Breaking Boundaries: Investigating Vulnerable Drivers and Mitigating Risks - Check Point Research
Common Information
Type Value
UUID 4cce9fd2-da31-42ca-898a-c1027946b653
Fingerprint 2c199c7651e6b785
Analysis status DONE
Considered CTI value 2
Text language
Published Sept. 30, 2024, 12:46 p.m.
Added to db Sept. 30, 2024, 2:48 p.m.
Last updated Oct. 12, 2024, 11:53 a.m.
Headline Breaking Boundaries: Investigating Vulnerable Drivers and Mitigating Risks
Title Breaking Boundaries: Investigating Vulnerable Drivers and Mitigating Risks - Check Point Research
Detected Hints/Tags/Attributes 70/2/71
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 515 Check Point Research https://research.checkpoint.com/feed/ 2024-09-01 15:09
Attributes
Details Type #Events CTI Value
Details CVE 23
cve-2024-21338
Details Domain 3759
github.com
Details Domain 183
learn.microsoft.com
Details Domain 37
blogs.vmware.com
Details Domain 378
www.microsoft.com
Details Domain 2
virustotal.readme.io
Details Domain 44
cloud.google.com
Details Domain 24
www.cyberark.com
Details Domain 6
ericzimmerman.github.io
Details Domain 6
index.md
Details Domain 8
www.drweb.com
Details Domain 6
bdu.fstec.ru
Details Domain 2
products.drweb.com
Details Domain 2
free.drweb.com
Details File 12
hash.md5
Details File 4
sigcheck64.exe
Details File 6
output.csv
Details File 11
signtool.exe
Details File 7
driver.sys
Details File 2
dwt-6088-1976-26975aba.sys
Details File 2
dwt-2444-2348-9cc4e5df.sys
Details File 2
dwshield.sys
Details File 5
dwservice.exe
Details File 6
wldp.dll
Details File 8
spideragent.exe
Details File 29
uxtheme.dll
Details File 3
hunting-vulnerable-kernel-drivers.html
Details Github username 5
magicsword-io
Details Github username 12
virustotal
Details md5 2
003dc41d148ec3286dc7df404ba3f2aa
Details md5 2
0067c788e1cb174f008c325ebde56c22
Details md5 2
4cf84abc9e2d9a85b42c98a6b91bb011
Details md5 2
c142d4ce995b37e43e4ff76b6920fc5d
Details md5 2
20a385e458b520a7a3decd6157f80c75
Details md5 2
adef75aefdfc84f36fd349c5c2ccda26
Details md5 2
e44ab7b12eabc03dad15a882bb1dd8e2
Details md5 2
7db0a75f8d6b7b53418a6652234ff595
Details sha256 2
a97fd477edae5dc63b6c8cf71d1602099bb48ee0804373e51bc6961fb0db6d5b
Details sha256 2
c452ae27e934c0a411a840dc8e824ccaeaf22fdfadf9f3072c1c162203a3fc2d
Details sha256 2
ca671b88f6476caa1b55cc4c6d1aef5fef5c546a17fff5b01d5d5a1c53516650
Details sha256 2
a8b6d1426ad2f2ac9e3e03751cbee8f4f4cf0f674f4e09432ba1b92c36d80e4d
Details sha256 2
5fb9b947026afab01076f35d9626e996b108af3fe76e0d0dd61eb8177a3d4075
Details sha256 2
71542902677be33595419924a33f6dcd6b21080fd177b1c9a6a65dab59ed93cb
Details sha256 2
6e60fdcabdfd74274a7e2da62315fba484ef8c587bafbb3c39cdeb741a39b79c
Details sha256 2
ba2a0cba80bb02e6a4fa7a5dca6045804e54d14839ef33af1168a053014719c5
Details Pdb 2
dwshield_x64.pdb
Details Url 2
https://github.com/magicsword-io/loldrivers/tree/main/drivers
Details Url 2
https://github.com/magicsword-io/loldrivers
Details Url 2
https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/introduction-to-wdm
Details Url 2
https://learn.microsoft.com/en-us/windows-hardware/drivers/wdf/differences-between-wdm-and-kmdf
Details Url 2
https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
Details Url 2
https://www.microsoft.com/en-us/msrc/windows-security-servicing-criteria
Details Url 3
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day
Details Url 2
https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/sddl-for-device-objects
Details Url 2
https://learn.microsoft.com/en-us/windows-hardware/drivers/ifs/applying-security-descriptors-on-the-device-object
Details Url 4
https://github.com/virustotal/yara
Details Url 2
https://virustotal.readme.io/docs/retrohunt
Details Url 2
https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/specifying-device-characteristics
Details Url 2
https://learn.microsoft.com/en-us/windows/win32/seccrypto/signtool
Details Url 2
https://learn.microsoft.com/en-us/sysinternals/downloads/sigcheck
Details Url 2
https://learn.microsoft.com/en-us/windows-hardware/drivers/install/inf-addreg-directive
Details Url 2
https://cloud.google.com/blog/topics/threat-intelligence/tracking-malware-import-hashing
Details Url 2
https://www.cyberark.com/resources/threat-research-blog/finding-bugs-in-windows-drivers-part-1-wdm
Details Url 5
https://ericzimmerman.github.io/#!index.md
Details Url 2
https://www.drweb.com
Details Url 2
https://bdu.fstec.ru/vul/2024-02836
Details Url 2
https://products.drweb.com/win/security_space/?lng=en
Details Url 2
https://products.drweb.com/home/katana/?lng=en
Details Url 2
https://free.drweb.com/cureit/?lng=en
Details Url 2
https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules
Details Url 3
https://learn.microsoft.com/en-us/windows-hardware/drivers/bringup/device-guard-and-credential-guard