Combating Adversaries Abusing Vulnerable Drivers

Huntress Managed EDR now detects when Windows blocks a known vulnerable driver, giving earlier visibility into threat actors using Bring Your Own Vulnerable Driver (BYOVD) tradecraft. This technique is commonly used to disable endpoint security tools like EDR and antivirus, and is typically a precursor to lateral movement, data theft, and ransomware deployment.