It is installed as a kernel mode driver which is even higher privileges than a user ...

2024-07-19 15:12:48

It is installed as a kernel mode driver which is even higher privileges than a user mode admin. It isn't quite standard for EDR agents as there are a lot of solutions whose agents only use usermode hooking for their detections.

Author Public Key

npub1d30mhvhd0sagmu83wdm26wqk00heptfn05xvgmfx7r9xscstnfcs7xynp3

Show more details

Tyler Burns on Nostr: It is installed as a kernel mode driver which is even higher privileges than a user ...