From 779f2c71cc694d80e49b0e2f59b955f4e8d1ac93 Mon Sep 17 00:00:00 2001 From: Tony M Lambert Date: Sat, 10 Mar 2018 01:27:49 -0600 Subject: [PATCH] Added test to generate and trust root CA on Linux. Updated README. --- .../Install_Root_Certificate.md | 20 +++++++++++++++++++ Linux/README.md | 2 +- 2 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 Linux/Defense_Evasion/Install_Root_Certificate.md diff --git a/Linux/Defense_Evasion/Install_Root_Certificate.md b/Linux/Defense_Evasion/Install_Root_Certificate.md new file mode 100644 index 00000000..0d6e3a37 --- /dev/null +++ b/Linux/Defense_Evasion/Install_Root_Certificate.md @@ -0,0 +1,20 @@ +# Install Root Certificate + +MITRE ATT&CK Technique: [T1130](https://attack.mitre.org/wiki/Technique/T1130) + + +## Create a root CA with openssl + openssl genrsa -out rootCA.key 4096 + openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 365 -out rootCA.crt + +## Install root CA on CentOS/RHEL 5 and below + cat rootCA.crt >> /etc/pki/tls/certs/ca-bundle.crt + +## Install root CA on CentOS/RHEL 6 and above + cp rootCA.crt /etc/pki/ca-trust/source/anchors/ + update-ca-trust + +## Testing the trusted certificate. +To test the new trust, apply the root certificate or another signed with it to a SSL/TLS web service and attempt a connection with curl or wget. + + curl https://art.evil.com \ No newline at end of file diff --git a/Linux/README.md b/Linux/README.md index d22a7473..888e3514 100644 --- a/Linux/README.md +++ b/Linux/README.md @@ -11,7 +11,7 @@ | Redundant Access | | [Hidden Files and Directories](Defense_Evasion/Hidden_Files_and_Directories.md) | Network Sniffing | [System Information Discovery](Discovery/System_Information_Discovery.md) | | [Trap](Execution/Trap.md) | Data from Network Shared Drive | Exfiltration Over Other Network Medium | Data Obfuscation | | [Trap](Persistence/Trap.md) | | Indicator Removal from Tools | Private Keys | [System Network Configuration Discovery](Discovery/System_Network_Configuration_Discovery.md) | | | Data from Removable Media | Exfiltration Over Physical Medium | Fallback Channels | | Valid Accounts | | Indicator Removal on Host | Two-Factor Authentication Interception | System Network Connections Discovery | | | Input Capture | Scheduled Transfer | Multi-Stage Channels | -| Web Shell | | Install Root Certificate | | System Owner/User Discovery | | | Screen Capture | | Multiband Communication | +| Web Shell | | [Install Root Certificate](Defense_Evasion/Install_Root_Certificate.md) | | System Owner/User Discovery | | | Screen Capture | | Multiband Communication | | | | Masquerading | | | | | | | Multilayer Encryption | | | | Redundant Access | | | | [Rootkits](Defense_Evasion/Rootkits.md) | | | | | | | [Remote File Copy](Command_and_Control/Remote_File_Copy.md) |