You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
byovd drivers
About this tag
The byovd drivers tag on WindowsForum.com covers discussions about Bring Your Own Vulnerable Driver (BYOVD) attacks, a technique where attackers exploit legitimate but vulnerable kernel drivers to bypass security controls on Windows systems. Recent content highlights how ransomware groups like DragonForce use BYOVD drivers to disable endpoint detection and gain kernel-level persistence. Topics include driver signature bypass, driver blocklist evasion, and defensive strategies such as driver blocklist management and memory integrity enforcement. The tag is relevant for IT security professionals and Windows administrators dealing with advanced persistent threats that leverage signed but malicious drivers to compromise enterprise environments.
Attackers deploying DragonForce ransomware against a major U.S. services company in December 2025 hid command-and-control traffic inside Microsoft Teams relay infrastructure using a custom Go backdoor tracked by Symantec as Backdoor.Turn. The technical novelty is not that Teams was “hacked,” but...