T1553.004: Add "Prevent non-administrator users to add Root certificates" parameter

Harvester57 opened this issue 2 years ago · comments

Florian Stosse commented 2 years ago

Cf. https://attack.mitre.org/techniques/T1553/004/ & https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots - Flags (REG_DWORD) - 1

Florian Stosse commented a year ago

Added in f5a2e22 (finally...)