A computer program that operates or controls a particular type of device that is attached to a computer. Provides a software interface to hardware devices, enabling operating systems and other computer programs to access hardware functions without needing to know precise details about the hardware being used[1][2]
Attaching a driver to either user or kernel-mode of a system (ex: Sysmon EID 6)
Attaching a driver to either user or kernel-mode of a system (ex: Sysmon EID 6)
| Domain | ID | Name | |
|---|---|---|---|
| Enterprise | T1547 | Boot or Logon Autostart Execution | |
| .008 | LSASS Driver | ||
| .012 | Print Processors | ||
| Enterprise | T1561 | Disk Wipe | |
| .001 | Disk Content Wipe | ||
| .002 | Disk Structure Wipe | ||
| Enterprise | T1068 | Exploitation for Privilege Escalation | |
| Enterprise | T1056 | Input Capture | |
| .001 | Keylogging | ||
| Enterprise | T1111 | Two-Factor Authentication Interception | |
Contextual data about a driver and activity around it such as driver issues reporting or integrity (page hash, code) checking
Contextual data about a driver and activity around it such as driver issues reporting or integrity (page hash, code) checking
| Domain | ID | Name | |
|---|---|---|---|
| Enterprise | T1542 | Pre-OS Boot | |
| .002 | Component Firmware | ||