0e272ccf-81e5-4612-95d2-365e7ded6eac

shield.sys :inline

Description

Horizon DataSys Shield drivers expose IOCTL functionality reported to provide arbitrary kernel read/write primitives.

  • UUID: 0e272ccf-81e5-4612-95d2-365e7ded6eac
  • Created: 2026-06-16
  • Author: Michael Haag
  • Acknowledgement: | DellaNotto

Download

This download link contains the vulnerable driver!

Block shield.sys across your endpoints

Add this driver to your block policy in minutes with MagicSword, threat-driven application control. Free for up to 100 endpoints.

Start Blocking for Free

Commands

sc.exe create shield binPath=C:\windows\temp\shield.sys type=kernel && sc.exe start shield
Use CasePrivilegesOperating System
Load vulnerable signed disk filter drivers for kernel memory accesskernelWindows 10, Windows 11

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed driver files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://github.com/magicsword-io/LOLDrivers/issues/344

    • Known Vulnerable Samples

    PropertyValue
    Filenameshield.sys
    Creation Timestamp
    MD597d6d9e9164354e40b5bcc828c6da3df
    SHA14d0f2a70ce5cd0c868454de9afe9b4b09fcef5df
    SHA256b11db76aeab05f29e8f5d51cdfe70898a46fbd50a1245ca1aed39de10aafd401
    PublisherNew Horizon Datasys Inc
    Date07:33 PM 02/13/2026
    CompanyHorizon Datasys, Inc.
    DescriptionShield disk filter driver
    ProductReboot Restore Standard
    OriginalFilenameShield.sys

    Download

    Imports

    Expand

    Imported Functions

    Expand

    Exported Functions

    Expand

    Sections

    Expand

    Signature

    Expand
    PropertyValue
    Filenameshield-async.sys
    Creation Timestamp
    MD577e6a2b6883fb823d95d2d7659fedb1c
    SHA1fde65f0c98d0ca07144febb877d658f0287d2c12
    SHA256da3315363989b564a1b8b690bddfeb3bd81c1690a3da5813ca0c46a715fe94b0
    PublisherNew Horizon Datasys Inc
    Date07:33 PM 02/13/2026
    CompanyHorizon Datasys, Inc.
    DescriptionShield async disk filter driver
    ProductReboot Restore Standard
    OriginalFilenameShield-async.sys

    Download

    Imports

    Expand

    Imported Functions

    Expand

    Exported Functions

    Expand

    Sections

    Expand

    Signature

    Expand
    PropertyValue
    Filenameshieldwp.sys
    Creation Timestamp
    MD5e2bfb13653b0569e4c3ddbde10f89493
    SHA146ac52bc089575a393e6fc9adec6b63f63190e1c
    SHA256b1547490f3040b1e3668ee195adbf2d312024809915d01a71ed75fae72971a9d
    PublisherNew Horizon Datasys Inc
    Date07:34 PM 02/13/2026
    CompanyHorizon Datasys, Inc.
    DescriptionShield disk filter driver
    ProductReboot Restore Standard
    OriginalFilenameShield.sys

    Download

    Imports

    Expand

    Imported Functions

    Expand

    Exported Functions

    Expand

    Sections

    Expand

    Signature

    Expand

    source

    last_updated: 2026-06-16