Tuesday, October 19, 2021

SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.

What is it ?

SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) in a way that doesn’t affect or break the existing authenticode signature, in other words you can change PE file checksum/hash by embedding data (i.e shellcode) without breaking the file signature, integrity checks or PE file functionality.

SigInject encrypts and injects shellcode into a PE file’s [WIN_CERTIFICATE] certificate table, the encryption key is printed out for usage with a basic BOF/C/C# l…

Read More

Latest news
Related news