Bypassing Windows Driver Signature Enforcement via ISO and NTFS Manipulation

TLDR: This research introduces DriverJack, a technique that exploits the way Windows handles ISO files and NTFS reparse points to load unsigned drivers. By manipulating file objects and leveraging the Windows I/O manager, an attacker can bypass Driver Signature Enforcement (DSE) and load malicious code into the kernel. This method effectively turns standard installation media into a persistent infection vector, even on fully patched Windows 11 systems.

Security researchers have long treated Driver Signature Enforcement (DSE) as a hard boundary for kernel-mode operations. If you cannot sign your driver, you cannot load it. However, the reality of Windows internals is far more permissive than the documentation suggests. The recent research presented at DEF CON 2024 by Alessandro Magnosi demonstrates that the path to kernel execution often lies in the mundane handling of file systems rather than complex memory corruption. By abusing the way the Windows I/O manager interacts with emulated read-only file systems like ISOs, we can force the system to load arbitrary code.

The Mechanics of the DriverJack Vector

At the core of this technique is the realization that Windows treats ISO files as legitimate, trusted installation media. When you mount an ISO, the system expects the contents to be immutable. However, the underlying implementation of the CDFS driver and the way it interacts with the I/O manager creates a window of opportunity.

The attack flow begins by creating a malicious ISO containing a legitimate, signed driver that is known to be vulnerable—a classic "Bring Your Own Vulnerable Driver" (BYOVD) scenario. The innovation here is not the vulnerable driver itself, but the method of delivery and execution. By using iocdfs-lib, an attacker can rewrite the contents of files mounted on a read-only file system. This allows for the injection of malicious payloads into what the system perceives as a trusted, read-only environment.

Once the ISO is prepared, the attacker needs to ensure the driver is loaded. This is where the manipulation of the NT Object Manager becomes critical. By creating specific NTFS reparse points, an attacker can redirect file system requests. When the system attempts to load a driver from a standard path, the reparse point transparently redirects the I/O manager to the malicious payload residing on the mounted ISO. Because the system believes it is loading a file from a trusted source, it bypasses the standard integrity checks that would otherwise block an unsigned or malicious binary.

Bypassing Modern Kernel Protections

Modern Windows versions employ Virtualization-Based Security (VBS) and Hypervisor-Protected Code Integrity (HVCI) to prevent the exact type of memory tampering that traditional rootkits rely on. HVCI ensures that kernel-mode memory pages are either writable or executable, but never both. This effectively kills traditional shellcode injection.

To overcome this, the research utilizes RpcExec, a library designed to execute code in remote processes without requiring the allocation of RWX memory. By abusing the NdrServerCall2 function, an attacker can invoke arbitrary system calls. When combined with the ability to load a vulnerable driver, this creates a powerful primitive for privilege escalation.

For systems where HVCI is enabled, the research highlights the limitations of Kernel Data Protection (KDP). KDP is intended to protect sensitive kernel structures, but it does not enforce how virtual address ranges mapping a protected region are translated. By using a page-remapping attack, an attacker can copy the contents of a protected page, modify the copy, and update the page tables to point to the malicious version. This effectively bypasses the read-only protections enforced by the hypervisor.

Real-World Engagement Strategy

For a penetration tester, this technique is a game-changer for post-exploitation. During an engagement, you are often limited by the lack of local administrative privileges. If you can gain local admin, your next hurdle is often EDR or kernel-mode protections. DriverJack provides a reliable way to establish persistence that survives reboots and evades standard file-based detection.

The impact is significant. By weaponizing installation media, you can maintain a foothold that is difficult to remediate without a full system wipe. Defenders should focus on monitoring for unusual driver load events. Specifically, look for drivers being loaded from non-standard locations or from removable media that shouldn't be hosting system binaries. Implementing Windows Defender Application Control (WDAC) policies is the most effective way to restrict which drivers are permitted to load, regardless of the delivery method.

Moving Beyond the Known

The most dangerous aspect of this research is how it highlights the fragility of trust in the Windows I/O stack. We often assume that if a file is on a "trusted" volume, it is safe. This assumption is exactly what allows these techniques to persist. As we move toward more hardened kernel environments, the focus of offensive research is shifting away from simple memory corruption and toward the logic flaws inherent in how the operating system manages its own resources.

If you are testing a hardened environment, stop looking for the next buffer overflow. Start looking at how the system handles file system drivers, reparse points, and the object manager. The next big bypass is likely hiding in plain sight, disguised as a legitimate system function.