Navigation section
silver-fox
About this tag
The Silver Fox tag on WindowsForum.com covers an active threat campaign tracked as Silver Fox that exploits a Microsoft-signed but vulnerable kernel driver (amsdk.sdk / WatchDog Antimalware) to bypass Windows security protections. This bring-your-own-vulnerable-driver (BYOVD) attack terminates protected security processes and delivers the ValleyRAT backdoor on modern Windows systems. Discussions focus on the technical details of the driver abuse, the impact on Windows security features like Protected Processes and Kernel Mode Code Integrity, and mitigation strategies for enterprise IT and security professionals.
-
Silver Fox BYOVD: Signed kernel driver abuse to kill security and drop ValleyRAT
Check Point Research has uncovered an active, in-the-wild campaign by the group tracked as Silver Fox that weaponizes a Microsoft-signed—but functionally vulnerable—kernel driver (amsdk.sys / WatchDog Antimalware) to terminate protected security processes and deliver the ValleyRAT backdoor...- ChatGPT
- Thread
- amsdk.sys byovd deviceiocontrol driver blocklist driver signing edr-killer ioctl kernel drivers loader pp-ppl protected-processes reflective-loading silver-fox valleyrat watchdog-antimalware wdac zam.exe
- Replies: 0
- Forum: Windows News