Vulnerable HackSys Extreme Vulnerable Driver Load
Detects the load of HackSys Extreme Vulnerable Driver which is an intentionally vulnerable Windows driver developed for security enthusiasts to learn and polish their exploitation skills at Kernel level and often abused by threat actors
Sigma rule (View on GitHub)
1title: Vulnerable HackSys Extreme Vulnerable Driver Load
2id: 295c9289-acee-4503-a571-8eacaef36b28
3status: test
4description: Detects the load of HackSys Extreme Vulnerable Driver which is an intentionally vulnerable Windows driver developed for security enthusiasts to learn and polish their exploitation skills at Kernel level and often abused by threat actors
5references:
6 - https://github.com/hacksysteam/HackSysExtremeVulnerableDriver
7author: Nasreddine Bencherchali (Nextron Systems)
8date: 2022-08-18
9modified: 2024-11-23
10tags:
11 - attack.privilege-escalation
12 - attack.t1543.003
13logsource:
14 product: windows
15 category: driver_load
16detection:
17 selection:
18 - ImageLoaded|endswith: '\HEVD.sys'
19 - Hashes|contains:
20 - 'IMPHASH=f26d0b110873a1c7d8c4f08fbeab89c5' # Version 3.0
21 - 'IMPHASH=c46ea2e651fd5f7f716c8867c6d13594' # Version 3.0
22 condition: selection
23falsepositives:
24 - Unlikely
25level: high
References
Related rules
- Vulnerable WinRing0 Driver Load
- Malicious Driver Load
- Malicious Driver Load By Name
- Vulnerable Driver Load
- Vulnerable Driver Load By Name