VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

BYOVD: Vulnerable Drivers Exploitable Without Hardware

BYOVD: уязвимые драйверы эксплуатируемы без аппаратуры

Colleagues, I’d like to draw your attention to a cybersecurity article demonstrating that many Windows drivers remain reachable from user mode without the corresponding hardware.

- Core: kernel vulnerabilities can be made exploitable by manipulating initialization (AddDevice, device objects).
- Practice: creating software PnP devices (devcon/SetupAPI, SoftwareDevice), forcing driver binding and reordering filters.
- Limits: hardware probe checks usually require KM components or a hypervisor.

Why it matters: expands the set of BYOVD candidates and necessitates monitoring for 'fake' devices and changes to Upper/LowerFilters.

What detection and prevention measures would you prioritise?

#cybersecurity #drivers #BYOVD #infosec

Latest comments

No comments yet.