HackTool - Certipy Execution (6938366d-8954-4ddc-baff-c830b3ba8fcd)
Detects Certipy execution, a tool for Active Directory Certificate Services enumeration and abuse based on PE metadata characteristics and common command line arguments.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) | Attack Pattern | HackTool - Certipy Execution (6938366d-8954-4ddc-baff-c830b3ba8fcd) | Sigma-Rules | 1 |