← Back to Explore
sigmahighHunting
Vulnerable HackSys Extreme Vulnerable Driver Load
Detects the load of HackSys Extreme Vulnerable Driver which is an intentionally vulnerable Windows driver developed for security enthusiasts to learn and polish their exploitation skills at Kernel level and often abused by threat actors
Detection Query
selection:
- ImageLoaded|endswith: \HEVD.sys
- Hashes|contains:
- IMPHASH=f26d0b110873a1c7d8c4f08fbeab89c5
- IMPHASH=c46ea2e651fd5f7f716c8867c6d13594
condition: selection
Author
Nasreddine Bencherchali (Nextron Systems)
Created
2022-08-18
Data Sources
windowsDriver Load Events
Platforms
windows
Tags
attack.persistenceattack.privilege-escalationattack.t1543.003
Raw Content
title: Vulnerable HackSys Extreme Vulnerable Driver Load
id: 295c9289-acee-4503-a571-8eacaef36b28
status: test
description: Detects the load of HackSys Extreme Vulnerable Driver which is an intentionally vulnerable Windows driver developed for security enthusiasts to learn and polish their exploitation skills at Kernel level and often abused by threat actors
references:
- https://github.com/hacksysteam/HackSysExtremeVulnerableDriver
author: Nasreddine Bencherchali (Nextron Systems)
date: 2022-08-18
modified: 2024-11-23
tags:
- attack.persistence
- attack.privilege-escalation
- attack.t1543.003
logsource:
product: windows
category: driver_load
detection:
selection:
- ImageLoaded|endswith: '\HEVD.sys'
- Hashes|contains:
- 'IMPHASH=f26d0b110873a1c7d8c4f08fbeab89c5' # Version 3.0
- 'IMPHASH=c46ea2e651fd5f7f716c8867c6d13594' # Version 3.0
condition: selection
falsepositives:
- Unlikely
level: high