Explore a cutting-edge technique for concealing and executing malware within digitally signed executables in this Black Hat conference talk. Delve into the intricacies of evading security solutions by examining the PE file structure, focusing on the certificate table manipulation without compromising the file's valid digital signature. Learn about the custom-built Certificate Bypass tool and Reflective EXE Loader, which enable malware execution directly from memory without leaving traces on disk. Gain insights into the relevant PE structure fields and the steps required for in-memory execution of PE files. Witness a live demonstration showcasing how this method bypasses security solutions by exploiting their certificate table analysis techniques.
Overview
Syllabus
Certificate Bypass: Hiding and Executing Malware from a Digitally Signed Executable
Taught by
Black Hat