Dark Reading

EnCase Driver Weaponized as EDR Killers Persist

The forensic tool's driver was signed with a digital certificate that expired years ago, but major security gaps allowed ...
CSO Online

Attackers exploit decade‑old Windows driver flaw to shut down modern EDR defenses

Attackers abused a signed but long-revoked EnCase Windows kernel driver in a BYOVD attack to terminate all security tools.

EDR killer tool uses signed kernel driver from forensic software

Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in ...