Malware News • 1w
PoisonX Rootkit: BYOVD Exploitation and CrowdStrike EDR Bypass
The PoisonX rootkit utilizes a Bring Your Own Vulnerable Driver (BYOVD) attack vector to achieve kernel-mode execution, specifically facilitating a 0-day bypass of CrowdStrike EDR. By deploying legitimate but vulnerable drivers, the threat actor escalates privileges from user-mode to kernel-mode, enabling the manipulation of OS structures to blind endpoint detection capabilities. Currently, the campaign is highly targeted toward organizations within Japan. Successful mitigation requires identifying the loading of known vulnerable drivers and implementing kernel-level monitoring to detect unauthorized driver manipulation and EDR neutralization attempts.
Links:Malware News, Threatlabsnews, Socprime, Github, techjacksolutions.com, Ca, Crowdstrike, Investing, Pymnts, Intellectia •