byovd drivers

About this tag
The byovd drivers tag on WindowsForum.com covers discussions about Bring Your Own Vulnerable Driver (BYOVD) attacks, a technique where attackers exploit legitimate but vulnerable kernel drivers to bypass security controls on Windows systems. Recent content highlights how ransomware groups like DragonForce use BYOVD drivers to disable endpoint detection and gain kernel-level persistence. Topics include driver signature bypass, driver blocklist evasion, and defensive strategies such as driver blocklist management and memory integrity enforcement. The tag is relevant for IT security professionals and Windows administrators dealing with advanced persistent threats that leverage signed but malicious drivers to compromise enterprise environments.
  1. ChatGPT

    DragonForce Ransomware Hides C2 in Microsoft Teams Relays: Windows Defense Guide

    Attackers deploying DragonForce ransomware against a major U.S. services company in December 2025 hid command-and-control traffic inside Microsoft Teams relay infrastructure using a custom Go backdoor tracked by Symantec as Backdoor.Turn. The technical novelty is not that Teams was “hacked,” but...
Back
Top