EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses
Stopping EDR killers, which employ bring-your-own-vulnerable-driver (BYOVD) attack techniques, is difficult, but not impossible.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Stopping EDR killers, which employ bring-your-own-vulnerable-driver (BYOVD) attack techniques, is difficult, but not impossible.
By weaponizing the ThrottleStop.sys driver, attackers are disrupting antivirus and endpoint detection and response (EDR) systems.
After loading a vulnerable driver, the utility uses a public exploit to gain privilege escalation and the ability to disable endpoint protection software.
Microsoft, three others release patches to fix a vulnerability in their respective products that enables such manipulation. Potentially other EDR products affected as well.
EDR solution provides comprehensive threat detection and reduces the risk of compromise with vulnerability management and patching all from a single agent.