Windows 10: Malicious Use of Code Signing Certificate

Discus and support Malicious Use of Code Signing Certificate in AntiVirus, Firewalls and System Security to solve the problem; After a fresh install of Window 10 I observed bizaar behavior with the OS. The Event Viewer logged several 3rd party admin services installed with... Discussion in 'AntiVirus, Firewalls and System Security' started by d4rkst4r74, Feb 10, 2021.

  1. Malicious Use of Code Signing Certificate


    After a fresh install of Window 10 I observed bizaar behavior with the OS. The Event Viewer logged several 3rd party admin services installed with Development Code Signing Certificates. Several other potential activities also witnessed. My Admin account was denied access to make modifications to Firewall and GPO. Windows Defender doesn't detect activities as a threat. How can I find Correct Trusted OEM Certs for cross reference. Anyone familiar with use of so called "Code Signing Certificates" and their potential for abuse?

    :)
     
    d4rkst4r74, Feb 10, 2021
    #1
  2. fuglede Win User

    Whitelisting code signing certificates signed by internal CA in AppLocker

    In Windows 10's AppLocker, it is possible to whitelist applications and libraries signed by a given publisher:


    Malicious Use of Code Signing Certificate 3Ssr8.png


    In our case, we have a number of developers producing libraries and signing them with code signing certificates which are signed by an internal CA. The wizard pictured above can be used to whitelist the libraries developed by an individual developer.

    As such, what I'm wondering is if there is a (preferred) way to whitelist all code signing certificates signed by a given CA, in this case the internal one?
     
    fuglede, Feb 10, 2021
    #2
  3. How to sign Powershell profile w/ self-signed certificate?

    I currently have my execution-policy set to AllSigned. I don't want to change it or bypass that restriction.

    When I created my profile script--or whatever it's called--I wanted to do so in order to set permanent aliases.

    For whatever reason, Microsoft has made it an ever increasingly difficult endeavor just to create permanent aliases.

    The problem now is that it won't run the script because it isn't digitally signed.

    I attempted to make a self-signed certificate to sign the blasted thing but I never got anywhere.

    I've looked at a few guides online but they all assume I'm in a server environment or something (which means the steps keep changing or involve unnecessary steps).

    In the end, I wound up with a code-signing cert and the thing is in my current-user cert store.

    I'm trying to get this to work on my Windows 10 Pro desktop but I haven't a clue as to what I'm actually supposed to be doing.

    Is it even possible to get what I'm asking for? *Confused

    P.S. - I have no experience with either Powershell or certificates. The only reason I know what I've mentioned so far is because I spent 2-3 minutes glossing over the help files. My knowledge of PKI has me understanding that you need a private key to sign something, but I can't even get the certificate to validate my own key so it's kind of getting me flustered at this point.
     
    That Random Guy, Feb 10, 2021
    #3
Thema:

Malicious Use of Code Signing Certificate

Loading...
  1. Malicious Use of Code Signing Certificate - Similar Threads - Malicious Code Signing

  2. App Store Verification reports no Code Sign Certificate

    in Microsoft Windows 10 Store
    App Store Verification reports no Code Sign Certificate: I am an individual developer.I am trying to upload my app to the App Store. I have purchased a Individual Code Signing Certificate and completed all the hardware and ID requirements. I have used signtool.exe to sign my installer and used signtool.exe verify to check it is...
  3. App Store Verification reports no Code Sign Certificate

    in Windows 10 Gaming
    App Store Verification reports no Code Sign Certificate: I am an individual developer.I am trying to upload my app to the App Store. I have purchased a Individual Code Signing Certificate and completed all the hardware and ID requirements. I have used signtool.exe to sign my installer and used signtool.exe verify to check it is...
  4. Compromised code signing certificate

    in Windows 10 Gaming
    Compromised code signing certificate: I would like to report to Microsoft that the private key of the MEDIATEK INC. certificate with the serial number 56f008e69a7c4c3feb389c66eaf58259 has had its private key compromised by bad actors and that the validity of this certificate should be revoked immediately. Where...
  5. Compromised code signing certificate

    in Windows 10 Software and Apps
    Compromised code signing certificate: I would like to report to Microsoft that the private key of the MEDIATEK INC. certificate with the serial number 56f008e69a7c4c3feb389c66eaf58259 has had its private key compromised by bad actors and that the validity of this certificate should be revoked immediately. Where...
  6. Compromised code signing certificate

    in AntiVirus, Firewalls and System Security
    Compromised code signing certificate: I would like to report to Microsoft that the private key of the MEDIATEK INC. certificate with the serial number 56f008e69a7c4c3feb389c66eaf58259 has had its private key compromised by bad actors and that the validity of this certificate should be revoked immediately. Where...
  7. Trusted Publisher - Code Signing Certificate

    in Windows 10 Gaming
    Trusted Publisher - Code Signing Certificate: I am working on trying code signing on my test environment and have now created a certificate template on my CA that I can request with my user. The certificate expires after one year, but in my Powershell script I give a timestamp server when signing. So the signed script...
  8. Trusted Publisher - Code Signing Certificate

    in Windows 10 Software and Apps
    Trusted Publisher - Code Signing Certificate: I am working on trying code signing on my test environment and have now created a certificate template on my CA that I can request with my user. The certificate expires after one year, but in my Powershell script I give a timestamp server when signing. So the signed script...
  9. Trusted Publisher - Code Signing Certificate

    in AntiVirus, Firewalls and System Security
    Trusted Publisher - Code Signing Certificate: I am working on trying code signing on my test environment and have now created a certificate template on my CA that I can request with my user. The certificate expires after one year, but in my Powershell script I give a timestamp server when signing. So the signed script...
  10. EV Code Signing Certificate and MS Defender

    in AntiVirus, Firewalls and System Security
    EV Code Signing Certificate and MS Defender: Hello I understand that applying an EV Code Signing Certificate to an exe file will overcome the screening by Windows Defender and other anti virus software. Is this so? Are there any traps? Thanks...