BYOVD Attack Exposes Major Windows Security Flaw: How Hackers Steal Your Credentials

Credential theft alert! Through a BYOVD attack using .SYS drivers, Venak Security uncovers how hackers bypass Windows security, pilfer user data, and seize control. Using an old driver from Checkpoint’s ZoneAlarm, attackers gain kernel-level access, evading detection with a digital signature. This highlights the critical need for robust driver security.

3P
Published: March 21, 2025 5:41 pmAdded: March 21, 2025 at 11:11 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Who would have thought that your trusty antivirus’s outdated driver could become the Trojan horse of the digital age? It’s like finding out that your guard dog has joined the burglars! Time to patch up those drivers before the cybercriminals make your data their new favorite chew toy.

Key Points:

  • Venak Security uncovered a BYOVD attack using a vulnerable driver from ZoneAlarm antivirus.
  • The exploit involves the vsdatant.sys driver, allowing attackers to gain elevated privileges and bypass Windows security.
  • BYOVD attacks use digitally signed drivers to evade detection by EDR solutions.
  • The attack begins with a malicious email that installs the vulnerable driver and registers it as a service.
  • Checkpoint has been informed, and the latest driver version is no longer vulnerable.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?