Secondary Categories: 02 - Malware
Description:
A code signing cert can be applied to our payloads to help evade EDR. Although some EDR will not check if the certificate used is a valid.
Bypass
We can bypass this by using tools such as CarbonCopy, SigThief, and LimeLighter to generate fake certificates and attach it to our malicious payload.
Each of these tools have some differences
Resources:
| Title | URL |
|---|---|
| CarbonCopy | https://github.com/paranoidninja/CarbonCopy |
| SigThief | https://github.com/secretsquirrel/SigThief |
| LimeLighter | https://github.com/Tylous/Limelighter |