The Dark Side of Certificates: Exposing Your Network to Hackers
by alen-z on 4/15/2023, 11:16:41 AM
A slightly dramatic title, but not misleading. Discover how the SAN field in TLS/SSL certificates often exposes too much information. The article also offers suggestions on how to mitigate the risk of expanding potential attack surfaces.
Results; all discovered hostnames from Fortune 500 base websites: https://gist.github.com/alen-z/90e805cb6309f67c3d15809a3b3e2...
A slightly dramatic title, but not misleading. Discover how the SAN field in TLS/SSL certificates often exposes too much information. The article also offers suggestions on how to mitigate the risk of expanding potential attack surfaces.
Results; all discovered hostnames from Fortune 500 base websites: https://gist.github.com/alen-z/90e805cb6309f67c3d15809a3b3e2...