This is a tool that uses the technique of cloning Windows services of Antivirus and cloning digital signatures to inject code into the processes of the Antivirus.
IAmAntimalware.exe <originalSVName> <newSVName> <certPath> <dllPath>
Hijacking technique via Cryptographic Provider
IAmAntimalware.exe <originalSVName> <newSVName> <certPath> <dllPath> <P>
P: Enable PPL (Protected Processes Light) if the service supports it.
IAmAntimalware.exe <originalSVName> <newSVName> <certPath> <dllPath> <CLSID>
CLSID: The CLSID of the COM object to hijack, if the hijacking technique via Cryptographic Provider is not used. It needs to be executed with TrustedInstaller permissions.
Note: dllPath is the absolute path.
Tool to clone the digital signatures
IAmAntimalware: Inject Malicious Code Into Antivirus
Youtube: https://www.youtube.com/watch?v=8xgqQkMtBKs
Some books you should read to sharpen your cybersecurity skills, especially in offensive security:
Books on Programming and Cybersecurity recommended by Zero Salarium Researchers