Code Integrity in the Kernel: A Look Into ci.dll

![Code Integrity in the Kernel: A Look Into ci.dll](upload://2saKo6zlvJYroozUSfdreRn8y2a.jpeg)

Research by: Ido Moshe, Liron Zuarets, Cybereason Kernel Team

There are cases where you need to reliably identify a process before you allow it to take certain actions. Verifying its Authenticode signature is a trusted way to do that. The user mode dll wintrust provides an API specifically for this purpose.

![|1x1](upload://wetq1fnzALLIDF4fQJFcNqcDEcT.gif)

Article Link: https://www.cybereason.com/blog/code-integrity-in-the-kernel-a-look-into-cidll