zlacker

[parent] [thread] 4 comments
1. ec1096+(OP)[view] [source] 2022-03-05 16:29:28
Then why are malware authors exploiting this vulnerability?
replies(1): >>hulitu+1a
2. hulitu+1a[view] [source] 2022-03-05 17:18:15
>>ec1096+(OP)
Because some corporate environments only allow you to run signed executables. "Defense in depth" :)
replies(1): >>ec1096+RT
◧◩
3. ec1096+RT[view] [source] [discussion] 2022-03-05 21:55:46
>>hulitu+1a
So it’s effective in those environments?
replies(1): >>hulitu+t12
◧◩◪
4. hulitu+t12[view] [source] [discussion] 2022-03-06 10:57:06
>>ec1096+RT
> So it’s effective in those environments?

No. Those environments will happyly install the malware code because it is signed by Microsoft.

replies(1): >>ec1096+C93
◧◩◪◨
5. ec1096+C93[view] [source] [discussion] 2022-03-06 20:31:50
>>hulitu+t12
The original post I was responding to was saying it was already game over regardless of whether hacker had the ability to sign their binary.

Clearly that isn’t true.

[go to top]