Cheat Engine

[Johnsonsmith69420]

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. This cluster stood out for its usage of a formerly unknown Windows kernel mode rootkit that we dubbed Demodex, and a sophisticated multi-stage malware framework aimed at providing remote control over the attacked servers.

The former is used to hide the user mode malware’s artefacts from investigators and security solutions, while demonstrating an interesting undocumented loading scheme involving the kernel mode component of an open-source project named Cheat Engine to bypass the Windows Driver Signature Enforcement mechanism

I can't post URLS but you can google by Demodex

[Csimbi]

It's hardly surprising.
People with a gun in their hands can do both good things or bad things.
It's really up to the person holding the gun.

I am not seeing a question though.
I do agree Windows sucks - like most of the commercial shit they sell.
Success killed quality, now they produce uninteresting flashy shit.

Anyway, I am not sure why anyone would believe in the Windows Driver Signature Enforcement in the first place - all it does is gives a false sense of security.
It's really just an annoyance that prevents regular users from doing what they want. It's certainly not going to hold back a hacker.
Get Linux.

If I were you, I'd start investigating who and how installed what you called "open-source project named Cheat Engine" onto these Exchange servers and take their ass to court.
You want the guy with the smoking gun, not the weapon manufacturer.
Cut off the funding of these cybercriminal organizations and the hackers without pizza will leave.

[Dark Byte]

Which date is the driver signed ? The latest versions should be more difficult to use

Also, it looks like it does require admin access to begin with, so that's where all protection ends. (they might as well use CE lua scripts then to do all kernel related editing)