Windows driver signing bypass by Derusbi has a post on Sekoia.Fr analyzing the Derusbi malware and it’s code signing bypass. Detailed analysis.
http://www.sekoia.fr/blog/windows-driver-signing-bypass-by-derusbi/
(The above article is for Windows OS-level security. Note that UEFI also uses code signing very similar to Windows as it’s main form of security. Some of UEFI’s files are stored on a FAT-based file system, which — depending on your OS and how it is configured — lets anyone modify files on FAT volumes, no ACLs.)
