authenticode

4 posts tagged authenticode.

Living Off the Land on Windows: The LOLBin Catalog and the Structural Ceiling Microsoft Cannot Break

May 25, 2026

How a 1996 Authenticode design choice produced the LOLBin class, why the LOLBAS catalog has 207 binaries and Microsoft only blocks ~40, and why that gap is permanent.
Mark of the Web, SmartScreen, and the Catalog of Trust: How Windows Decides Whether to Warn You

May 12, 2026

How Windows stacks three trust layers -- origin, reputation, and signed catalog -- and why the 2022-2024 SmartScreen bypass arc was always a propagation bug, never a cryptography bug.
Authenticode and Catalog Files: The Crypto Foundation Under WDAC

May 11, 2026

Every Windows trust decision -- UAC, SmartScreen, WDAC, kernel-driver loading -- bottoms out on the same PKCS#7 SignedData envelope shipped in IE 3 in August 1996. Here is the byte-level reason.
"Who Is This Code?" -- The Quiet 33-Year Reinvention of App Identity in Windows

May 7, 2026

NT 3.1 could prove which user typed at the keyboard but had no answer to which code was running. Eight successive primitives later, Windows is still answering the same question.