To Export Software Certificates - Pull Requests Welcome:

SoftwareCertificates Repository for Software Certs for easy software blocking (or allowing) across corp environments, for example, using MDE IOC/AppLocker/WDAC

e.g. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/indicator-certificates?view=o365-worldwide

Caution: Some Certs for unsanctioned applications may be used for other applications from the same org that may be legitimate e.g. BlueJeans Conferencing (sanctioned) BlueJeans Remote Desktop Control (unsanctioned)

please do not bulk upload these certs without checking, chances are it will break your environment!

For what its worth personally WDAC >>>> Applocker

App Ref: https://appwiki.checkpoint.com/appwikisdb/public.htm

Also See A good article on abusing code signing certs: https://axelarator.github.io/posts/codesigningcerts/

Of course there are ways around Cert Blocking (e.g. ImageRemoveCertificate API, signTool, SigThief, delcert - more opportunities for detection😉)

Useful Ref For Programs people install on fresh desktop: https://ninite.com/ (also worth blocking ninite's cert)

To Export Software Certificates - Pull Requests Welcome:

Looking to automate this process with Python but for now see below

Right Click on Exe, Select Properties:

Go To Digital Signature Tab:

Click details then View Certificate:

Details Tab:

Copy To File:

Export as Cer:

How to Upload the Bulk IOC CSV to MDE

As of 13/03/2023, certificates cannot be uploaded in bulk, however for domains, urls and hashes:

From Defender, Go To Settings on bottom left:

Then Endpoints:

Indicators then Import - note it it doesn't matter whether you are in File Hash,Domain, IP or Cert tab:

Choose File, then hit Import then Hit Done - note that duplicates are skipped so you can keep adding to the existing CSV:

Python Bulk Ripper

Work In Progress

Testing Tampered Executables

https://github.com/jkerai1/SoftwareCertificates/tree/main/Manipulated%20Exes%20For%20Testing

Name		Name	Last commit message	Last commit date
Latest commit History 505 Commits
AV		AV
Browsers		Browsers
Cloud backup or Exfil Tools		Cloud backup or Exfil Tools
CryptoMiners		CryptoMiners
Gaming		Gaming
Hacking		Hacking
Hardware		Hardware
Malware		Malware
Manipulated Exes For Testing		Manipulated Exes For Testing
Media		Media
Messaging or Conferencing		Messaging or Conferencing
Misc		Misc
PasswordManger		PasswordManger
Piracy		Piracy
Productivity - still possibly PUA		Productivity - still possibly PUA
Programming		Programming
Remote Access Tools		Remote Access Tools
SoftwarePackers		SoftwarePackers
Unwanted		Unwanted
VPN Or Networking		VPN Or Networking
11 bit studios.cer		11 bit studios.cer
3CX.cer		3CX.cer
3cx 5th november.cer		3cx 5th november.cer
AMD - REFERENCE.cer		AMD - REFERENCE.cer
APowerSoft - Picturer unblurer.cer		APowerSoft - Picturer unblurer.cer
AVG Browser.cer		AVG Browser.cer
Ad-Aware - Lavasoft.cer		Ad-Aware - Lavasoft.cer
Adobe - REFERENCE ONLY.cer		Adobe - REFERENCE ONLY.cer
Advanced IP scanner - Famatech.cer		Advanced IP scanner - Famatech.cer
Aegia Technologies.cer		Aegia Technologies.cer
Aloha Browser.cer		Aloha Browser.cer
Anaconda.cer		Anaconda.cer
Anki.cer		Anki.cer
AnyBurn - Power Software Limited.cer		AnyBurn - Power Software Limited.cer
AnyDesk.cer		AnyDesk.cer
Anydesk 03.02.2024 Updated Certificate.cer		Anydesk 03.02.2024 Updated Certificate.cer
Apple - itunes.cer		Apple - itunes.cer
AquaSnap (Nurgo).cer		AquaSnap (Nurgo).cer
Arc Browser - The Browser Company.cer		Arc Browser - The Browser Company.cer
Ardunio Cert.cer		Ardunio Cert.cer
Atera.cer		Atera.cer
Avast.cer		Avast.cer
Avira VPN.cer		Avira VPN.cer
Balena Etcher.cer		Balena Etcher.cer
Bethesda Games.cer		Bethesda Games.cer
Bigly - Torrent.cer		Bigly - Torrent.cer
Blizzard (Battlenet).cer		Blizzard (Battlenet).cer
BlueJeans.cer		BlueJeans.cer
BlueStacks.cer		BlueStacks.cer
Bromium.cer		Bromium.cer
CCleaner.cer		CCleaner.cer
Calibre Ebook.cer		Calibre Ebook.cer
CapCom.cer		CapCom.cer
Capcom 2023.cer		Capcom 2023.cer
Caphyon SRL -Advanced Installer.cer		Caphyon SRL -Advanced Installer.cer
Career Step Pedal.cer		Career Step Pedal.cer
Cheat Engine.cer		Cheat Engine.cer
Cisco.cer		Cisco.cer
Citrix.cer		Citrix.cer
Citrus PR - Adware.cer		Citrus PR - Adware.cer
Clipclip.cer		Clipclip.cer
CloudPlus (CloudApp).cer		CloudPlus (CloudApp).cer
Cloudsync - bdrive.cer		Cloudsync - bdrive.cer
Cognosphere.cer		Cognosphere.cer
Comodo Security Solutions Browser.cer		Comodo Security Solutions Browser.cer
ConnectWise.cer		ConnectWise.cer
ControlCenter4 - Brothers Industries.cer		ControlCenter4 - Brothers Industries.cer
Corsair.cer		Corsair.cer
CyberCNS - NetAnalytics.cer		CyberCNS - NetAnalytics.cer
CyberGhostVPN.cer		CyberGhostVPN.cer
CyberLink (powerDVD).cer		CyberLink (powerDVD).cer
Deezer.cer		Deezer.cer
Dell - Refernece Only.cer		Dell - Refernece Only.cer
Discord.cer		Discord.cer
DriverPackAssistant.cer		DriverPackAssistant.cer
EA Games.cer		EA Games.cer
EasyAntiCheat.cer		EasyAntiCheat.cer
Eclipse.cer		Eclipse.cer
Element IO Messenger (new Vector Limited).cer		Element IO Messenger (new Vector Limited).cer
Epic Browser - Hidden Reflex.cer		Epic Browser - Hidden Reflex.cer
Epic games.cer		Epic games.cer
Epson - Reference.cer		Epson - Reference.cer
ExpressVPN cert.cer		ExpressVPN cert.cer
FatShark.cer		FatShark.cer
FileHippo.cer		FileHippo.cer
FireDaemon Technologies Limited.cer		FireDaemon Technologies Limited.cer
Flipper Zero (Qflipper).cer		Flipper Zero (Qflipper).cer
Floorp - Open Source Developer, Ryosuke Asano.cer		Floorp - Open Source Developer, Ryosuke Asano.cer
Focus Home.cer		Focus Home.cer
Fortinet.cer		Fortinet.cer
Foxit.cer		Foxit.cer
Franz Messenger.cer		Franz Messenger.cer
Frogware games.cer		Frogware games.cer
GOG.cer		GOG.cer
Gajin Games.cer		Gajin Games.cer
Genesys Cloud Services, Inc..cer		Genesys Cloud Services, Inc..cer
GitForWindows.cer		GitForWindows.cer
Glasswire.cer		Glasswire.cer
Global Simulator (VCE).cer		Global Simulator (VCE).cer
Google LLC.cer		Google LLC.cer

jkerai1/SoftwareCertificates

Folders and files

Latest commit

History