- Home
- Techniques
- PRE-ATT&CK
- Acquire or compromise 3rd party signing certificates
Acquire or compromise 3rd party signing certificates
Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted. Users may trust a signed piece of code more than an unsigned piece of code even if they don't know who issued the certificate or who the author is. [1]
Similar Techniques by Tactic
Tactic | Technique |
---|---|
Adversary Opsec | Acquire or compromise 3rd party signing certificates |
Detection
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: Defender will not know what certificates an adversary acquires from a 3rd party. Defender will not know prior to public disclosure if a 3rd party has had their certificate compromised.
Difficulty for the Adversary
Easy for the Adversary (Yes/No): No
Explanation: It is trivial to purchase code signing certificates within an organization; many exist and are available at reasonable cost. It is complex to factor or steal 3rd party code signing certificates for use in malicious mechanisms
References
- Dennis Fisher. (2012, October 31). FINAL REPORT ON DIGINOTAR HACK SHOWS TOTAL COMPROMISE OF CA SERVERS. Retrieved March 6, 2017.