a remotely controlled kernel level anticheat
there's no way anything could ever possibly go wrong with that :clueless:
a remotely controlled kernel level anticheat there's no way anything could ever possibly go wrong with that :clueless: 10 comments
@halva the best part is - the driver even existing is a vulnerability in Windows, you didn't need the game installed! @halva it's not much of a risk in your use case, the only things to worry about are if the developer servers get hacked or demanded by a third party (incredibly unlikely) or if you run malware locally on your PC while the driver is installed, in which case you have worse things to worry about since Windows by default still lets you access a lot of shit (all your passwords) even when unprivileged @halva @Rairii @amarioguy I have a feeling this anti-cheat driver change might end up triggering a data privacy lawsuit. @winload_exe @Rairii @amarioguy good luck getting a *chinese* developer to court for data protection breaches lol @winload_exe @halva @amarioguy i think all the well-known anticheats can run encrypted shellcode from a remote server possibly when specifically triggered from the remote C2, ie, only "interesting" targets get it |
@halva i remember some github project that used mhyprot as a way to read/write arbitrary process memory because they had little to no protection on malicious usage
and the driver was also used by some malware
so it was a really neat little signed kernel-mode driver :)