Comment by bri3d
18 days ago
This is a great writeup.
It looks like this driver is being actively used in malware, too: https://www.fortinet.com/blog/threat-research/interlock-rans...
18 days ago
This is a great writeup.
It looks like this driver is being actively used in malware, too: https://www.fortinet.com/blog/threat-research/interlock-rans...
Thanks! I had no idea it was already being used in the wild. It's a good case study for why shipping signed drivers with exposed IOCTLs and weak authentication is such a liability, even if (especially if) the developer never bothers to even load them.