Sunday, January 28, 2018

How can Windows digital signature check be defeated?

Recently, it was determined by a SpecterOps researcher, Matt Graeber, that there is a way to bypass a Windows digital signature check by editing two specific registry keys. This is an important discovery because Windows uses digital signature protection to validate the authenticity of binary files as a security measure.

Digital signature protection is used by Windows and others to determine if a file was tampered with during the time in which it was sent to the receiving party. Being able to validate the integrity of a received file and that it's actually from the party that signed it is important since digital signatures work on trust -- when a system can work around this feature, it opens up doors to malicious activity.

It's also important to state that digital signatures don't secure the file, but give it a level of trust based off of the private key it was signed with; therefore, if that specific key was stolen or used maliciously, then the system would approve the digital signature check.

Many Windows security features and security products rely on the trust and guarantees that a digital signature check brings with it. In the case of the CCleaner malware last month, it spread due to having been signed by a legitimate certificate, which led to the code being trusted by the OS. In his research report, Graeber wrote, "Subverting the trust architecture of Windows, in many cases, is also likely to subvert the efficacy of security products."

The attack is focused on two registry keys that enable you to impersonate files with any other valid signature when adjusted. However, this isn't done via injection of code into the system, but with the registry key modification, meaning the attacker can do this remotely if they have access to the registry. This also means that they must be admins on the system, which isn't incredibly hard to escalate if they aren't don't have permission.

Locking down the administrator rights to limit changes to these keys and implementing monitoring to determine if they were changed would be a way of reviewing if the registry keys were modified, even though this would require the logs of all the systems. It's also possible that a group policy could be made to limit access to these files in greater detail, but these are all reactive methods to this problem.

The issue once again comes down to trust, as this is one area that's put in place to protect you from impersonation. It also happens to be the most likely thing to be used for malicious purposes, especially malware, that would bypass the internal mechanisms to slip past application whitelisting, such as Microsoft's Windows Defender Device Guard.

There needs to be more procedures around digital signature protection to protect against malicious files entering your endpoint.
There needs to be more procedures around digital signature protection to protect against malicious files entering your endpoint, such as reputation services, sandboxes and next-generation malware protection that doesn't rely on signatures.

Is a digital signature check needed? Yes, but it's a layer in the protection against malware, and abusing the trust of these signatures enables them to be bypassed. In the end, we simply need to add more layers to our defense.

My article at:


  1. Several communities possess singles groups which set about enjoyable breast implants aventura things to do mutually, and this also can be is a good choice courting approach. Situations for instance riding a bike, bowling, curling, video hours, dance in addition to humor golf equipment will be arranged from the singles group, also it enables the evenly-distributed number of people to obtain a great in addition to informal night. With focus applied the actual task per se as an alternative to building a intimate relationship, it will require a great deal of pressure off the singles and sites take place a lot more obviously around such a location. elektronische handtekening

  2. Great thanks for sharing about digital signature. This post will be helpful for the readers who are searching for this type of information. Keep it up.
    Also check out :
    AWS Training in chennai | AWS Training center in velachery

  3. For Windows 8 clients the choice to move up to Windows 8.1 ought to be generally simple given the numerous focal points recorded underneath. HTTP Ultimate Guide

  4. AWS Training in Bangalore - Live Online & Classroom
    myTectra Amazon Web Services (AWS) certification training helps you to gain real time hands on experience on AWS. myTectra offers AWS training in Bangalore using classroom and AWS Online Training globally. AWS Training at myTectra delivered by the experienced professional who has atleast 4 years of relavent AWS experince and overall 8-15 years of IT experience. myTectra Offers AWS Training since 2013 and retained the positions of Top AWS Training Company in Bangalore and India.

    IOT Training in Bangalore - Live Online & Classroom
    IOT Training course observes iot as the platform for networking of different devices on the internet and their inter related communication. Reading data through the sensors and processing it with applications sitting in the cloud and thereafter passing the processed data to generate different kind of output is the motive of the complete curricula. Students are made to understand the type of input devices and communications among the devices in a wireless media.

  5. Security company Nottinghamshire can provide highly trained and local security guards in Nottinghamshire that are professional security guards in Nottinghamshire

  6. You need to make a connection with your audience, and the best way to do that is by effectively using social media promotion. check this website

  7. I really loved reading your blog. It was very well authored and easy to understand. Unlike other blogs I have read which are really not that good.Thanks alot!
    Mason Soiza

  8. Check Digit Signature Many people pay attention. For those who want to read this must be read on this page at all.



  9. Get the most advanced AWS Course by Professional expert. Just attend a FREE Demo session.
    For further details call us @ 9884412301 | 9600112302
    AWS training in chennai | AWS training in velachery


  10. Get the most advanced Python Course by Professional expert. Just attend a FREE Demo session.
    For further details call us @ 9884412301 | 9600112302
    Python training in chennai | Python training in velachery

  11. Attend The Data Science Training in Bangalore From ExcelR. Practical Data Science Training in Bangalore Sessions With Assured Placement Support From Experienced Faculty. ExcelR Offers The Data Science Courses in Bangalore.
    ExcelR business analytics courses

  12. Attend The Data Analytics Course From ExcelR. Practical Data Analytics Course Sessions With Assured Placement Support From Experienced Faculty. ExcelR Offers The Data Analytics Course.
    ExcelR Data Analytics Course

  13. I just got to this amazing site not long ago. I was actually captured with the piece of resources you have got here. Big thumbs up for making such wonderful blog page!
    ExcelR data analytics courses

  14. You’ve got some interesting points in this article. I would have never considered any of these if I didn’t come across this. Thanks!. 2020 Services

  15. You actually make it look so easy with your performance but I find this matter to be actually something which I think I would never comprehend. It seems too complicated and extremely broad for me. I'm looking forward for your next post, I’ll try to get the hang of it!
    ExcelR artificial intelligence courses
    Machine learning courses in bangalore

  16. Replacements also provide you with better operation, since the new components will slide up and down with ease. You can easily clean the new products, usually by tilting in both the top and bottom frames to enable you to clean the glass. Replacements often provide greater security than older panes, because new security features typically enable locking to keep criminals out of your home. window installation dallas

  17. Thanks for giving me the time to share such nice information. Thanks for sharing.
    Data Science Course
    Data Science Course in Marathahalli