Unmasking a Large-Scale Legacy Driver Exploitation Campaign

SUMMARY :

Check Point Research uncovered an extensive campaign exploiting a vulnerability in the legacy version 2.0.2 of the Truesight.sys driver, part of Adlice's RogueKiller Antirootkit suite. Attackers leveraged this vulnerability to deploy an EDR/AV killer module, effectively disabling security solutions on targeted systems.

OPENCTI LABELS :

phishing,exploitation,driver,edrbypass


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Unmasking a Large-Scale Legacy Driver Exploitation Campaign