RONINGLOADER Uses Signed Drivers to Disable Microsoft Defender and Bypass EDR

Elastic Security Labs has uncovered a sophisticated campaign deploying a newly identified loader, dubbed RONINGLOADER, that weaponizes legitimately signed kernel drivers to systematically disable…