Digital Certificates

Hijacking the following registry location will give a Microsoft digital certificate to an unsigned PowerShell script.

HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351}

The original registry values needs to be replaced with the following:

DLL - C:\Users\User\MySIP.dll
FuncName - GetLegitMSSignature