zlacker

[parent] [thread] 5 comments
1. gruez+(OP)[view] [source] 2022-03-05 14:34:38
If malware makes it onto your machine, it's already game over. The certificate allows the attacker to load an arbitrary driver, but the attacker doesn't need that to steal all your data.

relevant xkcd: https://xkcd.com/1200/

replies(1): >>ec1096+9f
2. ec1096+9f[view] [source] 2022-03-05 16:29:28
>>gruez+(OP)
Then why are malware authors exploiting this vulnerability?
replies(1): >>hulitu+ap
◧◩
3. hulitu+ap[view] [source] [discussion] 2022-03-05 17:18:15
>>ec1096+9f
Because some corporate environments only allow you to run signed executables. "Defense in depth" :)
replies(1): >>ec1096+091
◧◩◪
4. ec1096+091[view] [source] [discussion] 2022-03-05 21:55:46
>>hulitu+ap
So it’s effective in those environments?
replies(1): >>hulitu+Cg2
◧◩◪◨
5. hulitu+Cg2[view] [source] [discussion] 2022-03-06 10:57:06
>>ec1096+091
> So it’s effective in those environments?

No. Those environments will happyly install the malware code because it is signed by Microsoft.

replies(1): >>ec1096+Lo3
◧◩◪◨⬒
6. ec1096+Lo3[view] [source] [discussion] 2022-03-06 20:31:50
>>hulitu+Cg2
The original post I was responding to was saying it was already game over regardless of whether hacker had the ability to sign their binary.

Clearly that isn’t true.

[go to top]