MHaggis
/ ioc_vulnerable_drivers.csv
Created
March 1, 2023 03:46
— forked from k4nfr3/ioc_vulnerable_drivers.csv
IOC vulnerable drivers
We can make this file beautiful and searchable if this error is corrected: It looks like row 9 should actually have 4 columns, instead of 2 in line 8.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SHA256,Name,Signer,Description | |
| 04A85E359525D662338CAE86C1E59B1D7AA9BD12B920E8067503723DC1E03162,ADV64DRV.sys,"""FUJITSU LIMITED """, | |
| 05F052C64D192CF69A462A5EC16DDA0D43CA5D0245900C9FCB9201685A2E7748,Agent64.sys,"""eSupport.com, Inc.""",DriverAgent Direct I/O for 64-bit Windows | |
| 4045AE77859B1DBF13972451972EAAF6F3C97BEA423E9E78F1C2F14330CD47CA,Agent64.sys,Phoenix Technologies Ltd,DriverAgent Direct I/O for 64-bit Windows | |
| 6948480954137987A0BE626C24CF594390960242CD75F094CD6AAA5C2E7A54FA,Agent64.sys,Phoenix Technologies Ltd,DriverAgent Direct I/O for 64-bit Windows | |
| 8CB62C5D41148DE416014F80BD1FD033FD4D2BD504CB05B90EEB6992A382D58F,Agent64.sys,"""eSupport.com, Inc""",DriverAgent Direct I/O for 64-bit Windows | |
| B1D96233235A62DBB21B8DBE2D1AE333199669F67664B107BFF1AD49B41D9414,Agent64.sys,"""eSupport.com, Inc.""",DriverAgent Direct I/O for 64-bit Windows | |
| 7196187FB1EF8D108B380D37B2AF8EFDEB3CA1F6EEFD37B5DC114C609147216D,ALSysIO64.sys,Artur Liberman,ALSysIO | |
| 7F375639A0DF7FE51E5518CF87C3F513C55BC117DB47D28DA8C615642EB18BFA,ALSys |
MHaggis
/ blockeddrivers-vt-annotated.xml
Created
March 6, 2023 21:00
— forked from wdormann/blockeddrivers-vt-annotated.xml
Microsoft recommended driver block rules, but annotated with samples that are present in VirusTotal
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <ns0:SiPolicy xmlns:ns0="urn:schemas-microsoft-com:sipolicy"> | |
| <ns0:VersionEx>10.0.25290.0</ns0:VersionEx> | |
| <ns0:PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</ns0:PlatformID> | |
| <ns0:Rules> | |
| <ns0:Rule> | |
| <ns0:Option>Enabled:Unsigned System Integrity Policy</ns0:Option> | |
| </ns0:Rule> | |
| <ns0:Rule> | |
| <ns0:Option>Enabled:Advanced Boot Options Menu</ns0:Option> | |
| </ns0:Rule> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <iostream> | |
| #include <dbghelp.h> | |
| #include <TlHelp32.h> | |
| #define IOCTL_BASE 0x80012008 | |
| constexpr DWORD IREC_IOCTL(DWORD x) { return IOCTL_BASE + x; } | |
| #define IOTCL_IREC_OPEN_PROCESS IREC_IOCTL( 0x20 ) | |
| static const char* DeviceName = R"(\\.\IREC)"; |
OlderNewer