Installing Root Certificate
Defense Evasion

Adding a certificate with a native windows binary:
certutil.exe -addstore -f -user Root C:\Users\spot\Downloads\certnew.cer
Checking to see the certificate got installed:
Adding the certificate with powershell:
Import-Certificate -FilePath C:\Users\spot\Downloads\certnew.cer -CertStoreLocation Cert:\CurrentUser\Root\

Advanced poweshell logging to the rescue:
Commandline logging:
The CAs get installed to:
Computer\HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\C6B22A75B0633E76C9F21A81F2EE6E991F5C94AE it is worth monitoring registry changes there:

Subvert Trust Controls: Install Root Certificate, Sub-technique T1553.004 - Enterprise | MITRE ATT&CK®
Copy link
On this page