
SigThief
SigThief extracts digital signatures from signed PE files and appends them to other files to create invalid signatures for testing Anti-Virus detection mechanisms.

SigThief
SigThief extracts digital signatures from signed PE files and appends them to other files to create invalid signatures for testing Anti-Virus detection mechanisms.
SigThief Description
SigThief is a security testing tool that extracts digital signatures from signed Portable Executable (PE) files and appends them to other files. The tool creates files with invalid signatures by copying signature data from legitimate signed executables to unsigned or different files. This process results in files that appear to have digital signatures but fail cryptographic validation. SigThief is designed to test how different Anti-Virus engines handle signature validation and prioritization. Security professionals use it to identify inconsistencies in AV signature checking mechanisms and evaluate detection capabilities. The tool operates by parsing the signature data from source PE files and transferring this information to target files, maintaining the signature structure while breaking the cryptographic chain of trust. SigThief supports testing scenarios where researchers need to understand how security products respond to files with manipulated or invalid digital signatures.
FEATURED
Password manager with end-to-end encryption and identity protection features
VPN service providing encrypted internet connections and privacy protection
Fractional CISO services for B2B companies to accelerate sales and compliance
Stay Updated with Mandos Brief
Get the latest cybersecurity updates in your inbox
TRENDING CATEGORIES
POPULAR
Security platform that provides protection, monitoring and governance for enterprise generative AI applications and LLMs against various threats including prompt injection and data poisoning.
A threat intelligence aggregation service that consolidates and summarizes security updates from multiple sources to provide comprehensive cybersecurity situational awareness.
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.