CVE-2013-3900

Weaponized HellsGate/SigFlip

SignatureGate Weaponized version of HellsGate, bypassing AV/EDR/EPPs by abusing opt-in-fix CVE-2013-3900 Most code is from githubcom/am0nsec/SharpHellsGate and githubcom/med0x2e/SigFlip Disclaimer: The information/files provided in this repository are strictly intended for educational and ethical purposes only The techniques and tools are intended to be use

NESSUS-Vulnerability Management Description In this lab I will cover vulnerability scanning and vulnerability remediation I will be using Nessus Essentials to scan local VMs hosted on VMWare Workstation in order run credentialed scans to discover vulnerabilities, remediate some of the vulnerabilities, then perform a rescan to verify remediation Technologies Used VMWare Works

Proof of concept code for injecting content into MSI files without breaking Authenticode

MsiAuthenticodeInject This project demonstrates a proof of concept bypass to Microsoft's optional patch of CVE-2013-3900 How it works? Microsoft's MSI files have Authenticode signatures stored in their \x05DigitalSignature entry Using the same strategy used in CVE-2013-3900, we can append data to the end of the stream, updating the relevant fields from the MSI (size

Packer template for Windows Server 2019 UEFI and secure boot using vSphere-ISO provider Note: this code is compatible with Packer v19x or later This repository contains HashiCorp Packer templates to deploy Windows Server 2019 UEFI and secure boot in VMware vSphere (with vCenter), using the vsphere-iso builder These templates creates the Template (or VM) directly on the vSph

Fix WinVerifyTrust Signature Validation Vulnerability, CVE-2013-3900, QID-378332

Fix-WinVerifyTrustSignatureValidationVuln Fix WinVerifyTrust Signature Validation Vulnerability, CVE-2013-39001, QID-3783322 This Fix is intended for 64-bit Windows Computers This PowerShell code is one way to fix the vulnerability - aside from creating a reg file and using reg import <filereg> to import the new registry key Full Packaged Script: If HKLM:\Softw

Proof of concept code for injecting content into MSI files without breaking Authenticode

MsiAuthenticodeInject This project demonstrates a proof of concept bypass to Microsoft's optional patch of CVE-2013-3900 How it works? Microsoft's MSI files have Authenticode signatures stored in their \x05DigitalSignature entry Using the same strategy used in CVE-2013-3900, we can append data to the end of the stream, updating the relevant fields from the MSI (size

Append a custom data payload to a digitally signed NSIS .exe installer

Append Payload to Signed NSIS Executable Installer File This program allows you to embed a payload containing custom user data into an executable generated by NSIS (Nullsoft Scripted Installer System) and signed with Microsoft SignToolexe (or similar) This is tested and working with the NSIS ReadCustomerData Function Windows recognizes the original digital signature since we

Vulnerability Management Description The project consists of vulnerability scanning and vulnerability remediation These are two of the main steps in the Vulnerability Management Lifecycle I will use Nessus Essentials to scan local VMs hosted on VMWare Workstation to run credentialed scans to discover vulnerabilities, research, and remediate vulnerabilities, then perform a res

WinVerifyTrust Signature Mitigation Script This script can be deployed to mitigate the issue with CVE-2013-3900 Microsoft MSRC Script adds two registry keys and a dword key, if the machine is x64 it will double this

The objective of this lab exercise was to improve my familiarity with Vulnerability Management I chose Nessus to do this lab because I already had some experience with Nessus during my time at University and with TryHackme, so I wanted to further my skills on Nessus The setup featured Nessus Essentials software, VMWare Workstation Player, and a Windows 10 ISO I followed the