在一个案例中，研究人员发现攻击者疑似将向日葵漏洞“武器化”。首先利用向日葵软件漏洞安装了一个 PowerShell 脚本，该脚本又利用 BYOVD 技术使 ...

BYOVD has been a fact of life for at least a decade. Malware dubbed "Slingshot" employed BYOVD since at least 2012, and other early entrants to the BYOVD scene included LoJax, InvisiMole, and ...

This BYOVD primer, authored by ESET's Michal Poslušný, lists a host of other known vulnerable drivers that have been used to break Microsoft's DSE.. Given the history, you might think that ...

Using the BYOVD technique for privilege escalation has been typical for nation-state actors and ransomware groups, and is rarely observed with info-stealers.

It claimed Microsoft had spotted BYOVD attacks exploiting CVE-2025-0289, an insecure kernel resource access vulnerability in version 17 of Paragon Partition Manager’s BioNTdrv.sys driver. The exploit ...

Microsoft has released the KB5049981 cumulative update for Windows 10 22H2 and Windows 10 21H2, which contains an updated Kernel driver blocklist to prevent Bring Your Own Vulnerable Driver (BYOVD ...

So what use is the BYOVD attack, when it takes administrative access to pull off? SentinelLabs is witholding their proof-of-concept, but we can speculate.

A new hacking campaign exploits Sunlogin flaws to deploy the Sliver post-exploitation toolkit and launch Windows Bring Your Own Vulnerable Driver (BYOVD) attacks to disable security software.

Patch Tuesday fixes BYOVD attack with Windows Kernel Vulnerable Driver Blocklist file. Windows 11 24H2 update causes issues ...