Merge pull request #104 from ForensicITGuy/linux-root-ca

Added test to generate and trust root CA on Linux. Updated README.
patch-7
caseysmithrc 2018-03-14 21:47:32 -06:00 committed by GitHub
commit fdde68b5e7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 1 deletions

View File

@ -0,0 +1,20 @@
# Install Root Certificate
MITRE ATT&CK Technique: [T1130](https://attack.mitre.org/wiki/Technique/T1130)
## Create a root CA with openssl
openssl genrsa -out rootCA.key 4096
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 365 -out rootCA.crt
## Install root CA on CentOS/RHEL 5 and below
cat rootCA.crt >> /etc/pki/tls/certs/ca-bundle.crt
## Install root CA on CentOS/RHEL 6 and above
cp rootCA.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust
## Testing the trusted certificate.
To test the new trust, apply the root certificate or another signed with it to a SSL/TLS web service and attempt a connection with curl or wget.
curl https://art.evil.com

View File

@ -11,7 +11,7 @@
| Redundant Access | | [Hidden Files and Directories](Defense_Evasion/Hidden_Files_and_Directories.md) | Network Sniffing | [System Information Discovery](Discovery/System_Information_Discovery.md) | | [Trap](Execution/Trap.md) | Data from Network Shared Drive | Exfiltration Over Other Network Medium | Data Obfuscation | | Redundant Access | | [Hidden Files and Directories](Defense_Evasion/Hidden_Files_and_Directories.md) | Network Sniffing | [System Information Discovery](Discovery/System_Information_Discovery.md) | | [Trap](Execution/Trap.md) | Data from Network Shared Drive | Exfiltration Over Other Network Medium | Data Obfuscation |
| [Trap](Persistence/Trap.md) | | Indicator Removal from Tools | Private Keys | [System Network Configuration Discovery](Discovery/System_Network_Configuration_Discovery.md) | | | Data from Removable Media | Exfiltration Over Physical Medium | Fallback Channels | | [Trap](Persistence/Trap.md) | | Indicator Removal from Tools | Private Keys | [System Network Configuration Discovery](Discovery/System_Network_Configuration_Discovery.md) | | | Data from Removable Media | Exfiltration Over Physical Medium | Fallback Channels |
| Valid Accounts | | Indicator Removal on Host | Two-Factor Authentication Interception | System Network Connections Discovery | | | Input Capture | Scheduled Transfer | Multi-Stage Channels | | Valid Accounts | | Indicator Removal on Host | Two-Factor Authentication Interception | System Network Connections Discovery | | | Input Capture | Scheduled Transfer | Multi-Stage Channels |
| Web Shell | | Install Root Certificate | | System Owner/User Discovery | | | Screen Capture | | Multiband Communication | | Web Shell | | [Install Root Certificate](Defense_Evasion/Install_Root_Certificate.md) | | System Owner/User Discovery | | | Screen Capture | | Multiband Communication |
| | | Masquerading | | | | | | | Multilayer Encryption | | | | Masquerading | | | | | | | Multilayer Encryption |
| | | Redundant Access | | | | Redundant Access |
| | | [Rootkits](Defense_Evasion/Rootkits.md) | | | | | | | [Remote File Copy](Command_and_Control/Remote_File_Copy.md) | | | | [Rootkits](Defense_Evasion/Rootkits.md) | | | | | | | [Remote File Copy](Command_and_Control/Remote_File_Copy.md) |