MITRE ATT&CK / T1116
T1116
Code Signing
Description
Code signing provides a level of authenticity on a binary from the developer and a guarantee that the binary has not been tampered with. (Citation: Wikipedia Code Signing) However, adversaries are known to use code signing certificates to masquerade malware and tools as legitimate binaries (Citation: Janicab). The certificates used during an operation may be created, forged, or stolen by the adversary. (Citation: Securelist Digital Certificates) (Citation: Symantec Digital Certificates)Code signing to verify software on first run can be used on modern Windows and macOS/OS X systems. It is not used on Linux due to the decentralized nature of the platform. (Citation: Wikipedia Code Signing)Code signing certificates may be used to bypass security policies that require signed code to execute on a system.
Platforms
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Our coverage
- TrustFall: AI Coding Agents Exploitable with One Enter Keypress
- SHA-1 Algorithm Explained: How It Works, Step by Step
- DAEMON Tools Supply Chain Attack: Official Installers Backdoored by Suspected Chinese APT
- EDR Vendor Breach Downstream Risk: Responding When Your Security Tool Is Compromised
- DigiCert Support Portal Hacked: Stolen EV Certificates Used to Sign Zhong Stealer Malware
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →