealing malware, malware, SteelFox, vulnerability, windows

A new malicious package called ‘SteelFox’ mines for cryptocurrency and steals credit card data by using the “bring your own vulnerable driver” technique to get SYSTEM privileges on Windows machines. The malware bundle dropper is distributed through forums and torrent trackers as a crack tool that activates legitimate versions of various software like Foxit PDF Editor, JetBrains and […]

3 mins read

Windows driver zero-day exploited by Lazarus hackers to install rootkit

August 20, 2024August 20, 2024 geekfeed0Tagged Bring Your Own Driver, BYOVD, CVE-2024-38193, Lazarus Group, vulnerability, Zero-Day

The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. Microsoft fixed the flaw, tracked as CVE-2024-38193 during its August 2024 Patch Tuesday, along with seven other zero-day vulnerabilities. CVE-2024-38193 is a Bring Your Own Vulnerable Driver (BYOVD) vulnerability in the Windows Ancillary Function […]

3 mins read