Better Manual If Possible?

[DevToolsMasterKit]

Hi, I tried to test this solution but I don't have no idea how, I ran the code and function using powershell ISE but still nothing happens how can I sign a exe?

Also is this solution need to be performed on the target operating system as well or we get a fined tuned signed exe that can be shared?

Regards, Juan

[netbiosX]

Hi Juan

I have written a detailed article here regarding how to use the script: https://pentestlab.blog/2017/11/08/hijack-digital-signatures-powershell-script/

The PowerShell script bypass the certificate validation of Windows and automates the technique of Matt Graeber and you will need the MySIP.dll which can be found on the same repository (Hijack Certificates folder). The DLL is also stored on this repository but you can compile it on your from this repository: https://github.com/mattifestation/PoCSubjectInterfacePackage Admin level privileges are also required on the system.

You will also need to read the following article/paper to get a better understanding of how things are working:

• https://pentestlab.blog/2017/11/06/hijacking-digital-signatures/
• https://specterops.io/assets/resources/SpecterOps_Subverting_Trust_in_Windows.pdf

I will make sure to improve the readme file in the next days so it can be more clear. If you still have issues please let me know.

[DevToolsMasterKit]

Hi @netbiosX and thanks for the fast and detailed reply! So from what I understood it acts like a hack tool to fool windows certificate validation and it had nothing to do with a exe trusted signing that can be used on other PCs, am I right?

Also I don't get one thing, We do this to avoid showing unknown publisher when we start a app with admin elevation but to make this hack happen we also need admin access so, what is the point? am I missing something?

Thanks, Juan