Since the emergence of the DSE (Driver Signature Enforcement) mechanism, any driver to be loaded into the Windows Kernel requires a legal digital signature. As a corresponding attack, the number of BYOVD (Bring Your Own Vulnerable Driver) type attack cases has increased in recent years. APT weaponizes a driver program with vulnerabilities or exploits on the market, loads it after obtaining system permissions, and then attacks it, thereby bypassing anti-virus software, obtaining Kernel execution rights, burying backdoors to maintain permissions, and so on. The agenda will share how drivers that have been weaponized by malicious programs are abused, and the purpose of this type of attack, and finally provide driver developers and system administrators defense recommendations against this type of attack.