- Home
- Security Operations
- Offensive Security
- InvalidSign
InvalidSign
InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.

InvalidSign
InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.
InvalidSign Description
InvalidSign is a security research tool designed to bypass endpoint detection and response (EDR) solutions that block execution of known malicious signed applications. The tool works by obtaining valid signed files with different hash values, effectively circumventing signature-based detection mechanisms that rely on file hashes to identify and block malicious executables. InvalidSign demonstrates this bypass technique through analysis of legitimate system files like cmd.exe and generates test files to validate the evasion method. The tool focuses on exploiting the gap between signature validation and hash-based detection, allowing researchers to understand how signed malware can evade certain security controls. This research tool helps security professionals understand the limitations of hash-based detection systems and the potential for abuse of legitimate code signing certificates.
FEATURED
Password manager with end-to-end encryption and identity protection features
VPN service providing encrypted internet connections and privacy protection
Fractional CISO services for B2B companies to accelerate sales and compliance
Stay Updated with Mandos Brief
Get the latest cybersecurity updates in your inbox
TRENDING CATEGORIES
POPULAR
Security platform that provides protection, monitoring and governance for enterprise generative AI applications and LLMs against various threats including prompt injection and data poisoning.
A threat intelligence aggregation service that consolidates and summarizes security updates from multiple sources to provide comprehensive cybersecurity situational awareness.
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.