|
|
|
|
|
|
by Perolan
1862 days ago
|
|
|
That's a quote / follow up from the previous Twitter thread about how their driver does fucked things. Absolutely a security vulnerability, and while I havent reproduced on my own and am just going off what I read on the original Twitter thread (so it's possible I could be regurgitating bad info), my understanding is that it gives processes this access by listening to process creation and hashing the name. Meaning if I have a known hash from the list I can simply rename my program / malware and bam. |
|
|