How To: Check For Symantec Certificates From the Command Line

Background Starting with Chrome 66 and Firefox 60, Symantec SSL certificates issued before June 1, 2016 will be distrusted. With Chrome 70 and Firefox 63, all Symantec SSL certs issued before December 1, 2017 will be distrusted. This creates a need to quickly scan for those certs. Use OpenSSL to check This is a fairly simple task with OpenSSL: $ timeout 1 openssl s_client -showcerts -connect my.domain.name:443 | openssl x509 -noout -startdate This will tell you the start date for a site’s certificate. [Read more...]

DIY Threat Intel: Monitoring Phishing Domains and Typosquatting

Being able to receive alerts when a new domain is registered that closely matches an existing domain you own can be a valuable source of threat intelligence. So valuable, in fact, that several services incorporate such notification as part of their product offering. However, you don’t need to pay for this sort of service. You can build the functionality rather easily, for free! What You’ll Need For this how-to, you’ll need access to some source of newly-registered domain information. [Read more...]

How To: Scanning For SSL Certificates From the Command Line

Background Recently, there was a Remote Code Execution (RCE) vulnerability discovered in Palo Alto Firewalls. I found out about this through a post on the Full Disclosure mailing list by the researcher who discovered it. Even more recently, another post was made, with a script to test for the vulnerability. In that post, the author states they used a Shodan search to locate Palo Alto firewalls. While they don’t specify what search they used, I suspect it is something similar to: [Read more...]