Cloned Windows won’t boot? 0x0000007B / INACCESSIBLE_BOOT_DEVICE may mean the new PC needs a storage driver. Use the WinPE/storage driver package for the NEW target computer, then install it with Lazesoft Fix Boot Storage Driver. #BootRepair #WindowsRecovery #Lazesoft

Threat Intelligence Analysis: PhantomKiller (BYOVD) PhantomKiller is a new EDR/AV evasion proof-of-concept that weaponizes a legitimate, fully signed Lenovo kernel driver (BootRepair.sys). It employs a classic Bring Your Own Vulnerable Driver (BYOVD) technique with an exceptionally simple and reliable implementation: it enables any low-privileged user (or after driver loading) to terminate any process on the system, including Protected Process Light (PPL) processes protected by modern EDRs. Technical Details of the Driver & Vulnerability •Driver: BootRepair.sys (part of Lenovo PC Manager) •SHA256: 5ab36c116767eaae53a466fbc2dae7cfd608ed77721f65e83312037fbd57c946 •Signature: Valid Lenovo signature (trusted by Windows; currently 0 detections on VirusTotal) •Build date: ~2018 (legacy driver still not broadly blocked) Reverse Engineering Highlights (IDA Pro): •Creates device object \\Device\\::BootRepair without a secure DACL. •Exposes symbolic link \\DosDevices\\BootRepair — any user-mode process can open it via CreateFileW("\\\\.\\BootRepair"). •Only one IOCTL is exposed: 0x222014. •The handler simply validates a 4-byte buffer (DWORD PID) and calls ZwTerminateProcess directly in kernel context with zero checks on caller, PID, or protections. Result: Ring-0 termination bypasses all EDR objection handling, PPL, minifilter callbacks, and process protections. Simple PoC HANDLE h = CreateFileW(L"\\\\.\\BootRepair", GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL); DeviceIoControl(h, 0x222014, &pid, sizeof(pid), NULL, 0, &ret, NULL); •If the driver is already loaded → direct low-priv exploitation. •Otherwise → classic BYOVD load via sc.exe. Successfully tested against CrowdStrike Falcon and claimed to work universally due to the kernel-trusted nature of the driver. Cross-Checked Intelligence •Disclosed May 19-21, 2026 by Jehad Abu Dagga (@jehadbudagga). •Official repo: github.com/redteamfortress/P… •Rapidly added to LOLDrivers by the community. •Part of the ongoing 2026 wave of BYOVD EDR killers (ESET tracked 54 tools abusing 35 vulnerable drivers this year). Key IOCs: •File: BootRepair.sys (SHA256 above) •Device: \\.\BootRepair / \\Device\\::BootRepair •IOCTL: 0x222014 •Service name: PhantomKiller (or attacker-chosen) References:
• Full technical write-up: medium.com/@jehadbudagga/pha…
• PoC Repository: github.com/redteamfortress/P… . #CyberSecurity #ThreatIntelligence #EDR #BYOVD #RedTeaming #InfoSec #WindowsSecurity #Vulnerability #CyberThreats #MalwareAnalysis

Phantom Killer: EDR evasion via Lenovo driver Researcher Jehad Abu Dagga from e& UAE (etisalat and) reverse-engineered the "BootRepair.sys" driver used by Lenovo PC Manager and uncovered critical security flaws that can be abused: 📌 The device" \Device\BootRepair" created by the driver has no defined DACL, allowing any low-privileged user to interact with it. 📌 The IOCTL dispatcher doesn’t verify permissions when invoking the process termination function ("sub_14000198C") 📌 A symbolic link "\DosDevices\BootRepair" is created in user space, allowing direct access to the device from user space. ⚠️ The developed PoC can terminate any process by specifying its PID. 🥷 Key advantage for an attacker: the driver is legitimate and signed by Lenovo, allowing it to bypass Driver Signature Enforcement (DSE) checks. 🎯 Attack scenarios: ✅ If the driver is already loaded on the system: any low-privileged user can access it without restrictions and terminate any process, including EDR/AV. ✅ If the driver isn’t loaded: an attacker can load the trusted, signed driver (Bring Your Own Vulnerable Driver — BYOVD attack) and then use it to kill protected processes. 📎Article: medium.com/@jehadbudagga/pha… 🦠PoC: github.com/redteamfortress/P… -> (git.redteamfortress.com/j3h4…), git.redteamfortress.com/j3h4… #dbugs_attacks

Impressive boot restoration. After realising I’ve got no grass‑suitable boots, I picked these up from Vinted for £10 in pretty rough condition — worn leather, soles peeling away, the lot. Gave them a thorough deep wash, used specialist shoe glue with an overnight clamp, then rebuilt the worn areas with layered vinyl/leather coating. Now they look sturdy and basically as good as new. New and old pics added. #BootRestoration #ShoeRestoration #Adidas #RestoredNotReplaced #BootRepair

【ヒール修理事例】👠✨ 「ヒールがパッカ～ん(｡>﹏<｡)💦」 そんなピンチも大丈夫！ヒールが外れてしまった靴は修理で元通りに。今回はSARTORE（サルトル）ブーツの修理事例をご紹介します🔧 お気に入りの靴が壊れると本当にショックですが、多くの場合は比較的シンプルな作業で直すことができます。 ヒールは靴の内側からビスや釘で固定されていますが、強い衝撃や長時間の使用で緩んでしまうことがあります。 今回のサルトルブーツも、しっかりと固定し直すことで違和感なく修理完了しました✨ 🔹修理期間：20分～ 🔹修理費用：1,000円～2,000円 🔹ブランド靴も安心対応 「ヒールが外れた…」そんな時は諦める前にぜひ当店へ。即日対応できる場合もありますのでお気軽にご相談ください！ 🔗misterquickman.com/230511hee… English ver.👇 【Heel Repair Case】👠✨ Did your heel suddenly come off? Don’t worry! Even if your favorite shoes are broken, most heels can be fixed and restored to their original state. This time, we repaired a pair of SARTORE boots 🔧 🔹Repair Time: 20minutes 🔹Cost: ¥1,000–¥2,000 🔹We also handle brand shoes If your heel breaks, don’t give up—let’s repair it together! #ヒール修理 #靴修理 #サルトル #SARTORE #パンプス修理 #ブーツ修理 #靴好きさんと繋がりたい #shoerepair #heelrepair #bootrepair

When you need to extend the life of your favorite boots and gloves, Shoe GOO is the way to go. It's tough, waterproof, and ready to tackle all your gear repair needs. Get yours here ---> ecs.page.link/yJTcT #engineeredsolutions #eclecticproducts #bootrepair #gloverepair

Round Two; A Well Patina’d Natural Captain With A Twist @shoe.man02 @cobblerschoice 👊. #ThursdayBoots #BootRepair #GoodyearWelted #LaceUpBoots #MensBoots #Cobbler

Still Standing #usa #bootrepair #madebyhand

Makes me think of Jimmy’s BootRepair in Athens.

Stampede is a month away! Tower Cleaners offers dry-cleaning and laundry services. We also offer shoe and boot cleaning and repairs from a professional cobbler 👢! towercleaners.ca #cowboy #cowgirl #calgarystampede #towercleaners #yyc #airdrie #bootrepair

When It’s Time, It’s Time @shoe.man02 ⚒️. #ThursdayBoots #BootRepair #GoodyearWelted #Moctoeboots

こっから進まん… ブートローダーお逝きになったかもなー USBメモリから、bootrepairしてみたけどあかんわ…

Vintage service boots resole. RC corded full soles. Medium brown edge. Low block heel. #roleclub #bootrepair #serviceboots #usmc #paratrooper

[MUST] 3 formas de cómo reinstalar o reparar el Grub con Bootrepair slimbook.es/tutoriales/linux…

Awesome boot repairs by @bootrepaircompany New @vibram sole #bootrepair #recycle #reuserecycle #boots #repair #savedfromlandfill

Today was my first resole workshop. Thank you to ALL who attended. It was a wonderful experience to be able to show others what I learned from my teacher. I will have another workshop soon. #roleclubworkshop #bootrepair #losangeles #roleclub

オールソール交換チャレンジ続き　“だし縫い”　専用工具は無いので、百均の千枚通しを加工し穴あけ、勿論手縫い(笑) 大変😅 #ブーツ #エンジニアブーツ #ソール交換 #ブーツ修理 #手縫い #だし縫い #オールソール交換 #レザークラフト #ゼファー750 #Engineerboots #BootsDomination #Bootrepair

オールソール交換チャレンジ続き ミッドソール製作、貼付け、外周カット。ミッドソール厚めの方がカッコいいなーっと思い、既存の物と合わせ3枚仕様に。 #ブーツ #エンジニアブーツ #ソール交換 #ブーツ修理 #レザークラフト #ゼファー750 #シフトガード　 #Engineerboots #boots #Bootrepair

オールソール交換チャレンジ続き この際なので、傷んでいたブーツ外革シフトの当る部分に革を貼り、外革下部をバラし、縫い合わせ、シフトガードにしました。 #ブーツ #エンジニアブーツ #ソール交換 #ブーツ修理 #レザークラフト #ゼファー750 #シフトガード　 #Engineerboots #boots #Bootrepair

オールソール交換続き。ヒールソールを剥がし、積上げ?!と言うか、中間のソールを剥がし、ソール本体の縫い糸を切り、剥がしました。 #ブーツ #エンジニアブーツ #オールソール交換 #ソール交換 #ブーツ修理 #レザークラフト #hawkins　 #Engineerboots #boots #Bootrepair　 #Solereplacement