Living Off The Land Drivers 1.0 Release: New Features, Enrichments, and Community Contributions

property
value
tags
.net,defensive-tradecraft,malware-analysis,pkm-pocket-pipeline,reverse-engineering
url
original_word_count
1206

Article Excerpt

First — We want to thank everyone for the feedback and comments! We really appreciate it. Since its inception, the Living Off The Land Drivers (LOLDrivers) project has seen tremendous growth and success.

Long Summary

The Living Off The Land Drivers (LOLDrivers) project has seen tremendous growth and success since its inception. The 1.0 release introduces several new features, driver enrichment and updates that make it even more valuable for analysts and researchers. The project has seen 4.8k new users, with the LenovoDiagnosticsDriver.sys being the most visited driver. In the last 30 days alone, 13 new drivers were added to the repository by contributors.

The new release includes a new section for each driver that includes all the extremely valuable driver metadata utilizing the new metadata-extractor. This includes file hashes (MD5, SHA1, and SHA256), signature, date, publisher, company, description, product, product version, file version, machine type, original filename, internal name, copyright, imports, exported functions, and PDB path. The JSON and CSV files now include all the new attributes.

The project has also begun using Git LFS to store the drivers in the drivers/ directory. Each release will now feature a drivers.zip file containing all of these binaries. The scheme has been modified by adopting UUIDs and assigning driver names as tags. This update allows for an infinite set of drivers.

The LOLDrivers website has been updated to include new metadata and links to the latest binaries. The landing page now displays the SHA256 hashes of the drivers, further simplifying navigation and information retrieval for users. Nasreddine took a deep dive into the Elastic driver yara set and was able to produce a spreadsheet totaling 740+ total drivers. We used a VTI query to gather all the metadata and produce a csv output and then followed that up with downloading all the drivers and adding to the project.

The community has been actively contributing to the project, and we’d like to highlight some of the new drivers added: dcr.sys, RTCore64.sys (New Hashes), hw.sys (New Hashes), Add Hash to Sense5Ext.sys, Add KApcHelper_x64.sys, Add mJj0ge.sys, Add prokiller64.sys, and Add fur.sys.

We would like to extend our heartfelt thanks to the community members who have contributed to the project and the project maintainers: Nas, Mike, and Jose. Their commitment and hard work continue to drive the project forward and make it an essential resource for the security community. The 1

Short Summary

📓 Living Off The Land Drivers 1.0 Release: New Features, Enrichments, and Community Contributions

👉🏽 First — We want to thank everyone for the feedback and comments! We really appreciate it. Since its inception, the Living Off The Land Drivers (LOLDrivers) project has seen tremendous growth and success. .0 release of LOLDrivers:

👉🏽 Introduces new features, driver enrichment, and updates. 👉🏽 Sees 4.8k new users, with LenovoDiagnosticsDriver.sys as the most visited driver. 👉🏽 Adds 13 new drivers in the last 30 days alone. 👉🏽 Provides driver metadata like file hashes, signature, publisher, product version, and more. 👉🏽 Stores drivers in the drivers/ directory using Git LFS. 👉🏽 Includes UUIDs and driver names to allow for an infinite set of drivers. 👉🏽 Updates the LOLDrivers website with new metadata and links to latest binaries. 👉🏽 Features a VTI query to gather metadata and download drivers. 👉🏽 Adds new drivers contributed by the community. 👉🏽 Thanks the community members and project maintainers for their hard work and commitment.

.#LOLDrivers #drivermetadata #GitLFS #communitycontribution #essentialresource