Certificate Audit - Windows
0 Votes |
Description
Property Details
2994825 | |
Alpha - Code that was just developed | |
Certificate Audit - Windows | |
BESC | |
jgstew on 11/25/2015 9:15:01 PM | |
jgstew on 11/25/2015 9:15:01 PM | |
6396 Views / 93 Downloads | |
* Average over 0 ratings. ** Log In or Register to add your rating. |
Properties
Root CAs in Windows
Period
12 hours
* Results in a "string"/number |
( concatenations " ; " of (preceding text of first "%82%01" of it | it) whose(it != "" AND it does not contain "%00%00%00%01%00%00%00") of (preceding text of first "%82%0f" of it | it) of (preceding text of first "0%82" of it | it) of (preceding text of first "0%81" of it | it) of (preceding text of first "0%1e%17" of it | it) of (preceding text of last "1" of it | it) of (following text of (start of first (first matches (regex "[\u1300-\u13ff]") of it) of it) | it) whose(exists (first matches (regex "[\u1300-\u13ff]") of it)) of (preceding text of first "%06%03" of it | it) of substrings separated by "U%04" of it) of it whose(it contains "U%04") of (hexadecimal string it) of ( unique values of (it as string) of values "blob" of keys of keys "Certificates" of keys whose(name of it as uppercase contains "CA" OR name of it as uppercase contains "ROOT") of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates" of (x64 registries; x32 registries) )
eDellRoot?
Period
6 hours
* Results in a true/false |
exists (hexadecimal string it) whose(it contains "eDellRoot") of ( unique values of (it as string) of values "blob" of keys of keys "Certificates" of keys whose(name of it as uppercase contains "CA" OR name of it as uppercase contains "ROOT") of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates" of (x64 registries; x32 registries) )
DSDTestProvider?
Period
6 hours
* Results in a true/false |
exists (hexadecimal string it) whose(it contains "DSDTestProvider") of ( unique values of (it as string) of values "blob" of keys of keys "Certificates" of keys whose(name of it as uppercase contains "CA" OR name of it as uppercase contains "ROOT") of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates" of (x64 registries; x32 registries) )
Relevance
Sharing
Social Media: |