Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use SigCheck w/ Zimmerman Tools #1199

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Use SigCheck w/ Zimmerman Tools #1199

wants to merge 2 commits into from

Conversation

emtuls
Copy link
Member

@emtuls emtuls commented Dec 12, 2024

This fixes many of the tools that are running into an error in our Daily checks (https://github.com/mandiant/VM-Packages/wiki/Daily-Failures). These specific tools run into an issue where we need to manually update the hashes due to the links not having a version in them so our updater does not properly update the packages for us.

Specifically, this fixes:

  • evtxecmd.vm
  • pecmd.vm
  • recmd.vm
  • registry_explorer.vm
  • rla.vm
  • sqlecmd.vm

@emtuls emtuls added 🐛 bug Something isn't working 🌀 FLARE-VM A package or feature to be used by FLARE-VM labels Dec 12, 2024
@emtuls emtuls self-assigned this Dec 12, 2024
@emtuls emtuls force-pushed the update-ez-tools branch 2 times, most recently from 8a98353 to df410a3 Compare December 12, 2024 06:26
@emtuls emtuls requested a review from Ana06 December 12, 2024 06:30
Ana06
Ana06 requested changes Dec 12, 2024
View reviewed changes
Copy link
Member

@Ana06 Ana06 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a great improvement, thanks for working on this @emtuls!! 💖

I do not like that we have a code that is long and complicated repeated in many packages. could you please add a helper function that we can reuse so that the code in every of the packages is simple and the complicated code is in a single place making it easier to maintain and understand? 🙏

Question: Why can't we use VM-Assert-Signature for RegCool? It seem you didn't need to do anything special in this case 🤔

@emtuls
Copy link
Member Author

emtuls commented Dec 13, 2024

This is a great improvement, thanks for working on this @emtuls!! 💖

I do not like that we have a code that is long and complicated repeated in many packages. could you please add a helper function that we can reuse so that the code in every of the packages is simple and the complicated code is in a single place making it easier to maintain and understand? 🙏

Question: Why can't we use VM-Assert-Signature for RegCool? It seem you didn't need to do anything special in this case 🤔

I've modified the VM-Install-From-Zip to include a new argument for verifying a signature. I was a bit hesitant at first to do it because it seems to make the code look a little bit ugly, but I think it is generally fine and makes for the other code bits in each package to be much cleaner.

The alternative would have been its own function, but it would mimic the VM-Install-From-Zip function in a lot of ways, so I wasn't sure if that would be any better.

As for why we can't use it with RegCool. I believe that this is because the cert used to sign that tool is a self signed cert which is not verified via our method that we use to verify signatures, whereas these tools have a standard CA signing authority.

@emtuls emtuls requested a review from Ana06 December 13, 2024 02:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ana06 Ana06 Awaiting requested review from Ana06

Requested changes must be addressed to merge this pull request.

Assignees

@emtuls emtuls

Labels
🐛 bug Something isn't working 🌀 FLARE-VM A package or feature to be used by FLARE-VM
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@emtuls @Ana06