You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
authenticode-timestamp
About this tag
The authenticode-timestamp tag covers discussions about code signing timestamps used in Windows Authenticode signatures. Content includes analysis of signed kernel driver abuse, where attackers leverage valid Authenticode timestamps to bypass security controls. Topics examine how timestamped signatures from Microsoft or trusted CAs can be exploited in BYOVD (Bring Your Own Vulnerable Driver) attacks, allowing malicious drivers to appear legitimate. The tag also addresses Windows security features like Protected Processes (PP/PPL) and HVCI that aim to mitigate such threats. Recurring themes involve driver signing policies, timestamp validation, and the role of Authenticode in modern Windows security.
Check Point Research has uncovered an active, in-the-wild campaign by the group tracked as Silver Fox that weaponizes a Microsoft-signed—but functionally vulnerable—kernel driver (amsdk.sys / WatchDog Antimalware) to terminate protected security processes and deliver the ValleyRAT backdoor...