A defender-side surface map of Windows kernel/user-mode covert channels — mailslots and ALPC, firmware-table providers and WNF, dispatch tables and writable .data pointers, KernelCallbackTable, MDL-backed mailboxes, GPU/DXGK primitives, page-guard signals, EPT/MMIO, DMA cards, and visual capture. Covers the six-plane channel grammar, PatchGuard exposure classes, and a production detection program with baselines, cross-view validation, and false-positive control. core-jmp.org/2026/06/covert-… #ALPC #AntiCheat #AntiCheatResearch #byovd #CovertChannels #DMA #DMACheats #EDR #EDREvasion #ETW #HVCI #HypervisorSecurity #IPC #KernelAntiCheat #KernelCallbacks #KernelDMAProtection #KernelDriver #MalwareAnalysis #PatchGuard #Rootkit #RootkitResearch #WindowsDriverExploitation #WindowsFilteringPlatform #WindowsInternals #WindowsKernel #Windowssecurity

🚨 VirtualBox parou de funcionar no Linux? Apareceu o erro Kernel driver not installed (rc=-1908) ou suplibOsInit? Não se preocupe, esse problema é muito comum após atualizações do sistema. youtu.be/YY_YT9oBZf4 #Linux #VirtualBox #TecnologiaMundo #KernelDriver

Walk-through of Lukas Maar’s page-level use-after-free in the Linux kernel’s QAIC (Qualcomm AI Accelerator) DRM driver: the missing VMA boundary check in qaic_gem_object_mmap leaves stale page-table entries pointing at compound-page memory the kernel has already freed; reclaim the underlying order-3 page as a pipe_buffer slab and the dangling user mapping turns into an arbitrary kernel-physical read/write primitive, which the exploit chains via init_task lookup into a clean root. core-jmp.org/2026/06/qualcom… #AIAccelerator #DRMDriver #KASLR #KernelDriver #KernelDriverExploitation #KernelDriverVulnerability #KernelExploitation #KernelUAF #LinuxKernel #LinuxKernelExploitation #LinuxKernelSecurity #LocalPrivilegeEscalation #mmap #pipe_buffer #PrivilegeEscalation #QAIC #Qualcomm #UseAfterFree

Walk-through of Xyrem's reversing.info analysis of Valorant’s Vanguard Guarded Regions: how Vanguard hides game state behind a private "shadow" PML4 entry that’s only swapped in when one of its own whitelisted threads is on the CPU, the SwapContext hook that drives the swap, and how a cheat can rebuild the same primitive with its own kernel driver to expose hidden game memory after thread whitelisting. core-jmp.org/2026/06/reverse… #AntiCheat #AntiCheatArchitecture #CheatDevelopment #CR3 #GuardedRegions #KernelAntiCheat #KernelDriver #KernelDriverReverseEngineering #KernelExploitation #Paging #PML4 #ReverseEngineering #RiotVanguard #ShadowMemory #SwapContextHook #Valorant #WinDBG #WindowsKernel #WindowsReverseEngineering

RegPhantom a signed Windows kernel rootkit that turns the registry into a covert execution channel. Gives the ability to an unprivileged usermode to reflectively load an arbitrary PE into kernel memory, invisible to PsLoadedModuleList and standard driver enumeration tools. The implant includes several stealth techniques: - Post-execution memory wipe - XOR-encoded hook pointers in-memory obfuscation - Valid code-signing certificates - CFG obfuscation with opaque predicates - 28 samples tracked (June–August 2025), signed with certificates from two Chinese companies. We're releasing: - Full technical writeup - Extensive deobfuscation scripts - YARA detection rule Full analysis: nextron-systems.com/2026/03/… #MalwareAnalysis #Rootkit #ThreatIntel #DFIR #Windows #KernelDriver

Tracedrv: Tiny WinDbg extension to trace transitions from a debugged driver into other modules (i.e. to trace function calls). github.com/eversinc33/drvtra… #cybersecurity #informationsecurity #windbg #infosec #windows #reverseengineering #kerneldriver

When Defenders Become the Attackers: The Elastic EDR 0-Day (RCE DoS) #ElasticEDR #0Day #KernelDriver #RCE #DenialOfService ashes-cybersecurity.com/0-da…

#AIDA64 v7.60 is here! ⚡ New SensorPanel features (wide version, GPU utilization), improved kernel driver security, support for latest GPUs (@AMD RX 9070, @nvidia RTX 5xxxx), and more! aida64.com/news/finalwire-ai… #AIDA64v760 #ASUS #AMD #NVIDIA #Turing #SensorPanel #KernelDriver

#kerneldriver #injection #signed #iis_module #APK #Phishing #Spyware #AndroidMalware

HotPage: Story of a signed, vulnerable, ad-injecting driver: welivesecurity.com/en/eset-r… #malware #kerneldriver #infosec #cybersecurity #kernel #windows #cyberoperations #apt

Arm has identified a critical security vulnerability (CVE-2024-4610) in the Mali GPU Kernal Driver That's actively exploited in the wild. #CyberSecurity #MailGPU #UpdateNow #ArmSecurity #VulnerabilityAlert #Technology #KernelDriver #CyberThreat

Platbox - UEFI And SMM Assessment Tool #KernelDriver #Linux #Platbox #UEFI dlvr.it/SrRCzm

Platbox - UEFI And SMM Assessment Tool kitploit.com/2023/05/platbox… #KernelDriver #Linux

Platbox - UEFI And SMM Assessment Tool kitploit.com/2023/05/platbox… #KernelDriver #Linux

@TrendMicro researchers believe that the new #kerneldriver was an updated version that inherited main functionality from samples disclosed in previous research by @Mandiant, @Sophos, and @SentinelOne. Read more details here: #cybersecurity scmagazine.com/news/ransomwa…

Platbox - UEFI And SMM Assessment Tool kitploit.com/2023/05/platbox… #KernelDriver #Linux

Platbox - UEFI And SMM Assessment Tool kitploit.com/2023/05/platbox… #KernelDriver #Linux

I Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware: mandiant.com/resources/blog/… #windows #malware #digitalcertificates #kerneldriver #threatintelligence #threathunting #blueteam #cybersecurity #cyberintelligence #infosec #informationsecurity

PR to @redcanary's AtomicTestHarnesses for Windows Services: github.com/redcanaryco/Atomi… Test now supports service types: KernelDriver, FileSystemDriver, Win32OwnProcess, and Win32ShareProcess. It also supports various ways of creating a service - Win32, WMI, Registry, sc.exe. 😀

When analyzing kernel drivers from Windows, there're many concepts involved in each piece of code. I'll try to post screenshots with comments in coming days and weeks. #idapro #reversing #kerneldriver