The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes

The Gentlemen ransomware-as-a-service RaaS operation is actively developing and maintaining a suite of endpoint detection and response EDR killers that it hands out to affiliates for impairing system defenses before deploying the encryptor. This mature portfolio of EDR-terminating tools is center...

Vendor-signed UEFI applications found vulnerable to Secure Boot bypass

Overview Multiple vendor-signed UEFI applications are vulnerable to Secure Boot bypass via a "Bring Your Own Vulnerable Driver" BYOVD-style attack. If a target system trusts the affected vendor’s certificate, an attacker can exploit these applications to execute arbitrary code during the early...

PCTCore64.sys Windows kernel driver contains missing access control vulnerability

Overview The PCTCore64.sys Windows kernel driver from PC Tools Internet Security exposes its \.\PCTCoreDriver device interface with no access control, allowing any user-mode process to interact with the driver and invoke privileged IOCTL I/O Control commands. In a Bring Your Own Vulnerable Driver...

Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective

1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This work was motivated by driver-oriented vulnerability research and the need to evaluate the exploitability of...

CVE-2025-11159

Technical details such as affected product versions, root cause, and exploit information are not publicly available in the provided documents. Monitor for updates.

throttlestop-poc

throttlestop-poc This is a simple Proof-of-Concept that abuses...

Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools

Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver BYOVD technique to silence security tools running on compromised hosts, according to findings from Cisco Talos and Trend Micro. Qilin attacks analyzed by Talos have...

Exploit for CVE-2024-51324

CVE-2024-51324 — BYOVD: BdApiUtil64.sys Process Killer · Maste...

PT-2026-27351

Name of the Vulnerable Software and Affected Versions EnTech Taiwan TVicPort Product version 4.0 Description An issue in the TVicPort64.sys component allows attackers to escalate privileges by sending crafted IOCTL 0x80002008 requests. This can lead to a kernel takeover via a Bring Your Own...

54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security

A new analysis of endpoint detection and response EDR killers has revealed that 54 of them leverage a technique known as bring your own vulnerable driver BYOVD by abusing a total of 35 vulnerable drivers. EDR killer programs have been a common presence in ransomware intrusions as they offer a way...

CVE-2025-69784

A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load an attacker-controlled DLL into...

CVE-2025-14963

A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver BYOVD was leveraged to gain access to the critical Windows process memory lsass.exe Loc...

CVE-2025-14963

A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver BYOVD was leveraged to gain access to the critical Windows process memory lsass.exe Loc...

CVE-2025-14963

A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver BYOVD was leveraged to gain access to the critical Windows process memory lsass.exe Loc...

CVE-2025-14963

A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver BYOVD was leveraged to gain access to the critical Windows process memory lsass.exe Loc...

CVE-2025-14963

CVE-2025-14963 involves the Trellix HX Agent driver file fekern.sys. The vulnerability enables a local user to obtain elevated privileges by leveraging a Bring Your Own Vulnerable Driver (BYOVD) to access the lsass.exe memory. The description notes that the vulnerable driver installed in a system...

EUVD-2025-208089

A vulnerability identified in the Trellix HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver BYOVD was leveraged to gain access to the critical Windows process memory...

PT-2026-21777

Name of the Vulnerable Software and Affected Versions Trellix HX Agent affected versions not specified Description A security issue exists in the Trellix HX Agent driver file fekern.sys that could allow a local user to gain elevated system privileges. Exploitation involved leveraging a Bring Your...

PT-2026-8219

Name of the Vulnerable Software and Affected Versions SilverFox affected versions not specified Description A proof of concept has been published demonstrating exploitation in the wild. The Silverfox Group is actively exploiting this issue to terminate antivirus processes. The vulnerable driver i...

Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools

Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver BYOVD component for defense evasion purposes within the ransomware payload itself. BYOVD refers to an adversarial technique that...