How does the `New-ExchangeCertificate` method allow file writing in ProxyShell, and how do you avoid special character issues?

`New-ExchangeCertificate` creates self-signed certificates, and the payload can be passed via the `SubjectName` parameter. The subject must follow a fixed format like `CN=Payload` and cannot contain the special characters `,`, `+`, or `;`. To bypass this, you can Base64-encode the payload (e.g., a JScript payload) to avoid these characters. A successful write returns `Microsoft.Exchange.Data.BinaryFileDataObject`. You can delete malicious certificates afterwards using `Remove-ExchangeCertificate` with the thumbprint or a subject filter.