Unveiling BYOVD Threats - Artifact

Monzani, Andrea; Parata, Antonio; Oliveri, Andrea; Aonzo, Simone; Balzarotti, Davide; Lanzi, Andrea

doi:10.5281/zenodo.17047559

Published September 3, 2025 | Version v2

Software Open

Unveiling BYOVD Threats - Artifact

1. University of Milan
2. EURECOM

Our research project introduces a sandbox extension aimed at monitoring and analyzing BYOVD (Bring Your Own Vulnerable Driver) behaviors within a controlled environment, enabling the detection of anomalies that may indicate exploitation. As part of this work, we provide several key artifacts:

the kernelmon plugin, which extends the sandbox with kernel-level tracing capabilities;
the configuration files required to run the plugin; an analysis application that correlates the collected events;
the sets of analyzed drivers' hashes;
the corresponding sets of sample hashes obtained from those drivers;
the results from our experiments and analysis.

The "Unveiling BYOVD Threats: Malware's Use and Abuse of Kernel Drivers" article can be found at https://dx.doi.org/10.14722/ndss.2026.231491

Files

unveiling-byovd-threats.zip

Files (1.4 MB)

Name	Size	Download all
unveiling-byovd-threats.zip md5:92a91131339bcc1337030fa30cb3c726	1.4 MB	Preview Download

Additional details

Programming language: C++, Rust

Views

Downloads

Show more details

	All versions	This version
Views	78	55
Downloads	13	9
Data volume	20.1 MB	13.5 MB

More info on how stats are collected....

DOI

Resource type

Software

Publisher

Zenodo

Languages

English

License: Creative Commons Attribution 4.0 International

The Creative Commons Attribution license allows re-distribution and re-use of a licensed work on the condition that the creator is appropriately credited. Read more

Technical metadata

Created: September 3, 2025
Modified: September 3, 2025

Unveiling BYOVD Threats - Artifact

Creators

Description

Files

unveiling-byovd-threats.zip

Files (1.4 MB)

Additional details

Software