Git/mgeeky-Penetration-Testing-Tools
1
0
Fork 0
mirror of https://github.com/mgeeky/Penetration-Testing-Tools.git synced 2024-11-22 02:21:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
a77c4cdd43
mgeeky-Penetration-Testing-.../red-teaming/Self-Signed Threat
History
Mariusz B. / mgeeky a77c4cdd43 readme
2022-07-13 23:01:17 +02:00
..
MSKernel32Leaf.cer added self-signed threat 2022-07-13 22:39:40 +02:00
MSKernel32PCA.cer added self-signed threat 2022-07-13 22:39:40 +02:00
MSKernel32Root.cer added self-signed threat 2022-07-13 22:39:40 +02:00
README.md readme 2022-07-13 23:01:17 +02:00
sigcheck64.exe added self-signed threat 2022-07-13 22:39:40 +02:00
sigcheck.exe added self-signed threat 2022-07-13 22:39:40 +02:00
Sign-Artifact.ps1 added self-signed threat 2022-07-13 22:39:40 +02:00

README.md

Easy-to-use test-it-yourself sign-your-malware

A Powershell script that signs input Executable file with fake Microsoft code-signing certificate to demonstrate risks of Code Signing attacks.

Script was shamelessly borrowed from Matt Graeber, @mattifestation and his research titled:

All credits go to Matt - I merely copied his code & work for preserverance purposes.

Effectiveness

As of 13/07/2022 this dumb trick still gets off the shelf malware evade detection of at least 8 modern security scanners.

What Result
Mythic Apollo.exe before fake-signing 30/70
Mythic Apollo.exe after fake-signing with Microsoft code-signing certificate 22/70

Usage

PS C:\> . .\Sign-Artifact.ps1
PS C:\> Sign-Artifact -InputFile malware.exe -OutputFile nomalware.exe -Verbose