Just pushed a new POC, DriverQuery, up to the OffensiveC# repo. This allows operators to get details about kernel drivers registered on the system (and optionally only return ones not signed by Microsoft) for targeting or exfil/analysis. github.com/matterpreter/Offe…

4:19 PM · Mar 5, 2020

2
117
275
How is it different than piping the in-box driverquery.exe to PS for filtering?
1
0
3
Because you don't have to call driverquery.exe, which I would assume to be pretty abnormal in most environments, or PowerShell.
0
0
2
Replying to @matterpreter
nice!
0
0
0