KernelMode.info

A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/

DSEFix - Defeating x64 Driver Signature Enforcement

https://www.kernelmode.info/forum/viewtopic.php?f=11&t=3322

Page 3 of 4

Re: Update 15 dec 2014

PostPosted:Sat Mar 07, 2015 8:40 am
by EP_X0FF
GLOBALBANFIXED wrote:What version of VBox driver you use?
Where?

Re: DSEFix - Defeating x64 Driver Signature Enforcement

PostPosted:Sat Mar 07, 2015 1:27 pm
by SelectHF2
So i would need to use a Vbox to do this?

Re: Update 15 dec 2014

PostPosted:Sat Mar 07, 2015 1:29 pm
by GLOBALBANFIXED
EP_X0FF wrote:
GLOBALBANFIXED wrote:What version of VBox driver you use?
Where?
In last dsefix (ultra4.sys) version. Ultra4.sys this is VBoxDrv .sys (ver?) ? Or another selfmade driver?

P.S. Thanks for this app, really make life easier :twisted:

Re: DSEFix - Defeating x64 Driver Signature Enforcement

PostPosted:Sat Mar 07, 2015 1:32 pm
by EP_X0FF
SelectHF2 wrote:So i would need to use a Vbox to do this?
No.
GLOBALBANFIXED wrote:In last dsefix (ultra4.sys) version. Ultra4.sys this is VBoxDrv .sys (ver?) ? Or another selfmade driver?
1.6

Re: DSEFix - Defeating x64 Driver Signature Enforcement

PostPosted:Sat Mar 07, 2015 2:26 pm
by warezjoe19
Thanks for this. Super helpful tool.

Re: DSEFix - Defeating x64 Driver Signature Enforcement

PostPosted:Tue Mar 10, 2015 11:00 am
by EP_X0FF
Latest version published on GitHub https://github.com/hfiref0x/DSEFix, further updates (if any) will be posted on git also.

Re: DSEFix - Defeating x64 Driver Signature Enforcement

PostPosted:Wed Mar 11, 2015 4:10 am
by GLOBALBANFIXED
EP_X0FF wrote:Latest version published on GitHub https://github.com/hfiref0x/DSEFix, further updates (if any) will be posted on git also.
Thx! you are cool!
"Спасибо, ты крут!)"

Re: DSEFix - Defeating x64 Driver Signature Enforcement

PostPosted:Sun Aug 30, 2015 11:25 pm
by aionescu
Why not just use the Windows 8+ unfixed 0 day from my Infiltrate talk? With the technique I presented, you can easily disable DSE :)

Re: DSEFix - Defeating x64 Driver Signature Enforcement

PostPosted:Mon Aug 31, 2015 5:31 am
by EP_X0FF
aionescu wrote:Why not just use the Windows 8+ unfixed 0 day from my Infiltrate talk? With the technique I presented, you can easily disable DSE :)
Well because it 0day and maybe fixed, while this driver isn't banned and used by malware for 5+ years.

Re: DSEFix - Defeating x64 Driver Signature Enforcement

PostPosted:Thu Sep 03, 2015 6:57 pm
by breaker09
Is this still working in Windows 10? I seem to be getting PatchGuarded a lot... :(
All times are UTC
Page 3 of 4
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/