- Home
- Techniques
- PRE-ATT&CK
- SSL certificate acquisition for domain
SSL certificate acquisition for domain
Certificates are designed to instill trust. They include information about the key, information about its owner's identity, and the digital signature of an entity that has verified the certificate's contents are correct. If the signature is valid, and the person examining the certificate trusts the signer, then they know they can use that key to communicate with its owner. Acquiring a certificate for a domain name similar to one that is expected to be trusted may allow an adversary to trick a user in to trusting the domain (e.g., vvachovia instead of Wachovia -- homoglyphs). [1] [2]
Detection
Detectable by Common Defenses (Yes/No/Partial): Yes
Explanation: Defender can monitor for domains similar to popular sites (possibly leverage [https://www.alexa.com Alexa] top ''N'' lists as starting point).
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: SSL certificates are readily available at little to no cost.
References
- Ryan Singel. (2010, March 24). Law Enforcement Appliance Subverts SSL. Retrieved March 2, 2017.
- Bob Sullivan. (2000, July 24). PayPal alert! Beware the 'PaypaI' scam. Retrieved March 2, 2017.