Detection
The following detection tools and resources are available:
The Cert Graveyard YARA
The Cert Graveyard YARA project is an automated tool to collect updates to the Cert Graveyard database and automatically generate YARA rules: The Cert Graveyard YARA by TJNel
Kusto Query Language (KQL) - External Data
Microsoft Defender for Endpoint (MDE) allows the user to pull external data for running Kusto queries. This can be used to pull the Cert Graveyard database for detection purposes. In the queries in this GitHub repository, this method is demonstrated to use the database to look for the presence of malicious files: queries in Detection Engineering & Threat Hunting (DE&TH) by SecurityAura
Prevention
The following prevention tools and resources are available:
MagicSword
Signed malware can be prevented from loading natively on Windows using WDAC. MagicSword is my recommended tool for handling this. MagicSword leverages the CertGraveyard database automatically and the use of the database is available in both the free and paid tiers. This allows you to easily leverage the CertGraveyard to prevent malicious files from executing.