Видео MoTW Bypass (Not fixed!)

[Vexer2k]

Technique 1 (Authenticode signature):

Technique 2 (File magic):

Both techniques are simple but effective. If anyone wants to have a go at replicating the first technique here are some details and if you want to replicate the second one here is a small hint

I'm looking forward to seeing some other interesting bypasses if you have any.

I will release more details later

 

[bomboos]

Кто то разобрался с реализацией первого метода? заплачу)

 

[n0tification]

Пиши в пм

 

[n3tstalker]

Good stuff, looking forward to more details

 

[DimmuBurgor]

i didnt watch video but doesnt motw use vhd

 

[Vexer2k]

Microsoft has patched the second technique but the first one still works like a charm. However, only for native files.