Chains
TTPs
Blog
Login
Prelude chain browser
Vulnerable Certificates
Create a random XOR byte and ingress and XOR a Certify payload to a temporary file on the target system. Bypass AMSI, load, and then run the XOR'd Certify payload in memory.
2021-10-19
Professional
This is a professional attack chain. A professional subscription automatically gives you access to this chain + 50 more, with direct integration inside of Operator.
Authors:
khyberspache, @harmj0y, @tifkin_
Execute this chain
Download Operator (1.7.1)
Learn about Operator
TTPs
Ingress payload to XOR'd file
Discover vulnerable AD CS certificates
Create an XOR byte
Tactics
Command-and-control
Discovery
Collection
User-Set Custom Variables
payload.uri: 16ede7f6fb128e4cd53381a54a1831ccc8d3f6f2/Certify.exe