You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello, is it possible to add this driver associated with FilSecLab products ?
It haves CVEs associated with, and can be used to perform malicious actions.
These drivers are now actively used by attackers to kill EDRs using a custom PE.
"SHA256 hashes for the abused files are
f8c07b6e2066a5a22a92d9f521ecdeb8c68698c400e4b83e0501b9f340957c22 (fildds.sys), ae55a0e93e5ef3948adecf20fa55b0f555dcf40589917a5bfbaa732075f0cc12 (filnk.sys) and 490cfbb540dcd70b7bff4fdd62e7ed7400bbfebaf5083523d49f7184670f7b9a (filwfp.sys)."
Hello, is it possible to add this driver associated with FilSecLab products ?
It haves CVEs associated with, and can be used to perform malicious actions.
CVEs:
https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1444
VT links:
https://www.virustotal.com/gui/file/f8c07b6e2066a5a22a92d9f521ecdeb8c68698c400e4b83e0501b9f340957c22/details
The text was updated successfully, but these errors were encountered: