Topic: vulnerable driver blocklist

Sort by: Relevance | Date
  • Decade-Old EnCase Driver Still Defeats Modern EDR
    February 6, 2026

    Decade-Old EnCase Driver Still Defeats Modern EDR

    A new malware strain can disable modern EDR solutions by exploiting an outdated, revoked-but-still-loadable kernel driver from old EnCase forensics software. The attack uses a BYOVD technique, where the legitimate driver, once loaded, allows user-mode processes to kill critical security processes...

    Read More »
  • Forensic Tool's Signed Driver Exploited as EDR Killer
    February 5, 2026

    Forensic Tool's Signed Driver Exploited as EDR Killer

    Hackers exploited a revoked but still functional kernel driver from the EnCase forensic tool to disable endpoint security software, highlighting the threat of Bring Your Own Vulnerable Driver (BYOVD) attacks. The attackers initially breached the network via a SonicWall VPN lacking multi-factor au...

    Read More »

Related Topics

multi-factor authentication (2) vpn compromise (2) byovd technique (2) driver signature enforcement (2) backward compatibility (1) ransomware deployment (1) security recommendations (1) network reconnaissance (1)