2018-05-24 17:59:15 -06:00
|
|
|
---
|
|
|
|
|
attack_technique: T1122
|
2018-09-28 13:08:15 -06:00
|
|
|
display_name: Component Object Model Hijacking
|
2018-05-24 17:59:15 -06:00
|
|
|
|
|
|
|
|
atomic_tests:
|
2018-09-28 13:08:15 -06:00
|
|
|
- name: Component Object Model Hijacking
|
2018-05-24 17:59:15 -06:00
|
|
|
description: |
|
2018-09-28 13:08:15 -06:00
|
|
|
Hijack COM Object used by certutil.exe
|
2018-05-24 17:59:15 -06:00
|
|
|
|
|
|
|
|
supported_platforms:
|
|
|
|
|
- windows
|
|
|
|
|
executor:
|
2018-09-28 13:08:15 -06:00
|
|
|
name: command_prompt
|
2018-05-24 17:59:15 -06:00
|
|
|
command: |
|
2018-09-28 13:08:15 -06:00
|
|
|
reg import ..\src\COMHijack.reg
|
|
|
|
|
certutil.exe -CAInfo
|
2019-09-03 07:37:06 -06:00
|
|
|
cleanup_command: |
|
2018-09-28 13:08:15 -06:00
|
|
|
reg import ..\src\COMHijackCleanup.reg
|
