mirror of
https://github.com/mgeeky/Penetration-Testing-Tools.git
synced 2024-11-22 10:31:38 +01:00
1.3 KiB
1.3 KiB
Easy-to-use test-it-yourself sign-your-malware
A Powershell script that signs input Executable file with fake Microsoft code-signing certificate to demonstrate risks of Code Signing attacks.
Script was borrowed from Matt Graeber, @mattifestation and his Code Signing Certificate Cloning Attacks and Defenses and all credits are his.
As of 13/07/2022 this dumb trick still gets off the shelf malware evade detection of at least 8 modern security scanners.
| What | Result |
|---|---|
| Mythic Apollo.exe before fake-signing | 30/70 |
| Mythic Apollo.exe after fake-signing with Microsoft code-signing certificate | 22/70 |
Usage
PS C:\> . .\Sign-Artifact.ps1
PS C:\> Sign-Artifact -InputFile malware.exe -OutputFile nomalware.exe -Verbose