Acquire or compromise 3rd party signing certificates

From pre-attack
Jump to: navigation, search


Acquire or compromise 3rd party signing certificates
Technique
ID PRE-T1087
Tactic Adversary OPSEC

Definition

Code signing is the process of digitally signing executables or scripts to confirm the software author and guarantee that the code has not been altered or corrupted. Users may trust a signed piece of code more than an signed piece of code even if they don't know who issued the certificate or who the author is.1

Difficulty for the Adversary

Easy for the Adversary (Yes/No): No

Explanation: It is trivial to purchase code signing certificates within an organization; many exist and are available at reasonable cost. It is complex to factor or steal 3rd party code signing certificates for use in malicious mechanisms

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Defender will not know what certificates an adversary acquires from a 3rd party. Defender will not know prior to public disclosure if a 3rd party has had their certificate compromised.

Similar Techniques for Other Tactics

TacticArticle
Adversary OPSECAcquire or compromise 3rd party signing certificates
Establish & Maintain InfrastructureAcquire or compromise 3rd party signing certificates