Vulnerable HackSys Extreme Vulnerable Driver Load

Detects the load of HackSys Extreme Vulnerable Driver which is an intentionally vulnerable Windows driver developed for security enthusiasts to learn and polish their exploitation skills at Kernel level and often abused by threat actors

Sigma rule (View on GitHub)

 1title: Vulnerable HackSys Extreme Vulnerable Driver Load
 2id: 295c9289-acee-4503-a571-8eacaef36b28
 3status: test
 4description: Detects the load of HackSys Extreme Vulnerable Driver which is an intentionally vulnerable Windows driver developed for security enthusiasts to learn and polish their exploitation skills at Kernel level and often abused by threat actors
 5references:
 6    - https://github.com/hacksysteam/HackSysExtremeVulnerableDriver
 7author: Nasreddine Bencherchali (Nextron Systems)
 8date: 2022-08-18
 9modified: 2024-11-23
10tags:
11    - attack.privilege-escalation
12    - attack.t1543.003
13logsource:
14    product: windows
15    category: driver_load
16detection:
17    selection:
18        - ImageLoaded|endswith: '\HEVD.sys'
19        - Hashes|contains:
20              - 'IMPHASH=f26d0b110873a1c7d8c4f08fbeab89c5' # Version 3.0
21              - 'IMPHASH=c46ea2e651fd5f7f716c8867c6d13594' # Version 3.0
22    condition: selection
23falsepositives:
24    - Unlikely
25level: high

References

Related rules

to-top