On the hunt for popping up kernel drives. [Research Saturday]

Dana Behling, researcher from Carbon Black, sharing their work on "Hunting Vulnerable Kernel Drivers." The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable drivers, six of which allow kernel memory access, accepting firmware access.
TAU reported the issues to the vendors whose drivers had valid signatures at the time of discovery, but only two vendors fixed the vulnerabilities. TAU is calling for more comprehensive approaches in the future than the current banned-list method used by Microsoft. The research …

access analysis carbon carbon black drivers drives firmware hunt hunting kernel kernel drivers kernel memory access memory research researcher sharing signatures threat threat analysis valid vendors vulnerable vulnerable drivers work