[ Author: Jonny Johnson (@jsecurity101) Recently a friend of mine, Nick Powers, sent me the gmer.sys driver that was involved with the Blackout activity and exposed functionality to terminate any process you wanted from a medium integrity level context. This was being used against many EDR vendors, including Microsoft Defender for Endpoint, to kill their […]
The post ThreadSleeper: Suspending Threads via GMER64 Driver appeared first on Binary Defense.