Signed to Kill: Reverse Engineering a 0-Day Used to Disable CrowdStrike EDR
Signed to Kill: Reverse Engineering a 0-Day Used to Disable CrowdStrike EDR
core-jmp.org
Signed to Kill: Reverse Engineering a 0-Day Used to Disable CrowdStrike EDR
The article analyzes a Microsoft-signed vulnerable driver used in a BYOVD attack to kill security processes. By sending crafted IOCTL requests with a target PID, attackers can terminate EDR services s...
