Apparently majority of AVs are okay with exe signed (today) with revoked cert (don't even ask about drivers...). Is this really okay?
virustotal.com/gui/file/401bd
Conversation
I'm surprised, this is a new attack surface for me, I googled "sign driver with expired cert" and got this: community.osr.com/discussion/209
I've got my own companies expired certs at home, im going to test if I can sign a driver tonight and load it. I just assumed it wouldn't work.....
2
1
Oh yeah, that's why I'm tweeting about it. It seems like the awareness is surprisingly low - even among security researchers. I'm surprised that there isn't any public point-and-shoot tool to sign drivers this way (well, at least not to my knowledge). It's unbelievably simple.
1
1


