What is the role of SIP (Subject Interface Package) in signature verification, and why is it a target?

SIP (Subject Interface Package) provides a pluggable architecture for Authenticode signature verification, with different GUIDs for PE files, catalog files, etc. The `CryptSIPDllVerifyIndirectData` registry key points to the DLL and function that performs actual verification. By changing this key to a custom DLL that always returns `TRUE`, attackers can completely bypass signature checking for PE files, making any forged signature appear valid. This is explained in the CAT File Digital Signature Usage Techniques article as a related concept for catalog signatures.