You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
zam.exe
About this tag
The zam.exe tag on WindowsForum.com covers discussions about the Silver Fox threat group's BYOVD (Bring Your Own Vulnerable Driver) campaign, which abuses a Microsoft-signed kernel driver (amsdk.sys) to terminate security processes and deploy the ValleyRAT backdoor. This tag is relevant for users researching kernel driver abuse, signed driver vulnerabilities, and advanced malware delivery techniques on modern Windows systems. Content under this tag focuses on the technical details of the attack, including how the vulnerable driver is used to bypass Windows security features like Protected Processes and Kernel Mode Code Integrity.
Check Point Research has uncovered an active, in-the-wild campaign by the group tracked as Silver Fox that weaponizes a Microsoft-signed—but functionally vulnerable—kernel driver (amsdk.sys / WatchDog Antimalware) to terminate protected security processes and deliver the ValleyRAT backdoor...