Sponsor of the Day:
Jerkmate
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_certutil_encode/
File Encoded To Base64 Via Certutil.EXE | Detection.FYI
Detects the execution of certutil with the
via certutil exedetection fyifileencodedbase64
https://detection.fyi/joesecurity/sigma-rules/decodedllviacertutil/
Decode DLL Via Certutil | Detection.FYI
Decode DLL Via Certutil
via certutildetection fyidecodedll
https://docs.saltproject.io/en/latest/ref/states/all/salt.states.win_certutil.html
salt.states.win_certutil
salt states wincertutil
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_certutil_encode_susp_location/
File In Suspicious Location Encoded To Base64 Via Certutil.EXE | Detection.FYI
Detects the execution of certutil with the
via certutil exesuspicious locationdetection fyifileencoded
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_certutil_download_direct_ip/
Suspicious File Downloaded From Direct IP Via Certutil.EXE | Detection.FYI
Detects the execution of certutil with certain flags that allow the utility to download files from direct IPs.
via certutil exesuspicious filedetection fyidownloadeddirect