Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks
EDRKillShifter accomplishes its goals by means of a known tactic called Bring Your Own Vulnerable Driver (BYOVD) that involves using a legitimate but vulnerable driver to terminate security solutions protecting the endpoints.
- Ravie Lakshmanan
- March 27, 2025