2023-06-10, 14:00–14:25, Track 1 (UC Conference Rm A)
Detecting and preventing attacks that use Bring Your Own Vulnerable Drivers (BYOVD) pose a unique threat to Windows security, but what makes a driver vulnerable, and how prevalent are vulnerable device drivers? In addition to answering these questions, this talk provides categories of vulnerabilities that are unique to windows drivers and provides real world vulnerable driver case studies to illustrate the theoretical concepts.
-Quick overview of Windows device driver basics
- Overview of device drivers used in attack chains
- Prevalence of drivers
- - Drivers uploaded to VirusTotal
- - YARA rules for detection
- RtCore64 (Video driver for Micro-Star's MSI AfterBurner)
- - BlackByte Ransomware
- - Earth Longzhi
- - CVE-2019-16098
- dbutil_2_3 (Dell Client firmware update utility)
- - Lazarus
- - CVE-2021-21551
- IQVW32 (Intel Ethernet diagnostics driver)
- - Scattered Spider
- - CVE-2015-2291
- Detections and Mitigations
- - Challenges
- - Suggestions
Dana Behling is a highly esteemed senior threat researcher at VMware Carbon Black, renowned for her exceptional skills in identifying and researching new and emerging cyber threats. With her vast knowledge and experience, she is a driving force in ensuring the security and safety of countless individuals and organizations.
Prior to joining the world-renowned VMware Carbon Black team, Dana served in numerous public sector cybersecurity roles, where she was instrumental in enhancing national security measures. Her invaluable contributions to the field have garnered the respect and admiration of her peers, making her a sought-after authority in the world of cybersecurity.
Dana's unwavering commitment to protecting individuals and organizations from cyber threats has earned her a reputation as a trailblazer and an inspiration in her field. Her dedication and expertise continue to set the bar for excellence in the ever-evolving world of cybersecurity.