Security Intelligence Services

SSL Certificates

Learn about SSL certificates and see their history

What are SSL certificates and what can they tell us?

Securing user transactions and interactions on the internet is an essential part of everyday life. SSL certificates are files that digitally bind a cryptographic key to a set of user-provided details and assist in providing this security. Beyond securing your data, certificates are a great way for analysts to connect disparate malicious network infrastructure.

SSL certificates are typically used by malicious actors in the following ways:

  • Self-signed and associated with a website or web server performing a malicious function
  • Used to encrypt command and control communications for a piece of malware

How to Use It:

  • Determine if a domain or IP address is legitimate based on certificate
  • Identify self-signed certificates vs. third-party certificate authority
  • Identify IP clusters based on shared certificates
  • Identifying additional certificates of interest based on shared properties
  • Surface connections among subject alternate names for certificates

Additional Resources

Harnessing SSL Certificates Using Infrastructure Chaining
Learn how here

In the Real World: Exposing Turla Infrastructure through SSL Certificates
Learn more here