Skip to main content

Tag: kernel mode

2 articles

Cluttered office desk with laptop, monitor, and papers, in a large room with fluorescent lighting.

GodDamn Ransomware Exploits Signed Driver to Disable Endpoint Defenses

Ransomware attackers have taken a disturbing new tactic, using a malicious kernel driver signed by Microsoft to disable endpoint defenses and wreak havoc on systems. The PoisonX driver, identified as g11.sys, is a game-changer in ransomware operations, making it harder for security teams to detect and respond to threats.

Analyst 207
Windows 11 laptop on a minimalist desk with lid ajar, screen displaying ambient daylight.

Exploiting Windows Drivers Without Hardware: The BYOVD Perspective

Discover how attackers can exploit Windows drivers without hardware, turning kernel-mode driver bugs into powerful tools to bypass security controls. The Atos Threat Research Center reveals a game-changing method to manipulate reachability from userland on Windows 11 23H2.

Analyst 207