How does the signature verification hijacking technique work?

Signature verification hijacking modifies the registry key `HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}` (for PE files) to replace the default DLL and function name with a custom DLL that always returns `TRUE`. This causes `Get-AuthenticodeSignature`, `signtool`, and `sigcheck` to report any forged signature as valid, as demonstrated in the article. The technique leverages the Subject Interface Package (SIP) architecture for verification.