View previous topic :: View next topic |
Author |
Message |
Johnsonsmith69420 How do I cheat? Reputation: 0
Joined: 01 Oct 2021 Posts: 1
|
Posted: Fri Oct 01, 2021 8:54 am Post subject: Rootkit uses cheat engine to compromise windows systems |
|
|
While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. This cluster stood out for its usage of a formerly unknown Windows kernel mode rootkit that we dubbed Demodex, and a sophisticated multi-stage malware framework aimed at providing remote control over the attacked servers.
The former is used to hide the user mode malware’s artefacts from investigators and security solutions, while demonstrating an interesting undocumented loading scheme involving the kernel mode component of an open-source project named Cheat Engine to bypass the Windows Driver Signature Enforcement mechanism
I can't post URLS but you can google by Demodex
|
|
Back to top |
|
|
Csimbi I post too much Reputation: 94
Joined: 14 Jul 2007 Posts: 3110
|
Posted: Fri Oct 01, 2021 4:29 pm Post subject: |
|
|
It's hardly surprising.
People with a gun in their hands can do both good things or bad things.
It's really up to the person holding the gun.
I am not seeing a question though.
I do agree Windows sucks - like most of the commercial shit they sell.
Success killed quality, now they produce uninteresting flashy shit.
Anyway, I am not sure why anyone would believe in the Windows Driver Signature Enforcement in the first place - all it does is gives a false sense of security.
It's really just an annoyance that prevents regular users from doing what they want. It's certainly not going to hold back a hacker.
Get Linux.
If I were you, I'd start investigating who and how installed what you called "open-source project named Cheat Engine" onto these Exchange servers and take their ass to court.
You want the guy with the smoking gun, not the weapon manufacturer.
Cut off the funding of these cybercriminal organizations and the hackers without pizza will leave.
Last edited by Csimbi on Fri Oct 01, 2021 4:33 pm; edited 1 time in total |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25295 Location: The netherlands
|
Posted: Fri Oct 01, 2021 4:32 pm Post subject: |
|
|
Which date is the driver signed ? The latest versions should be more difficult to use
Also, it looks like it does require admin access to begin with, so that's where all protection ends. (they might as well use CE lua scripts then to do all kernel related editing)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
|