Ransomware Hackers Using AuKill Tool to Disable EDR Software Using BYOVD Attack

Threat actors are employing a previously undocumented "defense evasion tool" dubbed AuKill that's designed to disable endpoint detection and response (EDR) software by means of a Bring Your Own Vulnerable Driver (BYOVD) attack.
"The AuKill tool abuses an outdated version of the driver used by version 16.32 of the Microsoft utility, Process Explorer, to disable EDR processes before deploying

attack aukill tool bring your own vulnerable driver byovd defense detection detection and response driver edr endpoint endpoint detection endpoint detection and response evasion explorer hackers microsoft own process processes process explorer ransomware response software threat threat actors tool utility version vulnerable vulnerable driver