mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-01 00:03:39 +08:00
32 lines
1.0 KiB
YAML
32 lines
1.0 KiB
YAML
id: unsigned-kernel-mode-drivers-allowed
|
|
|
|
info:
|
|
name: Installation of Unsigned Kernel-Mode Drivers Allowed
|
|
author: princechaddha
|
|
severity: high
|
|
description: Checks if the system allows installation of unsigned kernel-mode drivers, which can be malicious.
|
|
impact: |
|
|
Unsigned kernel-mode drivers can be malicious and compromise system security.
|
|
remediation: |
|
|
Restrict the installation of unsigned drivers by enforcing driver signature checks.
|
|
tags: drivers,kernel-mode,code,windows-audit
|
|
|
|
self-contained: true
|
|
|
|
code:
|
|
- pre-condition: |
|
|
IsWindows();
|
|
engine:
|
|
- powershell.exe
|
|
args:
|
|
- -ExecutionPolicy
|
|
- Bypass
|
|
pattern: "*.ps1"
|
|
source: |
|
|
if ((Get-ItemProperty 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverInstall' -Name 'BehaviorOnFailedVerify' -ErrorAction SilentlyContinue).BehaviorOnFailedVerify -eq 0) { Write-Output 'Unsigned driver installation allowed'; }
|
|
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "Unsigned driver installation allowed"
|