#certutil — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #certutil, aggregated by home.social.
-
DFIR Next Steps: What To Do After You Find a Suspicious Use Of certutil.exe: https://www.cybertriage.com/dfir-next-steps/dfir-next-steps-what-to-do-after-you-find-a-suspicious-use-of-certutil-exe/
-
Quick update: the failing tests were apparently because I had my VPN on on macOS (that was creating an additional IPv4 interface that was getting picked up by the tests that check that your server is accessible via a valid TLS certificate from all available local IPs).
So no patch necessary :)
#AutoEncryptLocalhost #https #mkcert #certutil #JavaScript #js #nodeJS #macOS
-
Quick update: the failing tests were apparently because I had my VPN on on macOS (that was creating an additional IPv4 interface that was getting picked up by the tests that check that your server is accessible via a valid TLS certificate from all available local IPs).
So no patch necessary :)
#AutoEncryptLocalhost #https #mkcert #certutil #JavaScript #js #nodeJS #macOS
-
Quick update: the failing tests were apparently because I had my VPN on on macOS (that was creating an additional IPv4 interface that was getting picked up by the tests that check that your server is accessible via a valid TLS certificate from all available local IPs).
So no patch necessary :)
#AutoEncryptLocalhost #https #mkcert #certutil #JavaScript #js #nodeJS #macOS
-
Quick update: the failing tests were apparently because I had my VPN on on macOS (that was creating an additional IPv4 interface that was getting picked up by the tests that check that your server is accessible via a valid TLS certificate from all available local IPs).
So no patch necessary :)
#AutoEncryptLocalhost #https #mkcert #certutil #JavaScript #js #nodeJS #macOS
-
Quick update: the failing tests were apparently because I had my VPN on on macOS (that was creating an additional IPv4 interface that was getting picked up by the tests that check that your server is accessible via a valid TLS certificate from all available local IPs).
So no patch necessary :)
#AutoEncryptLocalhost #https #mkcert #certutil #JavaScript #js #nodeJS #macOS
-
Hey folks, I just released Auto Encrypt Localhost* v8.4.0 with better async support and updated dependencies.
https://www.npmjs.com/package/@small-tech/auto-encrypt-localhost
* My pure JavaScript module (no mkcert, certutil, etc., required) that automatically provisions and installs locally-trusted TLS certificates for Node.js https servers.
(There seems to be an issue with tests failing on macOS, will debug that tomorrow and likely post a patch release.)
#AutoEncryptLocalhost #https #mkcert #certutil #JavaScript #js #nodeJS
-
Hey folks, I just released Auto Encrypt Localhost* v8.4.0 with better async support and updated dependencies.
https://www.npmjs.com/package/@small-tech/auto-encrypt-localhost
* My pure JavaScript module (no mkcert, certutil, etc., required) that automatically provisions and installs locally-trusted TLS certificates for Node.js https servers.
(There seems to be an issue with tests failing on macOS, will debug that tomorrow and likely post a patch release.)
#AutoEncryptLocalhost #https #mkcert #certutil #JavaScript #js #nodeJS
-
Hey folks, I just released Auto Encrypt Localhost* v8.4.0 with better async support and updated dependencies.
https://www.npmjs.com/package/@small-tech/auto-encrypt-localhost
* My pure JavaScript module (no mkcert, certutil, etc., required) that automatically provisions and installs locally-trusted TLS certificates for Node.js https servers.
(There seems to be an issue with tests failing on macOS, will debug that tomorrow and likely post a patch release.)
#AutoEncryptLocalhost #https #mkcert #certutil #JavaScript #js #nodeJS
-
Hey folks, I just released Auto Encrypt Localhost* v8.4.0 with better async support and updated dependencies.
https://www.npmjs.com/package/@small-tech/auto-encrypt-localhost
* My pure JavaScript module (no mkcert, certutil, etc., required) that automatically provisions and installs locally-trusted TLS certificates for Node.js https servers.
(There seems to be an issue with tests failing on macOS, will debug that tomorrow and likely post a patch release.)
#AutoEncryptLocalhost #https #mkcert #certutil #JavaScript #js #nodeJS
-
Hey folks, I just released Auto Encrypt Localhost* v8.4.0 with better async support and updated dependencies.
https://www.npmjs.com/package/@small-tech/auto-encrypt-localhost
* My pure JavaScript module (no mkcert, certutil, etc., required) that automatically provisions and installs locally-trusted TLS certificates for Node.js https servers.
(There seems to be an issue with tests failing on macOS, will debug that tomorrow and likely post a patch release.)
#AutoEncryptLocalhost #https #mkcert #certutil #JavaScript #js #nodeJS
-
random #Linux Tip:
if you have to sign digitally many #PDF documents, then follow the next steps:
1. create a new certificate with #certutil command:
certutil -S -s "CN=[ your full name ],O= [ Business or School ],OU=[ Deparment or position ],L= [ Location ],ST=[ State ],C= [ Country code ],E= [ your email ]" -g 2048 -d sql:$HOME/.pki/nssdb -n [ new name of certificate ] -x -t "Cu,Cu,Cu" -p 405-555-5555 --email [ your email ] -m 1234
2. List the created certificate:
certutil -d sql:$HOME/.pki/nssdb -L
3. Use #Okular and go to: Settings > configure backends > PDF
4. In the section: Certificate database, choose Custom and enter this path: $HOME/.pki/nssdb
5. Apply and Restart Okular, and then you'd see the available certificate in the option of step 4 to sign digitally. -
Good day everyone! The Microsoft Threat Intelligence team has discovered activity from a group known as #FlaxTyphoon. They are a nation-state group from China that targeted organizations in Taiwan. While the group leverages tools that are commonly used, like #ChinaChopper, #MetaSploit, and #Mimikatz, they also rely on abusing #LOLBINS, or Living-off-the-land binaries and scripts (tools that exist and come with the native operating system). Some of their TTPs include using registry key modification for persistence, using #powershell, #certutil, or #bitsadmin to download tools, and accessing #LSASS process memory and Security Account Manager registry hive for credential access. This is a great article that not only provides high-level details but it provides a starting point for any organization to start threat hunting by using the technical details provided! Enjoy your weekend and #HappyHunting!
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #readoftheday
-
Good day everyone! The Microsoft Threat Intelligence team has discovered activity from a group known as #FlaxTyphoon. They are a nation-state group from China that targeted organizations in Taiwan. While the group leverages tools that are commonly used, like #ChinaChopper, #MetaSploit, and #Mimikatz, they also rely on abusing #LOLBINS, or Living-off-the-land binaries and scripts (tools that exist and come with the native operating system). Some of their TTPs include using registry key modification for persistence, using #powershell, #certutil, or #bitsadmin to download tools, and accessing #LSASS process memory and Security Account Manager registry hive for credential access. This is a great article that not only provides high-level details but it provides a starting point for any organization to start threat hunting by using the technical details provided! Enjoy your weekend and #HappyHunting!
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #readoftheday
-
Good day everyone! The Microsoft Threat Intelligence team has discovered activity from a group known as #FlaxTyphoon. They are a nation-state group from China that targeted organizations in Taiwan. While the group leverages tools that are commonly used, like #ChinaChopper, #MetaSploit, and #Mimikatz, they also rely on abusing #LOLBINS, or Living-off-the-land binaries and scripts (tools that exist and come with the native operating system). Some of their TTPs include using registry key modification for persistence, using #powershell, #certutil, or #bitsadmin to download tools, and accessing #LSASS process memory and Security Account Manager registry hive for credential access. This is a great article that not only provides high-level details but it provides a starting point for any organization to start threat hunting by using the technical details provided! Enjoy your weekend and #HappyHunting!
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #readoftheday
-
Good day everyone! The Microsoft Threat Intelligence team has discovered activity from a group known as #FlaxTyphoon. They are a nation-state group from China that targeted organizations in Taiwan. While the group leverages tools that are commonly used, like #ChinaChopper, #MetaSploit, and #Mimikatz, they also rely on abusing #LOLBINS, or Living-off-the-land binaries and scripts (tools that exist and come with the native operating system). Some of their TTPs include using registry key modification for persistence, using #powershell, #certutil, or #bitsadmin to download tools, and accessing #LSASS process memory and Security Account Manager registry hive for credential access. This is a great article that not only provides high-level details but it provides a starting point for any organization to start threat hunting by using the technical details provided! Enjoy your weekend and #HappyHunting!
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #readoftheday
-
Good day everyone! The Microsoft Threat Intelligence team has discovered activity from a group known as #FlaxTyphoon. They are a nation-state group from China that targeted organizations in Taiwan. While the group leverages tools that are commonly used, like #ChinaChopper, #MetaSploit, and #Mimikatz, they also rely on abusing #LOLBINS, or Living-off-the-land binaries and scripts (tools that exist and come with the native operating system). Some of their TTPs include using registry key modification for persistence, using #powershell, #certutil, or #bitsadmin to download tools, and accessing #LSASS process memory and Security Account Manager registry hive for credential access. This is a great article that not only provides high-level details but it provides a starting point for any organization to start threat hunting by using the technical details provided! Enjoy your weekend and #HappyHunting!
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #readoftheday
