Derusbi codesigning bypass analysis

Windows driver signing bypass by Derusbi has a post on Sekoia.Fr analyzing the Derusbi malware and it’s code signing bypass. Detailed analysis.

http://www.sekoia.fr/blog/windows-driver-signing-bypass-by-derusbi/

(The above article is for Windows OS-level security. Note that UEFI also uses code signing very similar to Windows as it’s main form of security. Some of UEFI’s files are stored on a FAT-based file system, which — depending on your OS and how it is configured — lets anyone modify files on FAT volumes, no ACLs.)

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s