Breaking Boundaries: Investigating Vulnerable Drivers and Mitigating Risks - Check Point Research
Tags
cmtmf-attack-pattern: Code Injection
attack-pattern: Data Direct Code Injection - T1540 Dll Side-Loading - T1574.002 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Tool - T1588.002 Vulnerabilities - T1588.006 Dll Side-Loading - T1073 Hypervisor - T1062 Rootkit - T1014 Rootkit
Show in Graph
Common Information
Type Value
UUID 4cce9fd2-da31-42ca-898a-c1027946b653
Fingerprint 2c199c7651e6b785
Analysis status DONE
Considered CTI value 2
Text language
Published Sept. 30, 2024, 12:46 p.m.
Added to db Sept. 30, 2024, 2:48 p.m.
Last updated Nov. 17, 2024, 7:44 p.m.
Headline Breaking Boundaries: Investigating Vulnerable Drivers and Mitigating Risks
Title Breaking Boundaries: Investigating Vulnerable Drivers and Mitigating Risks - Check Point Research
Detected Hints/Tags/Attributes 70/2/71
Source URLs
Redirection Url
Details Source https://research.checkpoint.com/2024/breaking-boundaries-investigating-vulnerable-drivers-and-mitigating-risks/
URL Provider
Details Provider Source level domain
Details checkpoint.com research.checkpoint.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 515 Check Point Research https://research.checkpoint.com/feed/ 2024-09-01 15:09
Attributes
Details Type #Events CTI Value
Details CVE 23 
cve-2024-21338
Details Domain 4127 
github.com
Details Domain 207 
learn.microsoft.com
Details Domain 37 
blogs.vmware.com
Details Domain 397 
www.microsoft.com
Details Domain 2 
virustotal.readme.io
Details Domain 50 
cloud.google.com
Details Domain 25 
www.cyberark.com
Details Domain 8 
ericzimmerman.github.io
Details Domain 8 
index.md
Details Domain 15 
www.drweb.com
Details Domain 6 
bdu.fstec.ru
Details Domain 2 
products.drweb.com
Details Domain 2 
free.drweb.com
Details File 12 
hash.md5
Details File 4 
sigcheck64.exe
Details File 7 
output.csv
Details File 11 
signtool.exe
Details File 9 
driver.sys
Details File 2 
dwt-6088-1976-26975aba.sys
Details File 2 
dwt-2444-2348-9cc4e5df.sys
Details File 2 
dwshield.sys
Details File 5 
dwservice.exe
Details File 7 
wldp.dll
Details File 8 
spideragent.exe
Details File 29 
uxtheme.dll
Details File 3 
hunting-vulnerable-kernel-drivers.html
Details Github username 5 
magicsword-io
Details Github username 12 
virustotal
Details md5 2 
003dc41d148ec3286dc7df404ba3f2aa
Details md5 2 
0067c788e1cb174f008c325ebde56c22
Details md5 2 
4cf84abc9e2d9a85b42c98a6b91bb011
Details md5 2 
c142d4ce995b37e43e4ff76b6920fc5d
Details md5 2 
20a385e458b520a7a3decd6157f80c75
Details md5 2 
adef75aefdfc84f36fd349c5c2ccda26
Details md5 2 
e44ab7b12eabc03dad15a882bb1dd8e2
Details md5 2 
7db0a75f8d6b7b53418a6652234ff595
Details sha256 2 
a97fd477edae5dc63b6c8cf71d1602099bb48ee0804373e51bc6961fb0db6d5b
Details sha256 2 
c452ae27e934c0a411a840dc8e824ccaeaf22fdfadf9f3072c1c162203a3fc2d
Details sha256 2 
ca671b88f6476caa1b55cc4c6d1aef5fef5c546a17fff5b01d5d5a1c53516650
Details sha256 2 
a8b6d1426ad2f2ac9e3e03751cbee8f4f4cf0f674f4e09432ba1b92c36d80e4d
Details sha256 2 
5fb9b947026afab01076f35d9626e996b108af3fe76e0d0dd61eb8177a3d4075
Details sha256 2 
71542902677be33595419924a33f6dcd6b21080fd177b1c9a6a65dab59ed93cb
Details sha256 2 
6e60fdcabdfd74274a7e2da62315fba484ef8c587bafbb3c39cdeb741a39b79c
Details sha256 2 
ba2a0cba80bb02e6a4fa7a5dca6045804e54d14839ef33af1168a053014719c5
Details Pdb 2 
dwshield_x64.pdb
Details Url 2 
https://github.com/magicsword-io/loldrivers/tree/main/drivers
Details Url 2 
https://github.com/magicsword-io/loldrivers
Details Url 2 
https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/introduction-to-wdm
Details Url 2 
https://learn.microsoft.com/en-us/windows-hardware/drivers/wdf/differences-between-wdm-and-kmdf
Details Url 2 
https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
Details Url 2 
https://www.microsoft.com/en-us/msrc/windows-security-servicing-criteria
Details Url 3 
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day
Details Url 2 
https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/sddl-for-device-objects
Details Url 2 
https://learn.microsoft.com/en-us/windows-hardware/drivers/ifs/applying-security-descriptors-on-the-device-object
Details Url 4 
https://github.com/virustotal/yara
Details Url 2 
https://virustotal.readme.io/docs/retrohunt
Details Url 2 
https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/specifying-device-characteristics
Details Url 2 
https://learn.microsoft.com/en-us/windows/win32/seccrypto/signtool
Details Url 2 
https://learn.microsoft.com/en-us/sysinternals/downloads/sigcheck
Details Url 2 
https://learn.microsoft.com/en-us/windows-hardware/drivers/install/inf-addreg-directive
Details Url 2 
https://cloud.google.com/blog/topics/threat-intelligence/tracking-malware-import-hashing
Details Url 2 
https://www.cyberark.com/resources/threat-research-blog/finding-bugs-in-windows-drivers-part-1-wdm
Details Url 7 
https://ericzimmerman.github.io/#!index.md
Details Url 2 
https://www.drweb.com
Details Url 2 
https://bdu.fstec.ru/vul/2024-02836
Details Url 2 
https://products.drweb.com/win/security_space/?lng=en
Details Url 2 
https://products.drweb.com/home/katana/?lng=en
Details Url 2 
https://free.drweb.com/cureit/?lng=en
Details Url 2 
https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules
Details Url 3 
https://learn.microsoft.com/en-us/windows-hardware/drivers/bringup/device-guard-and-credential-guard