fix: clarify driver name in SilverFox POC documentation

JerryLinLinLin · JerryLinLinLin · commit 76ffebcfeb3f · 2025-12-25T20:56:46.000-06:00
diff --git a/_posts/2025-12-15-silver-fox-poc-2025-zh-cn.md b/_posts/2025-12-15-silver-fox-poc-2025-zh-cn.md
@@ -167,7 +167,7 @@ if (result == ERROR_SUCCESS) {
 
 ### wamsdk.sys
 
-根据 Check Point 在 2025 年 8 月发布的[报告](https://research.checkpoint.com/2025/silver-fox-apt-vulnerable-drivers/)，银狐利用了 **WatchDog Antimalware** 软件中的 `wamsdk.sys` 驱动，通过调用 `ZwTerminateProcess` 来强制结束 EDR/杀软进程。两个月后，安全研究员 j3h4ck 在 GitHub 上开源了此驱动的 POC：[WatchDogKiller](https://github.com/j3h4ck/WatchDogKiller)。截至 10 月份，此漏洞驱动尚未被 LOLDrivers 和微软的漏洞驱动阻止列表（Microsoft Vulnerable Driver Blocklist）收录。
+根据 Check Point 在 2025 年 8 月发布的[报告](https://research.checkpoint.com/2025/silver-fox-apt-vulnerable-drivers/)，银狐利用了 **WatchDog Antimalware** 软件中的 `wamsdk.sys` (名称也可为`amsdk.sys`) 驱动，通过调用 `ZwTerminateProcess` 来强制结束 EDR/杀软进程。两个月后，安全研究员 j3h4ck 在 GitHub 上开源了此驱动的 POC：[WatchDogKiller](https://github.com/j3h4ck/WatchDogKiller)。截至 10 月份，此漏洞驱动尚未被 LOLDrivers 和微软的漏洞驱动阻止列表（Microsoft Vulnerable Driver Blocklist）收录。
 
 `wamsdk.sys` 暴露了两个具有严重安全缺陷的 IOCTL：
 
diff --git a/_posts/2025-12-15-silver-fox-poc-2025.md b/_posts/2025-12-15-silver-fox-poc-2025.md
@@ -167,7 +167,7 @@ SilverFox has been using vulnerable drivers to counter AV/EDR since its inceptio
 
 ### wamsdk.sys
 
-According to a [report](https://research.checkpoint.com/2025/silver-fox-apt-vulnerable-drivers/) released by Check Point in August 2025, SilverFox exploited the `wamsdk.sys` driver in **WatchDog Antimalware** software, calling `ZwTerminateProcess` to forcibly terminate EDR/AV processes. Two months later, security researcher j3h4ck open-sourced the POC for this driver on GitHub: [WatchDogKiller](https://github.com/j3h4ck/WatchDogKiller). As of October, this vulnerable driver had not been included in LOLDrivers or the Microsoft Vulnerable Driver Blocklist.
+According to a [report](https://research.checkpoint.com/2025/silver-fox-apt-vulnerable-drivers/) released by Check Point in August 2025, SilverFox exploited the `wamsdk.sys` (or `amsdk.sys`) driver in **WatchDog Antimalware** software, calling `ZwTerminateProcess` to forcibly terminate EDR/AV processes. Two months later, security researcher j3h4ck open-sourced the POC for this driver on GitHub: [WatchDogKiller](https://github.com/j3h4ck/WatchDogKiller). As of October, this vulnerable driver had not been included in LOLDrivers or the Microsoft Vulnerable Driver Blocklist.
 
 `wamsdk.sys` exposes two IOCTLs with severe security flaws:
 
