Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
BYOVD Kernel-level protection for Windows using Windows Defender Application Control
Message
<blockquote data-quote="SpyNetGirl" data-source="post: 1050919" data-attributes="member: 98858"><p>This method involves removing the trust to any Kernel mode driver, whether they are vulnerable or not. It does not affect User-mode binaries or drivers.</p><p></p><p>Any 3rd party software or hardware Kernel mode driver needs to be explicitly allowed. This scenario protects against all BYOVD scenarios and much more.</p><p></p><p>Drivers can access the Kernel which is the core of the operating system. Microsoft requires all drivers to be digitally signed. BYOVD (Bring Your Own Vulnerable Driver) scenario involves using one of the digitally signed drivers that has a security hole to gain direct access to the core of the OS. This attack vector applies to all OSes, not just Windows.</p><p></p><p>Continue Reading in the wiki:</p><p></p><p><a href="https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-policy-for-BYOVD-Kernel-mode-only-protection" target="_blank">WDAC policy for BYOVD Kernel mode only protection</a></p><p></p><p>Here is my YouTube video that shows the policy in action:</p><p></p><p>Explained everything that's happening in the video in the description of it.</p><p></p><p>[MEDIA=youtube]SQCo9l2P7uw[/MEDIA]</p><p></p><p>My WDACConfig PowerShell module that helps you automate a LOT of operations.</p><p></p><p><a href="https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDACConfig" target="_blank">WDACConfig</a></p><p></p><p>The cmdlet of the WDACConfig module responsible for Kernel-level BYOVD protection is this:</p><p></p><p><a href="https://github.com/HotCakeX/Harden-Windows-Security/wiki/New%E2%80%90KernelModeWDACConfig" target="_blank">New‐KernelModeWDACConfig</a></p><p></p><p>More BYOVD protections, specially for enterprises and businesses, in this Rationale post:</p><p></p><p><a href="https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md#-protection-against-byovd-bring-your-own-vulnerable-driver-attacks" target="_blank">Harden-Windows-Security/Rationale.md at main · HotCakeX/Harden-Windows-Security</a></p><p></p><p>If you have any questions, please feel free to comment down below or reach out at GitHub for code related stuff. Thanks</p><p></p><p></p><p>P.S this is all free, you don't have to buy anything extra nor pay for any subscription etc.</p></blockquote><p></p>
[QUOTE="SpyNetGirl, post: 1050919, member: 98858"] This method involves removing the trust to any Kernel mode driver, whether they are vulnerable or not. It does not affect User-mode binaries or drivers. Any 3rd party software or hardware Kernel mode driver needs to be explicitly allowed. This scenario protects against all BYOVD scenarios and much more. Drivers can access the Kernel which is the core of the operating system. Microsoft requires all drivers to be digitally signed. BYOVD (Bring Your Own Vulnerable Driver) scenario involves using one of the digitally signed drivers that has a security hole to gain direct access to the core of the OS. This attack vector applies to all OSes, not just Windows. Continue Reading in the wiki: [URL="https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-policy-for-BYOVD-Kernel-mode-only-protection"]WDAC policy for BYOVD Kernel mode only protection[/URL] Here is my YouTube video that shows the policy in action: Explained everything that's happening in the video in the description of it. [MEDIA=youtube]SQCo9l2P7uw[/MEDIA] My WDACConfig PowerShell module that helps you automate a LOT of operations. [URL="https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDACConfig"]WDACConfig[/URL] The cmdlet of the WDACConfig module responsible for Kernel-level BYOVD protection is this: [URL="https://github.com/HotCakeX/Harden-Windows-Security/wiki/New%E2%80%90KernelModeWDACConfig"]New‐KernelModeWDACConfig[/URL] More BYOVD protections, specially for enterprises and businesses, in this Rationale post: [URL="https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md#-protection-against-byovd-bring-your-own-vulnerable-driver-attacks"]Harden-Windows-Security/Rationale.md at main · HotCakeX/Harden-Windows-Security[/URL] If you have any questions, please feel free to comment down below or reach out at GitHub for code related stuff. Thanks P.S this is all free, you don't have to buy anything extra nor pay for any subscription etc. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
