LOLDrivers
LOLDrivers copied to clipboard
magicsword-io
Living Off The Land Drivers
Hey there, I came accross this [https://github.com/ZeroMemoryEx/Chaos-Rootkit](https://github.com/ZeroMemoryEx/Chaos-Rootkit) [https://www.virustotal.com/gui/file/bdc73f752c1353d41e877d8bf42a1c53f0bba7d6f52348aaef60e06f4d3087d0](https://www.virustotal.com/gui/file/bdc73f752c1353d41e877d8bf42a1c53f0bba7d6f52348aaef60e06f4d3087d0)
Hey there, I came accross this github page [https://github.com/myzxcg/RealBlindingEDR/](url) They reference 4 drivers, 2 are missing, namely wnBio.sys and GPU-Z.sys [https://www.virustotal.com/gui/file/530d9223ec7e4123532a403abef96dfd1af5291eb49497392ff5d14d18fccfbb](https://www.virustotal.com/gui/file/530d9223ec7e4123532a403abef96dfd1af5291eb49497392ff5d14d18fccfbb) wnBio.sys [https://www.virustotal.com/gui/file/f9418b5e90a235339a4a1a889490faca39cd117a51ba4446daa1011da06c7ecd](https://www.virustotal.com/gui/file/f9418b5e90a235339a4a1a889490faca39cd117a51ba4446daa1011da06c7ecd) GPU-Z.sys
Hello, is it possible to add this driver associated with FilSecLab products ? It haves CVEs associated with, and can be used to perform malicious actions. CVEs: https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1444 VT links:...
Potentially vulnerable sample of iobitunlocker.sys c79a2bb050af6436b10b58ef04dbc7082df1513cec5934432004eb56fba05e66 [VirusTotal](https://www.virustotal.com/gui/file/c79a2bb050af6436b10b58ef04dbc7082df1513cec5934432004eb56fba05e66/community) Potentially, in the sense, that I have not tested the PoC. Based on the signing date (2017-06-15 06:26:50 UTC) it could be compatible...
While investigating the repository, I found a few things that need to be cleaned up. Based on the data displayed on [ loldrivers.io](url): ## Duplicate hashes | Tag | SHA256...
samples: https://www.virustotal.com/gui/file/e8b1a0ddc7a4404eb3c46217e07b5ed91723f44464a6ef589634aeb4fb8f5666 https://www.virustotal.com/gui/file/e3a1f0d967335c8a080a5b1e7e3a06a61f6cea39739cda3ebab11d2908713d80 Seems to be related to `capcom.sys` (device name is obfuscated, and is `Htsysm4EFB`) Opus info says the responsible vendor is "株式会社DNPハイパーテック" so is probably related to [HyperTech...
hey guys! :) I am currently having some troubles to use/import the CSV file obtained from https://www.loldrivers.io/api/drivers.csv because the values are not enclosed within double quotes. checking other APIs like...
https://www.loldrivers.io/drivers/57354c82-ff9c-4a54-8377-d195e4ff0a26/ has a full POC that can be linked to the page available here: https://github.com/kagurazakasanae/Mhyprot2DrvControl/tree/main Kernel read/write,process memory and killing arbitrary processes from user-mode when sending the right IOCTLS :...
https://www.virustotal.com/gui/file/ddbf5ecca5c8086afde1fb4f551e9e6400e94f4428fe7fb5559da5cffa654cc1 https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/