Limelighter
SigThief
Limelighter | SigThief | |
---|---|---|
4 | 2 | |
843 | 1,943 | |
- | - | |
0.0 | 10.0 | |
about 1 year ago | almost 3 years ago | |
Go | Python | |
MIT License | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Limelighter
-
Red team engagement help!
Use lime lighter to fake code sign for better static detection evasion https://github.com/Tylous/Limelighter
- Limelighter - A tool for generating fake code signing certificates or signing real ones
- LimeLighter - A tool for generating fake code signing certificates or signing real ones
SigThief
-
Hackers exploited Windows 0-day for 6 months after Microsoft knew of it
> To work with supported versions of Windows, third-party drivers must first be digitally signed by Microsoft to certify that they are trustworthy and meet security requirements.
That’s a very bold statement when you can replicate a signature, so now the malware is “trustworthy” https://github.com/secretsquirrel/SigThief
-
Red team engagement help!
I think this is also similar to this https://github.com/secretsquirrel/SigThief
What are some alternatives?
certerator - A tool to generate a custom code signing certificate chain and generate instructions to sign a binary. Useful for establishing persistence on a penetration test.
Freeze - Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods
AceLdr - Cobalt Strike UDRL for memory scanner evasion.
NSGenCS - Extendable payload obfuscation and delivery framework
EDRs
CarbonCopy - A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux
ScareCrow - ScareCrow - Payload creation framework designed around EDR bypass.