When compared to other APTs using BYOVD, this Lazarus case is unique as it possesses a complex bundle of ways to disable monitoring interfaces that was so far never seen in the wild. In our session we dive into a deep technical analysis of a malicious component that was used in an APT attack by Lazarus in late 2021. This is tactically realized via seven distinct mechanisms that target important kernel functions, structures, and variables of Windows systems from versions 7.1 up to Windows Server 2022. The malware is a sophisticated unpublished user-mode module that uses the BYOVD technique and leverages the CVE-2021-21551 vulnerability in a legitimate Dell driver.