mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-13 06:03:24 +08:00
33 lines
1.2 KiB
YAML
33 lines
1.2 KiB
YAML
id: unsigned-kernel-mode-drivers-allowed
|
|
|
|
info:
|
|
name: Installation of Unsigned Kernel-Mode Drivers Allowed
|
|
author: princechaddha
|
|
severity: high
|
|
description: Checks if the system allows installation of unsigned kernel-mode drivers, which can be malicious.
|
|
impact: |
|
|
Unsigned kernel-mode drivers can be malicious and compromise system security.
|
|
remediation: |
|
|
Restrict the installation of unsigned drivers by enforcing driver signature checks.
|
|
tags: drivers,kernel-mode,code,windows-audit
|
|
|
|
self-contained: true
|
|
|
|
code:
|
|
- pre-condition: |
|
|
IsWindows();
|
|
engine:
|
|
- powershell.exe
|
|
args:
|
|
- -ExecutionPolicy
|
|
- Bypass
|
|
pattern: "*.ps1"
|
|
source: |
|
|
if ((Get-ItemProperty 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverInstall' -Name 'BehaviorOnFailedVerify' -ErrorAction SilentlyContinue).BehaviorOnFailedVerify -eq 0) { Write-Output 'Unsigned driver installation allowed'; }
|
|
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "Unsigned driver installation allowed"
|
|
|
|
# digest: 4a0a0047304502202eb3b38b8d78f7f2a8bb4417379c1db959f88742fd57d3495a8f6921ad414152022100e942aefd086726d527e16edb384f7cf767fa2e195de57f8f4ec201833e05a8c3:922c64590222798bb761d5b6d8e72950 |