Tracking a stolen code-signing certificate with osquery
Detect signed malware and track stolen code-signing certificates using osquery.
Tracking a stolen code-signing certificate with osquery
Detect signed malware and track stolen code-signing certificates using osquery.
Data verified Jun 2026
ADYour product here. Reach security decision-makers.Launch a campaignTracking a stolen code-signing certificate with osquery Description
Recently, 2.27 million computers running Windows were infected with malware signed with a stolen certificate from the creators of a popular app called CCleaner, and inserted into its software update mechanism. Fortunately, signed malware is now simple to detect with osquery thanks to a pull request submitted by our colleague Alessandro Gario that adds Windows executable code signature verification (also known as Authenticode). This post explains the importance of code signatures in incident response, and demonstrates a use case for this new osquery feature by using it to detect the recent CCleaner malware. If you are unfamiliar with osquery, take a moment to read our previous blog post in which we explain why we are osquery evangelists, and how we extended it to run on the Windows platform. Part of osquery’s appeal is its flexibility and open-source model – if there’s another feature you need built, let us know! Code-signed malware Code signing was intended to be an effective deterrent against maliciously modified executables, and to allow a user (or platform owner) to choose whether to run executables from untrusted sources. Unfortunately, on general-purpose computing platforms like Windows, third-party software vendors are individually responsible for protecting thei
Tracking a stolen code-signing certificate with osquery FAQ
Common questions about Tracking a stolen code-signing certificate with osquery including features, pricing, alternatives, and user reviews.
Tracking a stolen code-signing certificate with osquery is Detect signed malware and track stolen code-signing certificates using osquery. It is a Security Operations solution designed to help security teams with Osquery, Binary Analysis.
Tracking a stolen code-signing certificate with osquery is a free Security Operations tool. This makes it accessible for organizations of all sizes, from startups to enterprises. Visit https://blog.trailofbits.com/2017/10/10/tracking-a-stolen-code-signing-certificate-with-osquery/ for download and installation instructions.
Popular alternatives to Tracking a stolen code-signing certificate with osquery include:
1.Veles - A new age tool for binary analysis that uses statistical visualizations to help find patterns in large amounts of binary data. (Free)
2.Kaitai Struct - A declarative language for describing binary data structures that compiles into parsers for multiple programming languages. (Free)
3.HxD - HxD is a freeware hex editor and disk editor with advanced features for editing files, memory, and disks. (Free)
4.GNU Binutils - A collection of binary tools for various purposes including linking, assembling, profiling, and more. (Free)
5.StrangeBee TheHive IaaS Images - Collaborative case management platform for incident response and investigation (Commercial)
Compare all Tracking a stolen code-signing certificate with osquery alternatives at https://cybersectools.com/alternatives/tracking-a-stolen-code-signing-certificate-with-osquery
Tracking a stolen code-signing certificate with osquery is for security teams and organizations that need Osquery, Binary Analysis. It's particularly suitable for small to medium-sized teams looking for cost-effective solutions. Other Security Operations tools can be found at https://cybersectools.com/categories/security-operations
Have more questions? Browse our categories or search for specific tools.
