Merge pull request #104 from ForensicITGuy/linux-root-ca
Added test to generate and trust root CA on Linux. Updated README.patch-7
commit
fdde68b5e7
|
@ -0,0 +1,20 @@
|
||||||
|
# Install Root Certificate
|
||||||
|
|
||||||
|
MITRE ATT&CK Technique: [T1130](https://attack.mitre.org/wiki/Technique/T1130)
|
||||||
|
|
||||||
|
|
||||||
|
## Create a root CA with openssl
|
||||||
|
openssl genrsa -out rootCA.key 4096
|
||||||
|
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 365 -out rootCA.crt
|
||||||
|
|
||||||
|
## Install root CA on CentOS/RHEL 5 and below
|
||||||
|
cat rootCA.crt >> /etc/pki/tls/certs/ca-bundle.crt
|
||||||
|
|
||||||
|
## Install root CA on CentOS/RHEL 6 and above
|
||||||
|
cp rootCA.crt /etc/pki/ca-trust/source/anchors/
|
||||||
|
update-ca-trust
|
||||||
|
|
||||||
|
## Testing the trusted certificate.
|
||||||
|
To test the new trust, apply the root certificate or another signed with it to a SSL/TLS web service and attempt a connection with curl or wget.
|
||||||
|
|
||||||
|
curl https://art.evil.com
|
|
@ -11,7 +11,7 @@
|
||||||
| Redundant Access | | [Hidden Files and Directories](Defense_Evasion/Hidden_Files_and_Directories.md) | Network Sniffing | [System Information Discovery](Discovery/System_Information_Discovery.md) | | [Trap](Execution/Trap.md) | Data from Network Shared Drive | Exfiltration Over Other Network Medium | Data Obfuscation |
|
| Redundant Access | | [Hidden Files and Directories](Defense_Evasion/Hidden_Files_and_Directories.md) | Network Sniffing | [System Information Discovery](Discovery/System_Information_Discovery.md) | | [Trap](Execution/Trap.md) | Data from Network Shared Drive | Exfiltration Over Other Network Medium | Data Obfuscation |
|
||||||
| [Trap](Persistence/Trap.md) | | Indicator Removal from Tools | Private Keys | [System Network Configuration Discovery](Discovery/System_Network_Configuration_Discovery.md) | | | Data from Removable Media | Exfiltration Over Physical Medium | Fallback Channels |
|
| [Trap](Persistence/Trap.md) | | Indicator Removal from Tools | Private Keys | [System Network Configuration Discovery](Discovery/System_Network_Configuration_Discovery.md) | | | Data from Removable Media | Exfiltration Over Physical Medium | Fallback Channels |
|
||||||
| Valid Accounts | | Indicator Removal on Host | Two-Factor Authentication Interception | System Network Connections Discovery | | | Input Capture | Scheduled Transfer | Multi-Stage Channels |
|
| Valid Accounts | | Indicator Removal on Host | Two-Factor Authentication Interception | System Network Connections Discovery | | | Input Capture | Scheduled Transfer | Multi-Stage Channels |
|
||||||
| Web Shell | | Install Root Certificate | | System Owner/User Discovery | | | Screen Capture | | Multiband Communication |
|
| Web Shell | | [Install Root Certificate](Defense_Evasion/Install_Root_Certificate.md) | | System Owner/User Discovery | | | Screen Capture | | Multiband Communication |
|
||||||
| | | Masquerading | | | | | | | Multilayer Encryption |
|
| | | Masquerading | | | | | | | Multilayer Encryption |
|
||||||
| | | Redundant Access |
|
| | | Redundant Access |
|
||||||
| | | [Rootkits](Defense_Evasion/Rootkits.md) | | | | | | | [Remote File Copy](Command_and_Control/Remote_File_Copy.md) |
|
| | | [Rootkits](Defense_Evasion/Rootkits.md) | | | | | | | [Remote File Copy](Command_and_Control/Remote_File_Copy.md) |
|
||||||
|
|
Loading…
Reference in New Issue