itsMe Posted July 8, 2019 Share Posted July 8, 2019 This is the hidden content, please Sign In or Sign Up Stealing Signatures and Making One Invalid Signature at a Time What is this? I've noticed during testing against Anti-Virus over the years that each is different and each prioritize PE signatures differently, whether the signature is valid or not. There are some Anti-Virus vendors that give priority to certain certificate authorities without checking that the signature is actually valid, and there are those that just check to see that the certTable is populated with some value. It's a mess. So I'm releasing this tool to let you quickly do your testing and feel free to report it to vendors or not. In short it will rip a signature off a signed PE file and append it to another one, fixing up the certificate table to sign the file. Of course it's not a valid signature and that's the point! I look forward to hearing about your results! This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
☠xrahitel☠ Posted July 8, 2019 Share Posted July 8, 2019 Link to comment Share on other sites More sharing options...
☠xrahitel☠ Posted July 8, 2019 Share Posted July 8, 2019 This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
dEEpEst Posted July 8, 2019 Share Posted July 8, 2019 @☠xrahitel☠ Does this have something to do with the original post? Link to comment Share on other sites More sharing options...
Recommended Posts