Limelighter – A Tool For Generating Fake Code Signing Certificates Or Signing Real Ones

[*] A tool which creates a spoof code signing certificates and sign binaries and DLL files to help evade EDR products and avoid MSS and sock scruitney. LimeLighter can also use valid code signing certificates to sign files. Limelighter can use a fully qualified domain name such as acme.com. Contributing LimeLighter was developed in golang.Read More

ForgeCert – "Golden" Certificates

ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory. This attack is codified as DPERSIST1 in our “Certified Pre-Owned” whitepaper. This code base was released ~45 days after the whitepaper was published. @tifkin_ is the primaryRead More

X