![]() ![]() He uses crt.sh to find (sub)domains that just got their SSL certificate.But don't worry, he'll also show you how to avoid that effectively. Those Certificate Transparency logs are public and Hanno Böck shows you how attackers can abuse this fact to automatically take over web servers by using install scripts before the user can. In the future certificates that aren't in the log won't be accepted by browsers like Google Chrome. So no need to disable zone transfers anymore, yay! *cough*. One particularly useful approach to further secure TLS is the certificate transparency log whenever a new certificate is created it can be submitted there for anyone to see. That's why we are amongst the proud sponsors of the Let's Encrypt certificate authority. At a later stage, it used social logins with the victim's Facebook for wix to avoid bot detectionĪbusing Certificate Transparency by Hanno BöckĪ modern web without TLS? Not gonna happen. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |