Installing Root Certificate
Defense Evasion
Execution
Adding a certificate with a native windows binary:
attacker@victim
Checking to see the certificate got installed:
Adding the certificate with powershell:
attacker@victim
Observations
Advanced poweshell logging to the rescue:
Commandline logging:
The CAs get installed to:
..so it is worth monitoring registry changes there:
References
Last updated