public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-25 22:39:27 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #162 from esebese/master

Browse Source 
Create certoc.yml
This commit is contained in:
Oddvar Moe 2021-10-22 16:02:20 +02:00 committed by GitHub
commit e32f944030
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
yml/OSBinaries/certoc.yml Normal file
View File

@ -0,0 +1,28 @@
---
Name: CertOC.exe
Description: Used for installing certificates
Author: 'Ensar Samil'
Created: '2021-10-07'
Commands:
- Command: certoc.exe -LoadDLL "C:\test\calc.dll"
Description: Loads the target DLL file
Usecase: Execute code within DLL file
Category: Execute
Privileges: User
MitreID: T1218
MitreLink: https://attack.mitre.org/wiki/Technique/T1218
OperatingSystem: Windows Server 2022
Full_Path:
- Path: c:\windows\system32\certoc.exe
- Path: c:\windows\syswow64\certoc.exe
Code_Sample:
- Code:
Detection:
- IOC: Process creation with given parameter
- IOC: Unsigned DLL load via certoc.exe
Resources:
- Link: https://twitter.com/sblmsrsn/status/1445758411803480072?s=20
Acknowledgement:
- Person: Ensar Samil
Handle: '@sblmsrsn'
---