Collaborate Disseminate
In this security tutorial:
https://youtu.be/dykc9YC9Z6U?t=257
the author claims that "sihost is a network component of the malware…" (at 4:23). Yet, prior to his claim, at 3:09 he shows that that particular sihost is signed as … Continue reading Can malware module be signed as Microsoft Corporation module?
If I have a Java thin client app that connects to a server, and I want to protect my client from a malicious use, so I want to implement a sort of signature.
Now the struggle is, if I want to sign the client files, I need to have the keys … Continue reading How to provide signature for a thin client app?
The cybercriminals who breached Taiwanese multinational MSI last month have apparently leaked the company’s private code signing keys on their dark web site. The breach MSI (Micro-Star International) is a corporation that develops and sells compu… Continue reading MSI’s firmware, Intel Boot Guard private keys leaked
I am applying for a new code signing certificate and I specified to the CA I need a certificate that will be time stamped such that any assembly signed during the valid date range will still execute even beyond that date range. They sent … Continue reading What does the OID value in my CSR mean?
I have been tasked with designing a solution for signing source code. I have not found much on whether or not there is a standard for storing the signed code and it’s hash and code signing cert.
As I understand it, signing source code invo… Continue reading How to Store Signed Source Code + Encrypted HASH +Code Signing Cert
There was a breach, so the bad news isn’t great, but the good news isn’t too bad… Continue reading GitHub code-signing certificates stolen (but will be revoked this week)
As a security measure, my Windows-based work computer has been configured to deny any application that hasn’t been signed with a valid certificate; my system will run a signed executable from DropBox’s website, but it will refuse to run an… Continue reading How can code signing posibly be secure on Windows when signed executables act on unsigned input?
I did a lot of research on how to securely create, use and backup android signing keys (when using Google Play Signing is not an option). The best option seams to be a Yubikey or a Nitrokey HSM 2 and use their pkcs11 capability [0].
Backin… Continue reading How to create, use and backup android signing keys without trusting the computer?
Does Windows 11 need to make a network connection to verify a code signature for a .exe or .dll file?
Continue reading Does verifying a code signature require making a network connection?
I have a system (lets call it signer) that has private keys for doing Authenticode code signing. I have bunch of build systems that want to sign generated build artifacts. Obviously I can’t use signtool directly on build systems as private… Continue reading Windows CSP for remote signing