Breaking Boundaries: Investigating Vulnerable Drivers and Mitigating Risks - Check Point Research
Tags
Common Information
Type | Value |
---|---|
UUID | 4cce9fd2-da31-42ca-898a-c1027946b653 |
Fingerprint | 2c199c7651e6b785 |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Sept. 30, 2024, 12:46 p.m. |
Added to db | Sept. 30, 2024, 2:48 p.m. |
Last updated | Oct. 12, 2024, 11:53 a.m. |
Headline | Breaking Boundaries: Investigating Vulnerable Drivers and Mitigating Risks |
Title | Breaking Boundaries: Investigating Vulnerable Drivers and Mitigating Risks - Check Point Research |
Detected Hints/Tags/Attributes | 70/2/71 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 515 | ✔ | Check Point Research | https://research.checkpoint.com/feed/ | 2024-09-01 15:09 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | CVE | 23 | cve-2024-21338 |
|
Details | Domain | 3759 | github.com |
|
Details | Domain | 183 | learn.microsoft.com |
|
Details | Domain | 37 | blogs.vmware.com |
|
Details | Domain | 378 | www.microsoft.com |
|
Details | Domain | 2 | virustotal.readme.io |
|
Details | Domain | 44 | cloud.google.com |
|
Details | Domain | 24 | www.cyberark.com |
|
Details | Domain | 6 | ericzimmerman.github.io |
|
Details | Domain | 6 | index.md |
|
Details | Domain | 8 | www.drweb.com |
|
Details | Domain | 6 | bdu.fstec.ru |
|
Details | Domain | 2 | products.drweb.com |
|
Details | Domain | 2 | free.drweb.com |
|
Details | File | 12 | hash.md5 |
|
Details | File | 4 | sigcheck64.exe |
|
Details | File | 6 | output.csv |
|
Details | File | 11 | signtool.exe |
|
Details | File | 7 | driver.sys |
|
Details | File | 2 | dwt-6088-1976-26975aba.sys |
|
Details | File | 2 | dwt-2444-2348-9cc4e5df.sys |
|
Details | File | 2 | dwshield.sys |
|
Details | File | 5 | dwservice.exe |
|
Details | File | 6 | wldp.dll |
|
Details | File | 8 | spideragent.exe |
|
Details | File | 29 | uxtheme.dll |
|
Details | File | 3 | hunting-vulnerable-kernel-drivers.html |
|
Details | Github username | 5 | magicsword-io |
|
Details | Github username | 12 | virustotal |
|
Details | md5 | 2 | 003dc41d148ec3286dc7df404ba3f2aa |
|
Details | md5 | 2 | 0067c788e1cb174f008c325ebde56c22 |
|
Details | md5 | 2 | 4cf84abc9e2d9a85b42c98a6b91bb011 |
|
Details | md5 | 2 | c142d4ce995b37e43e4ff76b6920fc5d |
|
Details | md5 | 2 | 20a385e458b520a7a3decd6157f80c75 |
|
Details | md5 | 2 | adef75aefdfc84f36fd349c5c2ccda26 |
|
Details | md5 | 2 | e44ab7b12eabc03dad15a882bb1dd8e2 |
|
Details | md5 | 2 | 7db0a75f8d6b7b53418a6652234ff595 |
|
Details | sha256 | 2 | a97fd477edae5dc63b6c8cf71d1602099bb48ee0804373e51bc6961fb0db6d5b |
|
Details | sha256 | 2 | c452ae27e934c0a411a840dc8e824ccaeaf22fdfadf9f3072c1c162203a3fc2d |
|
Details | sha256 | 2 | ca671b88f6476caa1b55cc4c6d1aef5fef5c546a17fff5b01d5d5a1c53516650 |
|
Details | sha256 | 2 | a8b6d1426ad2f2ac9e3e03751cbee8f4f4cf0f674f4e09432ba1b92c36d80e4d |
|
Details | sha256 | 2 | 5fb9b947026afab01076f35d9626e996b108af3fe76e0d0dd61eb8177a3d4075 |
|
Details | sha256 | 2 | 71542902677be33595419924a33f6dcd6b21080fd177b1c9a6a65dab59ed93cb |
|
Details | sha256 | 2 | 6e60fdcabdfd74274a7e2da62315fba484ef8c587bafbb3c39cdeb741a39b79c |
|
Details | sha256 | 2 | ba2a0cba80bb02e6a4fa7a5dca6045804e54d14839ef33af1168a053014719c5 |
|
Details | Pdb | 2 | dwshield_x64.pdb |
|
Details | Url | 2 | https://github.com/magicsword-io/loldrivers/tree/main/drivers |
|
Details | Url | 2 | https://github.com/magicsword-io/loldrivers |
|
Details | Url | 2 | https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/introduction-to-wdm |
|
Details | Url | 2 | https://learn.microsoft.com/en-us/windows-hardware/drivers/wdf/differences-between-wdm-and-kmdf |
|
Details | Url | 2 | https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html |
|
Details | Url | 2 | https://www.microsoft.com/en-us/msrc/windows-security-servicing-criteria |
|
Details | Url | 3 | https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day |
|
Details | Url | 2 | https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/sddl-for-device-objects |
|
Details | Url | 2 | https://learn.microsoft.com/en-us/windows-hardware/drivers/ifs/applying-security-descriptors-on-the-device-object |
|
Details | Url | 4 | https://github.com/virustotal/yara |
|
Details | Url | 2 | https://virustotal.readme.io/docs/retrohunt |
|
Details | Url | 2 | https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/specifying-device-characteristics |
|
Details | Url | 2 | https://learn.microsoft.com/en-us/windows/win32/seccrypto/signtool |
|
Details | Url | 2 | https://learn.microsoft.com/en-us/sysinternals/downloads/sigcheck |
|
Details | Url | 2 | https://learn.microsoft.com/en-us/windows-hardware/drivers/install/inf-addreg-directive |
|
Details | Url | 2 | https://cloud.google.com/blog/topics/threat-intelligence/tracking-malware-import-hashing |
|
Details | Url | 2 | https://www.cyberark.com/resources/threat-research-blog/finding-bugs-in-windows-drivers-part-1-wdm |
|
Details | Url | 5 | https://ericzimmerman.github.io/#!index.md |
|
Details | Url | 2 | https://www.drweb.com |
|
Details | Url | 2 | https://bdu.fstec.ru/vul/2024-02836 |
|
Details | Url | 2 | https://products.drweb.com/win/security_space/?lng=en |
|
Details | Url | 2 | https://products.drweb.com/home/katana/?lng=en |
|
Details | Url | 2 | https://free.drweb.com/cureit/?lng=en |
|
Details | Url | 2 | https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules |
|
Details | Url | 3 | https://learn.microsoft.com/en-us/windows-hardware/drivers/bringup/device-guard-and-credential-guard |