A recent analysis has exposed 54 endpoint detection and response (EDR) killers that utilize the bring your own vulnerable driver (BYOVD) technique, exploiting 34 signed vulnerable drivers to disable security measures1. This technique allows attackers to bypass security software, making it an attractive method for ransomware affiliates seeking to neutralize defenses before deploying file-encrypting malware. The exploited drivers are signed, which adds a layer of legitimacy, making it more challenging for security software to detect and flag the malicious activity. The use of BYOVD highlights the vulnerability of EDR systems to targeted attacks, emphasizing the need for operational resilience planning. So what matters to practitioners is that this technique can be used to evade detection, making it essential to prioritize the monitoring and updating of drivers to prevent such exploits, thereby protecting against ransomware attacks.