Skip to content

Releases: magicsword-io/LOLDrivers

v2.0.0

31 Jul 15:03
@josehelps josehelps
v2.0.0
2ba5813
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.0.0 Latest
Latest

LOLDrivers 2.0 Release

LOLDrivers 2.0 represents a significant step forward in our pursuit of enhanced threat detection and user accessibility. This release is the culmination of diligent work, innovative thinking, and strong community collaboration.

Blog: https://medium.com/magicswordio/loldrivers-2-0-pioneering-progress-c3b487f80489

Key Highlights:

Enhanced User Experience: The landing page is redesigned with accessibility in mind, featuring new categories, individual download buttons, and the re-introduction of the search function by popular demand.

Yara Generator Integration: In collaboration with Florian Roth, we've introduced an innovative tool that dynamically creates Yara rules for threat detection, making the identification of concealed drivers more achievable than ever.

Database Expansion: The addition of over 750 new drivers from the Microsoft Driver block list broadens our offering, reflecting a combination of ingenuity and hard work.

Advanced Features: Support for WDAC policies on the fly, CVE enrichment, Sysmon 15 updates, Sigma Rule changes, and Yara for efficient detections and preventions illustrate our commitment to staying at the forefront of cybersecurity.

Community Contributions: This version would not be possible without the contributions of dedicated community members. We extend our heartfelt thanks to all who played a role in this release.

Looking Forward: LOLDrivers 3.0, the "Prove it" edition, is on the horizon. Our focus on demonstrating driver vulnerability and expanding our offerings through LOLDrivers Premium reflects our commitment to continued growth and innovation.

LOLDrivers 2.0 is not merely an update; it's a declaration of our resolve to push boundaries in the field of cybersecurity. With a blend of new features, enhancements, and community collaboration, we are confident that this release will empower users to take their threat detection and prevention to the next level.

For more details, please explore the full release documentation and join us on this exciting journey.

WDAC artifacts:
https://github.com/magicsword-io/LOLDrivers/suites/14626353019/artifacts/834542848

Assets 3
Loading

v1.0.0

08 May 00:48
@josehelps josehelps
v1.0.0
289a2cc
Compare
Choose a tag to compare
v1.0.0

let me dump the release notes here

LOLDrivers 1.0.0 Release Notes

We're excited to announce the 1.0.0 release of the Living Off The Land Drivers (LOLDrivers) project! This release includes numerous enhancements and updates, making it an even more valuable resource for analysts and researchers.

New Features and Enhancements

  1. New Driver Enrichments: Added valuable driver metadata such as Authentihash, file hashes (MD5, SHA1, and SHA256), signature, date, publisher, company, description, product, product version, file version, machine type, original filename, internal name, copyright, imports, exported functions, and PDB path. These enrichments can be found in the JSON and CSV files, as well as on the driver page.

  2. Driver Binaries under the drivers/ directory: Introduced Git LFS to store vulnerable or malicious driver binaries in the drivers/ directory. Each release now features a drivers.zip file containing all of these binaries.

  3. Changed to UUID instead of Driver Names: Adopted UUIDs and assigned driver names as tags to avoid duplicate names and accommodate an infinite set of drivers.

  4. Elastic Drivers Add: Integrated 740+ Elastic drivers and metadata

  5. Updated loldrivers.io: Updated the LOLDrivers website to include new metadata and links to the latest binaries. The landing page now displays the SHA256 hashes of the drivers.

  6. Updated Validation CI Job with a YAML Spec: Streamlined the process for PR creation by updating the validation CI job with a jsonschema spec.

  7. Added Release CI Job: Implemented a release CI job to create project releases, snapshot-in-time builds, and the driver.zip file.

Bug Fixes and Resolved Issues

  • New drivers added via community contributions, including: dcr.sys, SSPORT.sys, LgCoreTemp.sys, bedaisy.sys, RTCore64.sys (New Hashes), hw.sys (New Hashes), windbg.sys, Add Hash to Sense5Ext.sys, Add KApcHelper_x64.sys, Add mJj0ge.sys, Add prokiller64.sys, Add fur.sys, Add Hash to Sense5Ext.sys, and procexp152.sys.

Breaking Changes and Migration

  • No breaking changes have been introduced in this release.

Acknowledgments

We would like to extend our heartfelt thanks to the community members who have contributed to the project, as well as the project maintainers: Nas, Mike, and Jose. Your dedication and effort have been instrumental in the growth and success of LOLDrivers.

Additional Resources

Thank you all for your contributions, and we look forward to seeing the project continue to grow and evolve with your support!

Assets 3
Loading