Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update d3d11.yml #101

Closed
wants to merge 4 commits into from
Closed

Update d3d11.yml #101

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c22cae6
Update d3d11.yml
xorjosh Jan 24, 2025
d96bbb3
Update d3d11.yml
xorjosh Jan 24, 2025
bde8b39
Update d3d11.yml
xorjosh Jan 24, 2025
9920952
Update d3d11.yml
xorjosh Jan 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions yml/microsoft/built-in/d3d11.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
---

Check failure on line 1 in yml/microsoft/built-in/d3d11.yml

View workflow job for this annotation

GitHub Actions / linting-and-qc-checks

extra_forbidden 

Extra inputs are not permitted: VulnerableExecutables.11.ExpectedSignatureInformation.1.Path
Name: d3d11.dll
Author: Wietze Beukema
Created: 2021-02-27
Expand Down Expand Up @@ -50,7 +50,7 @@
Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Type: Catalog
- Path: '%SYSTEM32%\systemreset.exe'
Type: Sideloading

Check failure on line 53 in yml/microsoft/built-in/d3d11.yml

View workflow job for this annotation

GitHub Actions / linting-and-qc-checks

string_pattern_mismatch 

String should match pattern '^(Authenticode|Catalog)$': VulnerableExecutables.11.ExpectedSignatureInformation.1.Type
AutoElevate: true
ExpectedSignatureInformation:
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Expand All @@ -71,9 +71,11 @@
Type: Sideloading
AutoElevate: true
ExpectedSignatureInformation:
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN="Skutta, Kristjan", O="Skutta, Kristjan", L=Berlin, C=DE
Issuer: CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Type: Catalog
- Path: '%ProgramFiles(x86)%\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe'
Type: Sideloading
Resources:
- https://wietze.github.io/blog/hijacking-dlls-in-windows
- https://securityintelligence.com/posts/windows-features-dll-sideloading/
Expand All @@ -83,3 +85,6 @@
Twitter: '@wietze'
- Name: Chris Spehn
Twitter: '@ConsciousHacker'
- Name: Josh Allman
Company: Huntress
Twitter: '@xorjosh'
Loading