A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations.
The China-linked Mustang Panda APT has been using a kernel-mode rootkit in attacks leading to ToneShell backdoor deployments.
Mustang Panda deployed TONESHELL via a signed kernel-mode rootkit, targeting Asian government networks and evading security ...
Details have been disclosed on a Windows kernel-mode driver privilege escalation vulnerability that was patched Tuesday by Microsoft. The vulnerabilities addressed in this month’s Patch Tuesday ...
Following the massive Windows outage in July caused by a defective CrowdStrike update, Microsoft is working on a way to allow security products to ‘run in user mode just as apps do,’ Microsoft’s David ...
TrainSec Academy Announces Official Release of EDR Internals: Research & Development After a Sold-Out Premiere, Advanced ...
Much of modern operating system functionality happens in and around the kernel. That’s a problem when you’re implementing monitoring and observability tools or adding low-level security tools because ...
Kernel Mode Linux (KML) is a technology that enables the execution of user processes in kernel mode. I described the basic concept and the implementation techniques of KML on IA-32 architecture in my ...
Just over a week after the botched CrowdStrike update caused millions of Windows-based machines to crash, Microsoft has published its analysis of the outage. Just over a week after the botched ...
Earlier this week, we covered progress integrating an implementation of the WireGuard VPN protocol into the FreeBSD kernel. Two days later, there's an update—kernel-mode WireGuard has been moved out ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback