Summary: This post shares some key ways to leverage the Cert Graveyard database. I also share statistics on Cert Graveyard usage and share options to support my work. If you aren’t familiar with Cert Graveyard, I’ve described it in depth elsewhere: it is a public database for documenting abused code-signing certificates. We’ve reported and documentedContinue reading “Using the Cert Graveyard”
Category Archives: Certificate Abuse
The CertGraveyard
Learn about the role of the Cert Graveyard in tracking, reporting, and preventing malware that leverage Extended Validation code-signing certificates.
Quick abuse reports with certReport
The purpose of this blogpost is to formally introduce the certReport tool. The blog post will explain the tool’s function and give examples as to how to use it.
Impostor Certificates
It is common for malware to be signed with code signing certificates.
How is this possible? Impostors receive the cert directly and sign malware.
In this blog-post, we look at 100 certs used by Solarmarker malware to learn more.
Certified Bad
Authenticode Certificates are intended to ensure that software is created by vetted parties and that the software can be trusted; however, malware is often signed with valid Authenticode certificates and the process for signing malware and the implications are often misunderstood within InfoSec. This post takes a deep dive into my research on certificate abuse.