Created
January 12, 2024 19:49
-
-
Save shortstack/9728587f3d9a29831d3ab3d1d11680d4 to your computer and use it in GitHub Desktop.
loldrivers lookup test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"": { | |
"Category": "vulnerable driver", | |
"Commands": { | |
"Command": "sc.exe create fiddrv64.sys binPath=C:\\windows\\temp\\fiddrv64.sys type=kernel && sc.exe start fiddrv64.sys", | |
"Description": "", | |
"OperatingSystem": "Windows 10", | |
"Privileges": "kernel", | |
"Usecase": "Elevate privileges" | |
}, | |
"Id": "64f3d4b0-6d2b-4275-b3d4-15d092af4092", | |
"MitreID": "T1068", | |
"Resources": [ | |
"https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules" | |
], | |
"Tags": [ | |
"fiddrv64.sys" | |
] | |
}, | |
"000547560fea0dd4b477eb28bf781ea67bf83c748945ce8923f90fdd14eb7a4b": { | |
"Category": "vulnerable driver", | |
"Commands": { | |
"Command": "sc.exe create CorsairLLAccess64.sys binPath=C:\\windows\\temp\\CorsairLLAccess64.sys type=kernel && sc.exe start CorsairLLAccess64.sys", | |
"Description": "", | |
"OperatingSystem": "Windows 10", | |
"Privileges": "kernel", | |
"Usecase": "Elevate privileges" | |
}, | |
"Id": "ff74f03e-e4ce-4242-bfe3-60601056bb34", | |
"MitreID": "T1068", | |
"Resources": [ | |
" https://github.com/elastic/protections-artifacts/search?q=VulnDriver", | |
"https://github.com/elastic/protections-artifacts/search?q=VulnDriver" | |
], | |
"Tags": [ | |
"CorsairLLAccess64.sys" | |
] | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment