YoVDO

CertGraph - A Tool to Crawl the Graph of SSL Certificate Alternate Names Using Certificate Transparency

Offered By: 0xdade via YouTube

Tags

ShmooCon Courses Cybersecurity Courses Network Security Courses System Administration Courses SSL Certificates Courses Certificate Authorities Courses Certificate Transparency Courses

Course Description

Overview

Explore the world of SSL certificates and Certificate Transparency in this 23-minute conference talk by Ian Foster. Dive into the unintended privacy implications of Certificate Transparency for both end-users and organizations. Learn about CertGraph, a new tool for uncovering and enumerating domains hidden in SSL certificate Alternative Names. Discover how CertGraph crawls internet-accessible certificates through exposed hosts and Certificate Transparency logs, creating visual graphs of certificates and domains. Gain insights into identifying internal and public domains, host enumeration, and misconfigured SSL certificates. Understand the background of Certificate Transparency, its importance in solving trust issues with Certificate Authorities, and how to protect yourself and your organization from potential privacy risks.

Syllabus

Introduction
Overview
Alt Names
Obtaining a Certificate
What happens if a Certificate Authority misbehaves
DigiNotar
Symantec
Certificate Transparency
Time Life
How it works
Emergency logs
DNS record
Expect certificate
Search engines
CertGraph
Web Interface
CDN


Taught by

0xdade

Related Courses

Security Principles
(ISC)² via Coursera
A Strategic Approach to Cybersecurity
University of Maryland, College Park via Coursera
FinTech for Finance and Business Leaders
ACCA via edX
Access Control Concepts
(ISC)² via Coursera
Access Controls
(ISC)² via Coursera