A digital document, which highlights information such as the owner's identity, used to instill trust in public keys used while encrypting network communications
Queried or logged information highlighting current and expired digital certificates (ex: Certificate transparency)
Queried or logged information highlighting current and expired digital certificates (ex: Certificate transparency)
Domain | ID | Name | Detects | |
---|---|---|---|---|
Enterprise | T1588 | Obtain Capabilities |
Consider use of services that may aid in the tracking of newly issued certificates and/or certificates in use on sites across the Internet. In some cases it may be possible to pivot on known pieces of certificate information to uncover other adversary infrastructure.[1] Some server-side components of adversary tools may have default values set for SSL/TLS certificates.[2] Much of this activity will take place outside the visibility of the target organization, making detection of this behavior difficult. Detection efforts may be focused on related stages of the adversary lifecycle, such as during Defense Evasion or Command and Control. |
|
.004 | Digital Certificates |
Consider use of services that may aid in the tracking of newly issued certificates and/or certificates in use on sites across the Internet. In some cases it may be possible to pivot on known pieces of certificate information to uncover other adversary infrastructure.[1] Some server-side components of adversary tools may have default values set for SSL/TLS certificates.[2] |