e.g
A rogue site installed masking as yourdomain.com
A cool means for finding any certificates issue against your domain is to use crt.sh site.
Here's a quick snippet of certificates issued against fortinet.com
NOTE: use the % sign before the domainname for a any search
You can even used this when doing PKI audit and forensic. Here's a site that had a certificate revoke
If you drill-in on id 165913200 you can get the revocation date & when it was logged
crt.sh is very simple to use, and can help provide information for tracking , incident investigate and plain auditing for your domain(s) and x509 certificates.
You can find out details that include
- previous/current certificates
- the CAissuer that was used
- lifetime-expiration details
- revocation details and type
- cert details ( sha fingerprint, pubkey,key size,etc......)
It's very hard to hide anything from certification-transparency
Ken
Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment