This post provides reference to my contribution in MITRE ATT&CK Technique T1649
MITRE ATT&CK Technique T1649
Adversaries may steal or forge certificates used for authentication to access remote systems or resources. Digital certificates are often used to sign and encrypt messages and/or files. Certificates are also used as authentication material. For example, Azure AD device certificates and Active Directory Certificate Services (AD CS) certificates bind to an identity and can be used as credentials for domain accounts.
I have contributed with MITRE to track this attack technique (T1649).
Reference for the details: