sargx digital garden

Driver Abuse

1 min read

Content

https://www.loldrivers.io/

https://posts.specterops.io/methodology-for-static-reverse-engineering-of-windows-kernel-drivers-3115b2efed83?gi=881914209a81

https://www.cyberark.com/resources/threat-research-blog/finding-bugs-in-windows-drivers-part-1-wdm

https://mdanilor.github.io/posts/hevd-0/

RECON

  • manually review drivers in the registry: HKLM\System\ControlSet\Services\ , where Type is 0x1and ImagePath contains *.sys
  • use tooling like DriverQuery to run through C2.

🌱 Back to Garden

1 item under this folder.