CertificateThumbprints

Overview
Syntax
Output
Use Cases
Example Output
Remote Execution
Detection Considerations
Related Commands

Overview

The CertificateThumbprints command enumerates thumbprints (SHA-1 hashes) for all certificates in all certificate stores on the system. Thumbprints uniquely identify certificates and are often used in configuration files, security policies, and for certificate pinning.

Syntax

Seatbelt.exe CertificateThumbprints

This command does not support remote execution.

Output

The command returns:

Certificate store location (CurrentUser/LocalMachine)
Store name (My, Root, CA, TrustedPublisher, etc.)
Certificate subject
Thumbprint (SHA-1 hash)

Use Cases

Red Team
Blue Team

Identify trusted root certificates
Find certificate pinning configurations
Discover custom trusted CAs
Locate certificates used in applications
Identify potential trust anchor manipulation

Example Output

====== CertificateThumbprints ======

Store: CurrentUser\My
  CN=user@domain.com
  Thumbprint: 1234567890ABCDEF1234567890ABCDEF12345678

Store: LocalMachine\Root
  CN=VeriSign Class 3 Public Primary Certification Authority - G5
  Thumbprint: 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5

Store: LocalMachine\CA
  CN=Corporate Issuing CA
  Thumbprint: ABCDEF1234567890ABCDEF1234567890ABCDEF12

Store: LocalMachine\TrustedPublisher
  CN=Microsoft Corporation
  Thumbprint: 9876543210FEDCBA9876543210FEDCBA98765432

Remote Execution

This command does NOT support remote execution.

Detection Considerations

Minimal detection surface - standard certificate store enumeration.

Certificates - Detailed certificate information
AMSIProviders - AMSI provider enumeration
AntiVirus - Security product enumeration

Certificates InternetSettings

⌘I

Getting Started

System - OS & Environment

System - Security Configuration

System - Authentication & Access

System - Network

System - Monitoring & Enterprise

System - Advanced

User - Credentials

User - Browser Data

User - Cloud & Remote Access

User - Recent Activity

User - Communication

Misc - Event Logs

Misc - Browser History

Misc - File & Registry

Misc - System Details

Overview

Syntax

Output

Use Cases

Example Output

Remote Execution

Detection Considerations

Getting Started

System - OS & Environment

System - Security Configuration

System - Authentication & Access

System - Network

System - Monitoring & Enterprise

System - Advanced

User - Credentials

User - Browser Data

User - Cloud & Remote Access

User - Recent Activity

User - Communication

Misc - Event Logs

Misc - Browser History

Misc - File & Registry

Misc - System Details

​Overview

​Syntax

​Output

​Use Cases

​Example Output

​Remote Execution

​Detection Considerations

​Related Commands

Overview

Syntax

Output

Use Cases

Example Output

Remote Execution

Detection Considerations

Related Commands