all InfoSec news
Malware Analysis - 3CX SmoothOperator Authenticode Abuse
April 5, 2023, 12:38 p.m. | MalwareAnalysisForHedgehogs
MalwareAnalysisForHedgehogs www.youtube.com
Buy me a coffee: https://ko-fi.com/struppigel
Follow me on Twitter: https://twitter.com/struppigel
AnalysePESig: https://blog.didierstevens.com/programs/authenticode-tools/
SigFlip: https://github.com/med0x2e/SigFlip
Sysinternals: https://learn.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
Using unauthenticated data inside authenticode signed binaries: https://web.archive.org/web/20150426192725/http://blogs.msdn.com/b/ieinternals/archive/2014/09/04/personalizing-installers-using-unauthenticated-data-inside-authenticode-signed-binaries.aspx
00:00 Intro
00:37 Signature verification
02:09 SigFlip and SigLoader
03:05 Ways to hide data in authenticode structures
06:00 Detecting hidden authenticode data
08:11 Why this still works
09:05 Outro
3cx abuse analysis authenticode data detect files hidden hide malware malware analysis microsoft sigflip signature signatures valid verification
More from www.youtube.com / MalwareAnalysisForHedgehogs
Binary Ninja - Fix unresolved stack pointer
2 months, 1 week ago |
www.youtube.com
Malware Analysis - 3 ways to deobfuscate JScript and JavaScript malware
4 months, 1 week ago |
www.youtube.com
Malware Analysis - ZPAQ to .NET downloader to Injector DLL unpacking
5 months, 4 weeks ago |
www.youtube.com
Jobs in InfoSec / Cybersecurity
Senior Security Engineer - Detection and Response
@ Fastly, Inc. | US (Remote)
Application Security Engineer
@ Solidigm | Zapopan, Mexico
Defensive Cyber Operations Engineer-Mid
@ ISYS Technologies | Aurora, CO, United States
Manager, Information Security GRC
@ OneTrust | Atlanta, Georgia
Senior Information Security Analyst | IAM
@ EBANX | Curitiba or São Paulo
Senior Information Security Engineer, Cloud Vulnerability Research
@ Google | New York City, USA; New York, USA