ItsNotASecurityBoundary is an exploit that leverages False File Immutability assumptions in Windows Code Integrity (ci.dll) to trick it into accepting an improperly-signed security catalog containing fraudulent authentihashes. With attacker-controlled authentihashes loaded and trusted by CI, the kernel will load any driver of the attacker's choosing, even unsigned ones.
🔗 https://github.com/gabriellandau/ItsNotASecurityBoundary
#driver #signature #bypass #ffi #windows
Please open Telegram to view this post
VIEW IN TELEGRAM
👍7