While studying internals of a mechanism used by all EDR software to get information about processes activities on Windows, we came across a way for malicious processes to disable the generation of some security events related to process interactions. This…
FOCUS TECH BRING YOUR OWN VULNERABLE KERNEL DRIVER (BYOVKD) Facing the EDR behavioral supervision, attacker develops techniques for successful attacks by staying under the radars. One of these techniques is called BYOVKD: Bring Your Own Vulnerable Kernel Driver. Even if…
SOC teams are finding it more and more difficult to detect increasingly complex attacks that take place over ever larger perimeters. At the same time, they are bearing the full brunt of the explosion in the number of alerts to…
