
Rule Info
Name
Certificate Exported Via PowerShell
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects calls to cmdlets that are used to export certificates from the local certificate store. Threat actors were seen abusing this to steal private keys from compromised machines.
Date
2023-05-18 00:00:00
Modified
None
Id
9e716b33-63b2-46da-86a4-bd3c3b9b5dfb
Tags
attack.credential-access attack.execution attack.t1552.004 attack.t1059.001
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
github-actions[bot]
Merge PR #4791 from @nasbench - Promote older rules status from `experimental` to `test`
2024-04-01