Certificate

A digital document, which highlights information such as the owner's identity, used to instill trust in public keys used while encrypting network communications

ID: DS0037
Platform: PRE
Collection Layer: OSINT
Version: 1.0
Created: 20 October 2021
Last Modified: 20 October 2021

Data Components

Certificate: Certificate Registration

Queried or logged information highlighting current and expired digital certificates (ex: Certificate transparency)

Certificate: Certificate Registration

Queried or logged information highlighting current and expired digital certificates (ex: Certificate transparency)

Domain ID Name Detects
Enterprise T1588 Obtain Capabilities

Consider use of services that may aid in the tracking of newly issued certificates and/or certificates in use on sites across the Internet. In some cases it may be possible to pivot on known pieces of certificate information to uncover other adversary infrastructure.[1] Some server-side components of adversary tools may have default values set for SSL/TLS certificates.[2] Much of this activity will take place outside the visibility of the target organization, making detection of this behavior difficult. Detection efforts may be focused on related stages of the adversary lifecycle, such as during Defense Evasion or Command and Control.

.004 Digital Certificates

Consider use of services that may aid in the tracking of newly issued certificates and/or certificates in use on sites across the Internet. In some cases it may be possible to pivot on known pieces of certificate information to uncover other adversary infrastructure.[1] Some server-side components of adversary tools may have default values set for SSL/TLS certificates.[2]

References