Tag

Certreq

1 brief RSS

Potential Abuse of Certreq for File Transfer via HTTP POST

Adversaries may abuse the Windows Certreq utility to download files or upload data to a remote URL by making an HTTP POST request, potentially for command and control or exfiltration, which can be detected by monitoring process execution events.

Microsoft Defender XDR +2 lolbin command-and-control exfiltration certreq

2r 4t Jan 28, 2024