Apparently majority of AVs are okay with exe signed (today) with revoked cert (don't even ask about drivers...). Is this really okay? https://www.virustotal.com/gui/file/401bde0f18b155d823babab0dec628a6dada3a5c25da484ebd5277c191cde496/detection …
-
-
Replying to @PetrBenes
I'm surprised, this is a new attack surface for me, I googled "sign driver with expired cert" and got this: https://community.osr.com/discussion/209096 … I've got my own companies expired certs at home, im going to test if I can sign a driver tonight and load it. I just assumed it wouldn't work.....
2 replies 0 retweets 1 like -
Replying to @crispinwright
Oh yeah, that's why I'm tweeting about it. It seems like the awareness is surprisingly low - even among security researchers. I'm surprised that there isn't any public point-and-shoot tool to sign drivers this way (well, at least not to my knowledge). It's unbelievably simple.
1 reply 0 retweets 1 like
You can easily patch signtool to do exactly that 
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.