iVentoy tool injects malicious certificate and driver during Win install
a year ago
- #windows
- #security
- #kernel-drivers
- iVentoy distributes unsafe Windows Kernel drivers through its installation files.
- The tool decrypts 'iventoy.dat' in RAM, revealing potentially malicious content.
- A provided Python script decrypts 'iventoy.dat' manually for analysis.
- Decrypted files contain viruses/trojans, as flagged by VirusTotal and Windows Defender.
- iVentoy installs a self-signed 'EV' certificate ('JemmyLoveJenny EV Root CA0') as trusted.
- The tool attempts to load kernel drivers signed by the bogus certificate.
- The security loophole allows bypassing Microsoft's driver integrity checks.
- GitHub hosts projects supporting fake certificate creation, raising security concerns.