Bring Your Own Vulnerable Driver

BYOVD attacks try to avoid defenses and bypass security. This technique involves using vulnerable legitimate drivers to hide or even remove security control systems.

Technical links

• 1068
• loldrivers

Usage

CLI

mtg traces drivers byovd C:/temp/a360ec883ef5383157080b2e185802ef.bin SeasunProtect loldrivers

File configuration

[[traces]]
[traces.byovd]
driver = "C:\\temp\\a360ec883ef5383157080b2e185802ef.bin"
name = "SeasunProtect"
description = "loldrivers"