ThreadSleeper: Suspending Threads via GMER64 Driver

This blog post reverse-engineers the gmer.sys/gmer64 Windows kernel driver (linked to Blackout activity) and demonstrates that due to an insecure device security descriptor and exposed IOCTLs an unprivileged (medium integrity) user can suspend arbitrary threads in protected processes via ZwSuspendThread, enabling stealthy disruption of EDR/PPL processes; it includes step-by-step analysis, a proof-of-concept, impact discussion, and defensive recommendations (ETW telemetry and driver blocking).