{"id":34412,"date":"2024-08-13T05:09:20","date_gmt":"2024-08-13T05:09:20","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=34412"},"modified":"2024-08-13T05:09:23","modified_gmt":"2024-08-13T05:09:23","slug":"driverjack","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/driverjack\/","title":{"rendered":"DriverJack &#8211; Exploiting NTFS Techniques For Covert Driver Loading"},"content":{"rendered":"\n<p><strong>DriverJack<\/strong>\u00a0is a tool designed to load a vulnerable driver by abusing lesser-known NTFS techniques. <\/p>\n\n\n\n<p>These method bypass the registration of a Driver Service on the system by hijacking an existing service, and also spoof the image path presented in the Driver Load event. <\/p>\n\n\n\n<p>To further masquerade the presence of a vulnerable driver, the attack also abuses an Emulated Filesystem Read-Only bypass to swap the content of a driver file on a mounted ISO before loading it.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Emulated Filesystem Read-Only Bypass<\/strong><a href=\"https:\/\/github.com\/klezVirus\/DriverJack#emulated-filesystem-read-only-bypass\"><\/a><\/h2>\n\n\n\n<p>DriverJack abuses the possibility of remapping files mounted on emulated filesystems to RW pages to overwrite their contents. This RO bypass is implemented in&nbsp;<strong>IoCdfsLib<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Attack Overview<\/strong><a href=\"https:\/\/github.com\/klezVirus\/DriverJack#attack-overview\"><\/a><\/h2>\n\n\n\n<p>Once the ISO is mounted, the attack proceeds by selecting a service driver that can be started or stopped, or one that can be triggered, requiring administrative privileges unless misconfigured.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Key Attack Phases<\/strong><a href=\"https:\/\/github.com\/klezVirus\/DriverJack#key-attack-phases\"><\/a><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>ISO Mounting and Driver Selection<\/strong>\n<ul class=\"wp-block-list\">\n<li>The attack begins with mounting the ISO as a filesystem.<\/li>\n\n\n\n<li>The attacker selects a service driver that can be manipulated, focusing on those that can be started or restarted without immediate detection.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Hijacking the Driver Path<\/strong>\n<ul class=\"wp-block-list\">\n<li>The core of the attack involves hijacking the driver path. The methods used include:\n<ul class=\"wp-block-list\">\n<li><strong>Direct Reparse Point Abuse<\/strong><\/li>\n\n\n\n<li><strong>DosDevice Global Symlink Abuse<\/strong><\/li>\n\n\n\n<li><strong>Drive Mountpoint Swap<\/strong><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Attack Techniques<\/strong><a href=\"https:\/\/github.com\/klezVirus\/DriverJack#attack-techniques\"><\/a><\/h3>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>1. Direct Reparse Point Abuse<\/strong><a href=\"https:\/\/github.com\/klezVirus\/DriverJack#1-direct-reparse-point-abuse\"><\/a><\/h3>\n\n\n\n<p>This technique exploits the ability of an installer to access the\u00a0<code>C:\\Windows\\System32\\drivers<\/code>\u00a0directory directly, allowing a malicious symbolic link to be placed there. <\/p>\n\n\n\n<p>The symbolic link is processed by the OS with precedence, leading to the malicious driver being loaded when the service is restarted.<\/p>\n\n\n\n<p><strong>Key Steps:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The\u00a0<code>NtLoadDriver<\/code>\u00a0function normalizes the NT Path of the symbolic link.<\/li>\n\n\n\n<li>When the service is restarted, the malicious driver is loaded. However, the Load Driver event will show the real path of the driver image being loaded, pointing to the ISO mountpoint.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>2. NT Symlink Abuse<\/strong><a href=\"https:\/\/github.com\/klezVirus\/DriverJack#2-nt-symlink-abuse\"><\/a><\/h3>\n\n\n\n<p>Developed in collaboration with jonasLyk of the Secret Club hacker collective, this method involves redirecting the\u00a0<code>\\Device\\BootDevice<\/code>\u00a0NT symbolic link, part of the path from which a driver binary is loaded. <\/p>\n\n\n\n<p>This allows for the hiding of a rootkit within the system.<\/p>\n\n\n\n<p><strong>Steps:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Gain SYSTEM privileges.<\/li>\n\n\n\n<li>Backup the\u00a0<code>BootDevice<\/code>\u00a0symlink target.<\/li>\n\n\n\n<li>Tamper with the\u00a0<code>BootDevice<\/code>\u00a0symlink to point to the mounted ISO.<\/li>\n\n\n\n<li>Start\/Restart the service.<\/li>\n\n\n\n<li>Restore the\u00a0<code>BootDevice<\/code>\u00a0symlink target.<\/li>\n<\/ul>\n\n\n\n<p>This method was inspired by techniques used in the unDefender project to disable the Windows Defender service and driver. <\/p>\n\n\n\n<p>The Load Driver event will still show the real path of the driver being loaded, pointing to the ISO mountpoint.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>3. Mount Point Swapping<\/strong><a href=\"https:\/\/github.com\/klezVirus\/DriverJack#3-mount-point-swapping\"><\/a><\/h3>\n\n\n\n<p>Although widely known, this technique is rarely used due to the potential for system instability. <\/p>\n\n\n\n<p>It involves temporarily changing the drive letter assigned to the\u00a0<code>BootPartition<\/code>, tricking the driver load process to access a different drive. <\/p>\n\n\n\n<p>When combined with NT Symlink Abuse, explained before, this technique can completely masquerade the path of the driver being loaded, bypassing detection by SysMon and other monitoring tools.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Conclusion<\/strong><a href=\"https:\/\/github.com\/klezVirus\/DriverJack#conclusion\"><\/a><\/h2>\n\n\n\n<p><strong>DriverJack<\/strong>&nbsp;demonstrates another, non-conventional way for vulnerable driver-loading that leverages CDFS emulated filesystems and lesser-known NTFS symbolic link properties.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>DriverJack\u00a0is a tool designed to load a vulnerable driver by abusing lesser-known NTFS techniques. These method bypass the registration of a Driver Service on the system by hijacking an existing service, and also spoof the image path presented in the Driver Load event. To further masquerade the presence of a vulnerable driver, the attack also [&hellip;]<\/p>\n","protected":false},"author":12,"featured_media":34415,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEizyWAwWqMEowQCu4YOEyb_4b3aoeruhSMSgQTCRlvb51d0KFn6vQ-ht857Ct9WH4Xv5yF0Fq-Sy6dcLLnKyRQ2Q95msMTrCF4pjCc1NA3jjMpbng5kUDzUuY719ZkD-t4hztTGkMI6VTLrGq0byaU0NZM3Tg5imyEBOt-9QPX4Hv9bk9PVsMOWNjbddG7T\/s16000\/DriverJack%20.webp","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[22],"tags":[737,6890,6321,6052,6325],"class_list":["post-34412","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-et","tag-cybersecurity","tag-driverjack","tag-informationsecurity","tag-kalilinux","tag-kalilinuxtools"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>DriverJack - Exploiting NTFS Techniques For Covert Driver Loading<\/title>\n<meta name=\"description\" content=\"DriverJack\u00a0is a tool designed to load a vulnerable driver by abusing lesser-known NTFS techniques. These method bypass the registration of a\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/driverjack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DriverJack - Exploiting NTFS Techniques For Covert Driver Loading\" \/>\n<meta property=\"og:description\" content=\"DriverJack\u00a0is a tool designed to load a vulnerable driver by abusing lesser-known NTFS techniques. These method bypass the registration of a\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/driverjack\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-13T05:09:20+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-13T05:09:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEizyWAwWqMEowQCu4YOEyb_4b3aoeruhSMSgQTCRlvb51d0KFn6vQ-ht857Ct9WH4Xv5yF0Fq-Sy6dcLLnKyRQ2Q95msMTrCF4pjCc1NA3jjMpbng5kUDzUuY719ZkD-t4hztTGkMI6VTLrGq0byaU0NZM3Tg5imyEBOt-9QPX4Hv9bk9PVsMOWNjbddG7T\/s16000\/DriverJack%20.webp\" \/>\n<meta name=\"author\" content=\"Varshini\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEizyWAwWqMEowQCu4YOEyb_4b3aoeruhSMSgQTCRlvb51d0KFn6vQ-ht857Ct9WH4Xv5yF0Fq-Sy6dcLLnKyRQ2Q95msMTrCF4pjCc1NA3jjMpbng5kUDzUuY719ZkD-t4hztTGkMI6VTLrGq0byaU0NZM3Tg5imyEBOt-9QPX4Hv9bk9PVsMOWNjbddG7T\/s16000\/DriverJack%20.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Varshini\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/driverjack\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/driverjack\/\"},\"author\":{\"name\":\"Varshini\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa\"},\"headline\":\"DriverJack &#8211; Exploiting NTFS Techniques For Covert Driver Loading\",\"datePublished\":\"2024-08-13T05:09:20+00:00\",\"dateModified\":\"2024-08-13T05:09:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/driverjack\/\"},\"wordCount\":506,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/driverjack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEizyWAwWqMEowQCu4YOEyb_4b3aoeruhSMSgQTCRlvb51d0KFn6vQ-ht857Ct9WH4Xv5yF0Fq-Sy6dcLLnKyRQ2Q95msMTrCF4pjCc1NA3jjMpbng5kUDzUuY719ZkD-t4hztTGkMI6VTLrGq0byaU0NZM3Tg5imyEBOt-9QPX4Hv9bk9PVsMOWNjbddG7T\/s16000\/DriverJack%20.webp\",\"keywords\":[\"cybersecurity\",\"DriverJack\",\"informationsecurity\",\"kalilinux\",\"kalilinuxtools\"],\"articleSection\":[\"Exploitation Tools\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/driverjack\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/driverjack\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/driverjack\/\",\"name\":\"DriverJack - Exploiting NTFS Techniques For Covert Driver Loading\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/driverjack\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/driverjack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEizyWAwWqMEowQCu4YOEyb_4b3aoeruhSMSgQTCRlvb51d0KFn6vQ-ht857Ct9WH4Xv5yF0Fq-Sy6dcLLnKyRQ2Q95msMTrCF4pjCc1NA3jjMpbng5kUDzUuY719ZkD-t4hztTGkMI6VTLrGq0byaU0NZM3Tg5imyEBOt-9QPX4Hv9bk9PVsMOWNjbddG7T\/s16000\/DriverJack%20.webp\",\"datePublished\":\"2024-08-13T05:09:20+00:00\",\"dateModified\":\"2024-08-13T05:09:23+00:00\",\"description\":\"DriverJack\u00a0is a tool designed to load a vulnerable driver by abusing lesser-known NTFS techniques. These method bypass the registration of a\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/driverjack\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/driverjack\/#primaryimage\",\"url\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEizyWAwWqMEowQCu4YOEyb_4b3aoeruhSMSgQTCRlvb51d0KFn6vQ-ht857Ct9WH4Xv5yF0Fq-Sy6dcLLnKyRQ2Q95msMTrCF4pjCc1NA3jjMpbng5kUDzUuY719ZkD-t4hztTGkMI6VTLrGq0byaU0NZM3Tg5imyEBOt-9QPX4Hv9bk9PVsMOWNjbddG7T\/s16000\/DriverJack%20.webp\",\"contentUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEizyWAwWqMEowQCu4YOEyb_4b3aoeruhSMSgQTCRlvb51d0KFn6vQ-ht857Ct9WH4Xv5yF0Fq-Sy6dcLLnKyRQ2Q95msMTrCF4pjCc1NA3jjMpbng5kUDzUuY719ZkD-t4hztTGkMI6VTLrGq0byaU0NZM3Tg5imyEBOt-9QPX4Hv9bk9PVsMOWNjbddG7T\/s16000\/DriverJack%20.webp\",\"width\":\"1600\",\"height\":\"900\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa\",\"name\":\"Varshini\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g\",\"caption\":\"Varshini\"},\"description\":\"Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.\",\"sameAs\":[\"http:\/\/kalilinuxtutorials.com\",\"https:\/\/www.linkedin.com\/in\/senthamil-selvan-14043a285\/\"],\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/vinayakagrawal\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"DriverJack - Exploiting NTFS Techniques For Covert Driver Loading","description":"DriverJack\u00a0is a tool designed to load a vulnerable driver by abusing lesser-known NTFS techniques. These method bypass the registration of a","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/driverjack\/","og_locale":"en_US","og_type":"article","og_title":"DriverJack - Exploiting NTFS Techniques For Covert Driver Loading","og_description":"DriverJack\u00a0is a tool designed to load a vulnerable driver by abusing lesser-known NTFS techniques. These method bypass the registration of a","og_url":"https:\/\/kalilinuxtutorials.com\/driverjack\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2024-08-13T05:09:20+00:00","article_modified_time":"2024-08-13T05:09:23+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEizyWAwWqMEowQCu4YOEyb_4b3aoeruhSMSgQTCRlvb51d0KFn6vQ-ht857Ct9WH4Xv5yF0Fq-Sy6dcLLnKyRQ2Q95msMTrCF4pjCc1NA3jjMpbng5kUDzUuY719ZkD-t4hztTGkMI6VTLrGq0byaU0NZM3Tg5imyEBOt-9QPX4Hv9bk9PVsMOWNjbddG7T\/s16000\/DriverJack%20.webp","type":"","width":"","height":""}],"author":"Varshini","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEizyWAwWqMEowQCu4YOEyb_4b3aoeruhSMSgQTCRlvb51d0KFn6vQ-ht857Ct9WH4Xv5yF0Fq-Sy6dcLLnKyRQ2Q95msMTrCF4pjCc1NA3jjMpbng5kUDzUuY719ZkD-t4hztTGkMI6VTLrGq0byaU0NZM3Tg5imyEBOt-9QPX4Hv9bk9PVsMOWNjbddG7T\/s16000\/DriverJack%20.webp","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"Varshini","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/driverjack\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/driverjack\/"},"author":{"name":"Varshini","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa"},"headline":"DriverJack &#8211; Exploiting NTFS Techniques For Covert Driver Loading","datePublished":"2024-08-13T05:09:20+00:00","dateModified":"2024-08-13T05:09:23+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/driverjack\/"},"wordCount":506,"commentCount":0,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/driverjack\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEizyWAwWqMEowQCu4YOEyb_4b3aoeruhSMSgQTCRlvb51d0KFn6vQ-ht857Ct9WH4Xv5yF0Fq-Sy6dcLLnKyRQ2Q95msMTrCF4pjCc1NA3jjMpbng5kUDzUuY719ZkD-t4hztTGkMI6VTLrGq0byaU0NZM3Tg5imyEBOt-9QPX4Hv9bk9PVsMOWNjbddG7T\/s16000\/DriverJack%20.webp","keywords":["cybersecurity","DriverJack","informationsecurity","kalilinux","kalilinuxtools"],"articleSection":["Exploitation Tools"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kalilinuxtutorials.com\/driverjack\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/driverjack\/","url":"https:\/\/kalilinuxtutorials.com\/driverjack\/","name":"DriverJack - Exploiting NTFS Techniques For Covert Driver Loading","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/driverjack\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/driverjack\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEizyWAwWqMEowQCu4YOEyb_4b3aoeruhSMSgQTCRlvb51d0KFn6vQ-ht857Ct9WH4Xv5yF0Fq-Sy6dcLLnKyRQ2Q95msMTrCF4pjCc1NA3jjMpbng5kUDzUuY719ZkD-t4hztTGkMI6VTLrGq0byaU0NZM3Tg5imyEBOt-9QPX4Hv9bk9PVsMOWNjbddG7T\/s16000\/DriverJack%20.webp","datePublished":"2024-08-13T05:09:20+00:00","dateModified":"2024-08-13T05:09:23+00:00","description":"DriverJack\u00a0is a tool designed to load a vulnerable driver by abusing lesser-known NTFS techniques. These method bypass the registration of a","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/driverjack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/driverjack\/#primaryimage","url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEizyWAwWqMEowQCu4YOEyb_4b3aoeruhSMSgQTCRlvb51d0KFn6vQ-ht857Ct9WH4Xv5yF0Fq-Sy6dcLLnKyRQ2Q95msMTrCF4pjCc1NA3jjMpbng5kUDzUuY719ZkD-t4hztTGkMI6VTLrGq0byaU0NZM3Tg5imyEBOt-9QPX4Hv9bk9PVsMOWNjbddG7T\/s16000\/DriverJack%20.webp","contentUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEizyWAwWqMEowQCu4YOEyb_4b3aoeruhSMSgQTCRlvb51d0KFn6vQ-ht857Ct9WH4Xv5yF0Fq-Sy6dcLLnKyRQ2Q95msMTrCF4pjCc1NA3jjMpbng5kUDzUuY719ZkD-t4hztTGkMI6VTLrGq0byaU0NZM3Tg5imyEBOt-9QPX4Hv9bk9PVsMOWNjbddG7T\/s16000\/DriverJack%20.webp","width":"1600","height":"900"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa","name":"Varshini","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g","caption":"Varshini"},"description":"Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.","sameAs":["http:\/\/kalilinuxtutorials.com","https:\/\/www.linkedin.com\/in\/senthamil-selvan-14043a285\/"],"url":"https:\/\/kalilinuxtutorials.com\/author\/vinayakagrawal\/"}]}},"jetpack_featured_media_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEizyWAwWqMEowQCu4YOEyb_4b3aoeruhSMSgQTCRlvb51d0KFn6vQ-ht857Ct9WH4Xv5yF0Fq-Sy6dcLLnKyRQ2Q95msMTrCF4pjCc1NA3jjMpbng5kUDzUuY719ZkD-t4hztTGkMI6VTLrGq0byaU0NZM3Tg5imyEBOt-9QPX4Hv9bk9PVsMOWNjbddG7T\/s16000\/DriverJack%20.webp","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":38660,"url":"https:\/\/kalilinuxtutorials.com\/how-edr-killers-bypass-security-tools\/","url_meta":{"origin":34412,"position":0},"title":"How EDR Killers Bypass Security Tools","author":"0xSnow","date":"March 19, 2026","format":false,"excerpt":"Endpoint Detection and Response (EDR) solutions have become a cornerstone of modern cybersecurity, designed to detect and stop advanced threats in real time. However, attackers are increasingly deploying EDR killers, specialized techniques and tools designed to disable, evade, or bypass these protections before launching their primary payload. Traditionally, EDR bypass\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"EDR killers","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjvN_o79il97rOLvL2xX6koI3IzYR_Kz0W8O4BPjwE3MJHoB6ut7mNTF0ku8DoGohe06M7JrQsJyUBLA-kcIp7rkROy2AMBejvM9aSs9eUMIHIdzRiZGo2QpRCYEAY4I1WXjKQsDHLU7-TPdYfBOw_9CTNOn_bZdMj1fVkBdJyjCGBkxMhaTC_3PEhRmU8\/s700\/EDR%20killers.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjvN_o79il97rOLvL2xX6koI3IzYR_Kz0W8O4BPjwE3MJHoB6ut7mNTF0ku8DoGohe06M7JrQsJyUBLA-kcIp7rkROy2AMBejvM9aSs9eUMIHIdzRiZGo2QpRCYEAY4I1WXjKQsDHLU7-TPdYfBOw_9CTNOn_bZdMj1fVkBdJyjCGBkxMhaTC_3PEhRmU8\/s700\/EDR%20killers.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjvN_o79il97rOLvL2xX6koI3IzYR_Kz0W8O4BPjwE3MJHoB6ut7mNTF0ku8DoGohe06M7JrQsJyUBLA-kcIp7rkROy2AMBejvM9aSs9eUMIHIdzRiZGo2QpRCYEAY4I1WXjKQsDHLU7-TPdYfBOw_9CTNOn_bZdMj1fVkBdJyjCGBkxMhaTC_3PEhRmU8\/s700\/EDR%20killers.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjvN_o79il97rOLvL2xX6koI3IzYR_Kz0W8O4BPjwE3MJHoB6ut7mNTF0ku8DoGohe06M7JrQsJyUBLA-kcIp7rkROy2AMBejvM9aSs9eUMIHIdzRiZGo2QpRCYEAY4I1WXjKQsDHLU7-TPdYfBOw_9CTNOn_bZdMj1fVkBdJyjCGBkxMhaTC_3PEhRmU8\/s700\/EDR%20killers.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":24889,"url":"https:\/\/kalilinuxtutorials.com\/edrsandblast\/","url_meta":{"origin":34412,"position":1},"title":"EDRSandblast : Tool That Weaponize A Vulnerable Signed Driver To Bypass EDR Detections And LSASS Protection","author":"R K","date":"May 29, 2022","format":false,"excerpt":"EDRSandBlast\u00a0is a tool written in\u00a0C\u00a0that weaponize a vulnerable signed driver to bypass EDR detections (Kernel callbacks and\u00a0ETW TI\u00a0provider) and\u00a0LSASS\u00a0protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring. As of release, combination of userland (--usermode) and Kernel-land (--kernelmode) techniques were used to dump\u00a0LSASS\u00a0memory under EDR scrutiny, without being\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEis_yOn1e7YGn9RW3PLi0WLWCk14vFXkxVX_AzaQul9EivkoleX1A3USFk-KAecfpaK67268iDAMNKcSDOKKDk-v1Jmlz2HeGPPQnVaD-UjcJgskpUXIKP4CZbCyNuLWFk9ExY9LyjyvL-nyw4gg_XKuqKjrZLBRK4nY067CFLRnxqMx_len7iJdPqm\/s728\/mimikatzremoved.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEis_yOn1e7YGn9RW3PLi0WLWCk14vFXkxVX_AzaQul9EivkoleX1A3USFk-KAecfpaK67268iDAMNKcSDOKKDk-v1Jmlz2HeGPPQnVaD-UjcJgskpUXIKP4CZbCyNuLWFk9ExY9LyjyvL-nyw4gg_XKuqKjrZLBRK4nY067CFLRnxqMx_len7iJdPqm\/s728\/mimikatzremoved.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEis_yOn1e7YGn9RW3PLi0WLWCk14vFXkxVX_AzaQul9EivkoleX1A3USFk-KAecfpaK67268iDAMNKcSDOKKDk-v1Jmlz2HeGPPQnVaD-UjcJgskpUXIKP4CZbCyNuLWFk9ExY9LyjyvL-nyw4gg_XKuqKjrZLBRK4nY067CFLRnxqMx_len7iJdPqm\/s728\/mimikatzremoved.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEis_yOn1e7YGn9RW3PLi0WLWCk14vFXkxVX_AzaQul9EivkoleX1A3USFk-KAecfpaK67268iDAMNKcSDOKKDk-v1Jmlz2HeGPPQnVaD-UjcJgskpUXIKP4CZbCyNuLWFk9ExY9LyjyvL-nyw4gg_XKuqKjrZLBRK4nY067CFLRnxqMx_len7iJdPqm\/s728\/mimikatzremoved.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":29883,"url":"https:\/\/kalilinuxtutorials.com\/edrsandblast-godfault-advanced-edr-bypass-tool\/","url_meta":{"origin":34412,"position":2},"title":"EDRSandblast-GodFault: Advanced EDR Bypass Tool","author":"Varshini","date":"September 1, 2023","format":false,"excerpt":"EDRSandblast-GodFault is an advanced EDR bypass tool aimed at security researchers and organizations. Its purpose is to evaluate the effectiveness of current EDR systems by simulating real-world attack techniques. Use this tool responsibly and only on systems where you have explicit authorization. Integrates\u00a0GodFault\u00a0into\u00a0EDR Sandblast, achieving the same result without the\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiDbD2wSviPLwGP6NqKuD-5bHIk0GFVgRAKEU7cwJyZZPg_596ijY_3954xF3F48BVnzuYo9-rxuC9g3wFYqVoXOWD_9kwgRWUcU4ExyqGg-Mkl-S4lpQWMoi3HQXXNUbQbk7idKRDzKVr7_Nh4Q97YNpuP3XyTiF1gK_I0pLv1UkaH9857M-z6MGLksHnB\/s16000\/EDR.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiDbD2wSviPLwGP6NqKuD-5bHIk0GFVgRAKEU7cwJyZZPg_596ijY_3954xF3F48BVnzuYo9-rxuC9g3wFYqVoXOWD_9kwgRWUcU4ExyqGg-Mkl-S4lpQWMoi3HQXXNUbQbk7idKRDzKVr7_Nh4Q97YNpuP3XyTiF1gK_I0pLv1UkaH9857M-z6MGLksHnB\/s16000\/EDR.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiDbD2wSviPLwGP6NqKuD-5bHIk0GFVgRAKEU7cwJyZZPg_596ijY_3954xF3F48BVnzuYo9-rxuC9g3wFYqVoXOWD_9kwgRWUcU4ExyqGg-Mkl-S4lpQWMoi3HQXXNUbQbk7idKRDzKVr7_Nh4Q97YNpuP3XyTiF1gK_I0pLv1UkaH9857M-z6MGLksHnB\/s16000\/EDR.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiDbD2wSviPLwGP6NqKuD-5bHIk0GFVgRAKEU7cwJyZZPg_596ijY_3954xF3F48BVnzuYo9-rxuC9g3wFYqVoXOWD_9kwgRWUcU4ExyqGg-Mkl-S4lpQWMoi3HQXXNUbQbk7idKRDzKVr7_Nh4Q97YNpuP3XyTiF1gK_I0pLv1UkaH9857M-z6MGLksHnB\/s16000\/EDR.webp?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":26234,"url":"https:\/\/kalilinuxtutorials.com\/tofu\/","url_meta":{"origin":34412,"position":3},"title":"Tofu : Windows Offline Filesystem Hacking Tool For Linux","author":"R K","date":"July 28, 2022","format":false,"excerpt":"Tofu is a modular tool for hacking offline Windows filesystems and bypassing login screens. Can do hashdumps, OSK-Backdoors, user enumeration and more. How It Works When a Windows machine is shut down, unless it has Bitlocker or another encryption service enabled, it's storage device contains everything stored on the device\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgdFkY4OmAa1E62fRd18NpiQYzkZjRVSE1ZuT86lT8Phla4ETL3KwPeEcVHxSfObqapSaekzj0RRSFvV4rxNW9jPxdGnm7E7Bieg6nSv6-rlsrb2VGgUcRHwLLDFKtqSBd-pDUesZQDkh25gvjZlrzy77k41pOQaixaqwKpGiSg2YZQv-jejOqDWi6R\/s728\/tofu%20%281%29.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgdFkY4OmAa1E62fRd18NpiQYzkZjRVSE1ZuT86lT8Phla4ETL3KwPeEcVHxSfObqapSaekzj0RRSFvV4rxNW9jPxdGnm7E7Bieg6nSv6-rlsrb2VGgUcRHwLLDFKtqSBd-pDUesZQDkh25gvjZlrzy77k41pOQaixaqwKpGiSg2YZQv-jejOqDWi6R\/s728\/tofu%20%281%29.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgdFkY4OmAa1E62fRd18NpiQYzkZjRVSE1ZuT86lT8Phla4ETL3KwPeEcVHxSfObqapSaekzj0RRSFvV4rxNW9jPxdGnm7E7Bieg6nSv6-rlsrb2VGgUcRHwLLDFKtqSBd-pDUesZQDkh25gvjZlrzy77k41pOQaixaqwKpGiSg2YZQv-jejOqDWi6R\/s728\/tofu%20%281%29.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgdFkY4OmAa1E62fRd18NpiQYzkZjRVSE1ZuT86lT8Phla4ETL3KwPeEcVHxSfObqapSaekzj0RRSFvV4rxNW9jPxdGnm7E7Bieg6nSv6-rlsrb2VGgUcRHwLLDFKtqSBd-pDUesZQDkh25gvjZlrzy77k41pOQaixaqwKpGiSg2YZQv-jejOqDWi6R\/s728\/tofu%20%281%29.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":32326,"url":"https:\/\/kalilinuxtutorials.com\/banshee\/","url_meta":{"origin":34412,"position":4},"title":"Banshee &#8211; A Foray Into Kernel-Level Power With Rootkit Techniques","author":"Varshini","date":"March 15, 2024","format":false,"excerpt":"Learning about Windows rootkits lately, so here is my own implementation of some techniques. For an overview, see\u00a0Features\u00a0below. Banshee is meant to be used with\u00a0kdmapper\u00a0or a similar driver mapper. I am just learning about kernel driver development, so this is for educational purposes mainly. Usage You can integrate Banshee into\u2026","rel":"","context":"In &quot;Malware&quot;","block_context":{"text":"Malware","link":"https:\/\/kalilinuxtutorials.com\/category\/malware\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiSZMUBnufctp9TP6m1ImSYot-D8IxpXsCsK1qo2xB4yV1kbhDnhW2uZmIacZkyvPrprvUIyQK1_XT4SXoq8_hHEUzPJyf8PGWkxPrXX7ey0wW9jmUji0zRdNhd3IB4wSwvhZUtOYVHRhNQZ6rrNORDXZ4MpPOZK3Ju41D6CjT-Vc73nsa9ibpW2v1eTP6a\/s16000\/Mali%20GPU%20Kernel%20LPE%20%281%29.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiSZMUBnufctp9TP6m1ImSYot-D8IxpXsCsK1qo2xB4yV1kbhDnhW2uZmIacZkyvPrprvUIyQK1_XT4SXoq8_hHEUzPJyf8PGWkxPrXX7ey0wW9jmUji0zRdNhd3IB4wSwvhZUtOYVHRhNQZ6rrNORDXZ4MpPOZK3Ju41D6CjT-Vc73nsa9ibpW2v1eTP6a\/s16000\/Mali%20GPU%20Kernel%20LPE%20%281%29.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiSZMUBnufctp9TP6m1ImSYot-D8IxpXsCsK1qo2xB4yV1kbhDnhW2uZmIacZkyvPrprvUIyQK1_XT4SXoq8_hHEUzPJyf8PGWkxPrXX7ey0wW9jmUji0zRdNhd3IB4wSwvhZUtOYVHRhNQZ6rrNORDXZ4MpPOZK3Ju41D6CjT-Vc73nsa9ibpW2v1eTP6a\/s16000\/Mali%20GPU%20Kernel%20LPE%20%281%29.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiSZMUBnufctp9TP6m1ImSYot-D8IxpXsCsK1qo2xB4yV1kbhDnhW2uZmIacZkyvPrprvUIyQK1_XT4SXoq8_hHEUzPJyf8PGWkxPrXX7ey0wW9jmUji0zRdNhd3IB4wSwvhZUtOYVHRhNQZ6rrNORDXZ4MpPOZK3Ju41D6CjT-Vc73nsa9ibpW2v1eTP6a\/s16000\/Mali%20GPU%20Kernel%20LPE%20%281%29.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiSZMUBnufctp9TP6m1ImSYot-D8IxpXsCsK1qo2xB4yV1kbhDnhW2uZmIacZkyvPrprvUIyQK1_XT4SXoq8_hHEUzPJyf8PGWkxPrXX7ey0wW9jmUji0zRdNhd3IB4wSwvhZUtOYVHRhNQZ6rrNORDXZ4MpPOZK3Ju41D6CjT-Vc73nsa9ibpW2v1eTP6a\/s16000\/Mali%20GPU%20Kernel%20LPE%20%281%29.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiSZMUBnufctp9TP6m1ImSYot-D8IxpXsCsK1qo2xB4yV1kbhDnhW2uZmIacZkyvPrprvUIyQK1_XT4SXoq8_hHEUzPJyf8PGWkxPrXX7ey0wW9jmUji0zRdNhd3IB4wSwvhZUtOYVHRhNQZ6rrNORDXZ4MpPOZK3Ju41D6CjT-Vc73nsa9ibpW2v1eTP6a\/s16000\/Mali%20GPU%20Kernel%20LPE%20%281%29.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":35886,"url":"https:\/\/kalilinuxtutorials.com\/sunder\/","url_meta":{"origin":34412,"position":5},"title":"Sunder : A Windows Rootkit Exploiting Vulnerable Drivers For Kernel-Level Attacks","author":"Varshini","date":"January 30, 2025","format":false,"excerpt":"Sunder is a Windows rootkit inspired by the Lazarus Group's FudModule rootkit, designed to exploit vulnerabilities in kernel drivers to gain unauthorized access to system resources. This rootkit serves as a framework for post-exploitation activities, leveraging the Bring Your Own Vulnerable Driver (BYOVD) technique to bypass security mechanisms and manipulate\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Sunder-.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Sunder-.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Sunder-.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Sunder-.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Sunder-.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Sunder-.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/34412","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=34412"}],"version-history":[{"count":2,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/34412\/revisions"}],"predecessor-version":[{"id":34414,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/34412\/revisions\/34414"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/34415"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=34412"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=34412"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=34412"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}