HackTool - Certipy Execution

Rule Info

Name
HackTool - Certipy Execution
Author
pH-T (Nextron Systems), Sittikorn Sangrattanapitak
Description
Detects Certipy execution, a tool for Active Directory Certificate Services enumeration and abuse based on PE metadata characteristics and common command line arguments.
Reference
https://github.com/ly4k/Certipy
Date
2023-04-17 00:00:00
Modified
2024-10-08 00:00:00
Id
6938366d-8954-4ddc-baff-c830b3ba8fcd
Tags
attack.discovery attack.credential-access attack.t1649
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=6938366d-8954-4ddc-baff-c830b3ba8fcd

Rule History

Author
Title
Date
Commit
Sittikorn S
Merge PR #5008 from @BlackB0lt - Update `HackTool - Certipy Execution`
2024-10-09
86989a046
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
github-actions[bot]
Merge PR #4745 from @nasbench - Promote older rules status from `experimental` to `test`
2024-03-01
0108cdc34
Nasreddine Bencherchali
feat: update pr related hktl rules
2023-04-21
cb5d421c4
Paul Hager
feat: various new hktl rules
2023-04-17
0420e9c3b
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022