Conversation

namazso

@namazso

Ever had trouble signing your drivers with leaked expired EV certificates? I made a fix for that:

github.com

GitHub - namazso/MagicSigner: Signtool for expired certificates

Signtool for expired certificates. Contribute to namazso/MagicSigner development by creating an account on GitHub.

10:10 PM · Jun 9, 2023

36.2K

Views

Retweets

368

Likes

123

Bookmarks

sixtyvividtails

@sixtyvividtails

Jun 10

Weird, I expected a .bat file which throws system time back a few years.

namazso

@namazso

Jun 10

I used to have that, but it always broke my VPN and some other apps, and also couldn't reset time for some reason

Show replies

g0xd

@godacity_

Jun 10

Does signing with an expired cert work well? Idk why i assumed that expired=revoked as well.

namazso

@namazso

Jun 10

For drivers (which this is about) increasingly less. They will still load on majority of Windows 10 installs though.

cra0

@cra0_net

Jun 11

Nice saves me using a bat file. ty

Discover more

Sourced from across Twitter

SEKTOR7 Institute

@SEKTOR7net

A map of essential techniques to bypass AVs #redteam

github.com

GitHub - CMEPW/BypassAV: This map lists the essential techniques to bypass anti-virus and EDR

This map lists the essential techniques to bypass anti-virus and EDR - GitHub - CMEPW/BypassAV: This map lists the essential techniques to bypass anti-virus and EDR

224

Show this thread

S3cur3Th1sSh1t

@ShitSecure

Full Driploader port in Nim finally finished 🔥🙂The first start for ETWti / Kernel Callback based detection bypasses from userland. 🧐

When you have to deal with EDR that monitors RtlCreateUserThread, SetThreadContext, NtQueueApcThread, SetThreadContext, CreateRemoteThread, RtlCreateUserThread and QueueUserAPC, there's an insane technique called Threadless Injection by

@_EthicalChaos_

github.com/CCob/Threadles

Adam

@Hexacorn

for the younger audience :-) on tunnelling, and calling code from within a OS code (gadget-like) - ~1996-7 stason.org/TULARC/securit web.textfiles.com/ezines/XINE/xi