Mastodawn

Tedi Heriyanto Nov 29, 2024

DFIR Next Steps: What To Do After You Find a Suspicious Use Of certutil.exe: https://www.cybertriage.com/dfir-next-steps/dfir-next-steps-what-to-do-after-you-find-a-suspicious-use-of-certutil-exe/

#dfir #certutil

DFIR Next Steps: What To Do After You Find a Suspicious Use Of certutil.exe

This post in the “DFIR Next Steps” series is about what to do when an alert relating to the use of certutil.exe is raised. As with previous posts, we’ll

Cyber Triage

Show thread

Aral Balkan Mar 10, 2024

Quick update: the failing tests were apparently because I had my VPN on on macOS (that was creating an additional IPv4 interface that was getting picked up by the tests that check that your server is accessible via a valid TLS certificate from all available local IPs).

So no patch necessary :)

#AutoEncryptLocalhost #https #mkcert #certutil #JavaScript #js #nodeJS #macOS

Aral Balkan Mar 9, 2024

Hey folks, I just released Auto Encrypt Localhost* v8.4.0 with better async support and updated dependencies.

https://www.npmjs.com/package/@small-tech/auto-encrypt-localhost

* My pure JavaScript module (no mkcert, certutil, etc., required) that automatically provisions and installs locally-trusted TLS certificates for Node.js https servers.

(There seems to be an issue with tests failing on macOS, will debug that tomorrow and likely post a patch release.)

#AutoEncryptLocalhost #https #mkcert #certutil #JavaScript #js #nodeJS

@small-tech/auto-encrypt-localhost

Automatically provisions and installs locally-trusted TLS certificates for Node.js https servers in 100% JavaScript.. Latest version: 8.4.0, last published: 12 minutes ago. Start using @small-tech/auto-encrypt-localhost in your project by running `npm i @small-tech/auto-encrypt-localhost`. There are 2 other projects in the npm registry using @small-tech/auto-encrypt-localhost.

npm

🏁⚡Omar Two Tone⚡🏁

Sep 3, 2023

random #Linux Tip:
if you have to sign digitally many #PDF documents, then follow the next steps:
1. create a new certificate with #certutil command:
certutil -S -s "CN=[ your full name ],O= [ Business or School ],OU=[ Deparment or position ],L= [ Location ],ST=[ State ],C= [ Country code ],E= [ your email ]" -g 2048 -d sql:$HOME/.pki/nssdb -n [ new name of certificate ] -x -t "Cu,Cu,Cu" -p 405-555-5555 --email [ your email ] -m 1234
2. List the created certificate:
certutil -d sql:$HOME/.pki/nssdb -L
3. Use #Okular and go to: Settings > configure backends > PDF
4. In the section: Certificate database, choose Custom and enter this path: $HOME/.pki/nssdb
5. Apply and Restart Okular, and then you'd see the available certificate in the option of step 4 to sign digitally.

Just Another Blue Teamer Sep 2, 2023

Good day everyone! The Microsoft Threat Intelligence team has discovered activity from a group known as #FlaxTyphoon. They are a nation-state group from China that targeted organizations in Taiwan. While the group leverages tools that are commonly used, like #ChinaChopper, #MetaSploit, and #Mimikatz, they also rely on abusing #LOLBINS, or Living-off-the-land binaries and scripts (tools that exist and come with the native operating system). Some of their TTPs include using registry key modification for persistence, using #powershell, #certutil, or #bitsadmin to download tools, and accessing #LSASS process memory and Security Account Manager registry hive for credential access. This is a great article that not only provides high-level details but it provides a starting point for any organization to start threat hunting by using the technical details provided! Enjoy your weekend and #HappyHunting!

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #readoftheday