Git/mgeeky-Penetration-Testing-Tools
1
0
Fork 0
mirror of https://github.com/mgeeky/Penetration-Testing-Tools.git synced 2025-11-04 04:55:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

added self-signed threat

Browse Source
This commit is contained in:
Mariusz B. / mgeeky
2022-07-13 22:44:46 +02:00
parent ddb2282e0a
commit 41adf8a903
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
red-teaming/Self-Signed Threat/README.md
View File

@@ -3,8 +3,11 @@
A Powershell script that signs input Executable file with fake Microsoft code-signing certificate to demonstrate risks of Code Signing attacks. A Powershell script that signs input Executable file with fake Microsoft code-signing certificate to demonstrate risks of Code Signing attacks.
Script was shamelessly borrowed from [Matt Graeber, @mattifestation](https://twitter.com/mattifestation) and his research titled [_Code Signing Certificate Cloning Attacks and Defenses_](https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec) Script was shamelessly borrowed from [Matt Graeber, @mattifestation](https://twitter.com/mattifestation) and his research titled [_Code Signing Certificate Cloning Attacks and Defenses_](https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec)
**All credits go to Matt** - I merely copied it preserverance purposes. **All credits go to Matt** - I merely copied it preserverance purposes.
### Effectiveness
As of 13/07/2022 this **dumb trick** still gets off the shelf malware evade detection of at least 8 modern security scanners. As of 13/07/2022 this **dumb trick** still gets off the shelf malware evade detection of at least 8 modern security scanners.
| What | Result | | What | Result |