EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-24-2017, 06:40
Aesculapius Aesculapius is offline
Family
 
Join Date: Jun 2016
Location: USA
Posts: 109
Rept. Given: 0
Rept. Rcvd 36 Times in 23 Posts
Thanks Given: 12
Thanks Rcvd at 252 Times in 66 Posts
Aesculapius Reputation: 36
Turla Driver Loader

Hi guys, while trying to do some programming job I came accross this interesting project and tool to bypass the Windows x64 Driver Signature Enforcement. I guess it could be useful for some of you and that is why I mention it. There are several options to bypass DSE protection but this one is likeable at least from my point of view since it is PatchGuard friendly which was one of the pre-requisites of my programming job, and risk of BSOD was not acceptable.

This is the website of the project. My compliments to the author:

https://github.com/hfiref0x/TDL

Best regards.

Last edited by Aesculapius; 01-24-2017 at 07:30.
Reply With Quote
The Following 4 Users Say Thank You to Aesculapius For This Useful Post:
mdj (01-26-2017), niculaita (02-01-2017), nikkapedd (01-26-2017), tonyweb (01-24-2017)
  #2  
Old 01-31-2017, 21:30
SKiLLa SKiLLa is offline
Friend
 
Join Date: Jul 2016
Location: Europe
Posts: 19
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 10
Thanks Rcvd at 6 Times in 6 Posts
SKiLLa Reputation: 0
The Turla Loader is frequently used by advanced malware/rootkits; chances are most AV will flag them unconditionally, but it's great stuff nonetheless
Reply With Quote
Reply

Tags
driver, enforcement, signature, windows, x64

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Driver patching / filter driver aldente General Discussion 4 03-21-2006 04:43
What does a loader actually do? Pompeyfan General Discussion 2 01-24-2004 23:41


All times are GMT +8. The time now is 05:00.


ICP05004977
vBulletin Security provided by vBSecurity v2.2.0 (Lite) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX