<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>EDR on HackingPassion.com : root@HackingPassion.com-[~]</title><link>https://hackingpassion.com/tags/edr/</link><description>Recent content in EDR on HackingPassion.com : root@HackingPassion.com-[~]</description><generator>Hugo</generator><language>en</language><lastBuildDate>Sat, 11 Jul 2026 13:01:35 +0200</lastBuildDate><atom:link href="https://hackingpassion.com/tags/edr/index.xml" rel="self" type="application/rss+xml"/><item><title>Signed by Microsoft Does Not Mean Safe</title><link>https://hackingpassion.com/byovd-signed-driver-attacks/</link><pubDate>Sat, 11 Jul 2026 13:01:35 +0200</pubDate><guid>https://hackingpassion.com/byovd-signed-driver-attacks/</guid><description>&lt;p>A digital signature on a Windows driver proves who made it. &lt;strong>It was never proof that the driver is safe.&lt;/strong>
Attackers built a technique on that gap, called Bring Your Own Vulnerable Driver, and it hands them control of Windows at its deepest level. Some of the malware they use was signed through Microsoft&amp;rsquo;s own program.&lt;/p>
&lt;p>A driver is the piece of software that lets Windows and a device work together, your keyboard, your printer, your graphics card. It runs in the kernel, the core of the operating system, at a level called &lt;code>ring 0&lt;/code>, where code has direct access to memory and hardware. Security software mostly watches from a step below. Some of it runs inside the kernel too, but even that cannot protect itself once an attacker controls that level. &lt;strong>Reaching the kernel puts an attacker on top.&lt;/strong>&lt;/p></description></item></channel></rss>