atomic-red-team/atomics/T1122/T1122.yaml

---
attack_technique: T1122
display_name: Component Object Model Hijacking

atomic_tests:
- name: Component Object Model Hijacking
  description: |
    Hijack COM Object used by certutil.exe

  supported_platforms:
    - windows
  executor:
    name: command_prompt
    command: |
      reg import ..\src\COMHijack.reg
      certutil.exe -CAInfo
    cleanup_command: |
      reg import ..\src\COMHijackCleanup.reg