Cyber security

Living Off The LandLeaked Certificates (LoLCerts) – Unveiling The Underworld

Threat actors are known to sign their malware using stolen, or even legally acquired, code signing certificates.

This threat is becoming more relevant as more and more defenses are relying on digital signatures for allowing or not execution on an endpoint.

This project aims at collecting the details of the certificates that are known to be abused in the wild by malicious actors.

The scripts directory contains a Python script used to generate Yara rules for all the certificates. Rules are written according to Nextron System – Short tutorial how to create a yara rule for a compromised certificate.

To generate all the yara rules:

cd scripts/
python3 generate_yara.py

Schema:

name: name_of_the_certificate
meta:
  status: revoked|valid
  source: leaked|malicious
  description: |
    Brief description of the certificate and where was it obtained from
  references: Threat intelligence reference
  date: Date of release
  author: Author Name
issuer: Issuer of the certificate
timestamp: Unix timestamp of when the cert was leaked, if relevant
serial: Array of strings containing the serial numbers of the certificates
thumbprint: Optional array of strings containing the thumbprints of the certificates
Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Configure a Static IP Address on Ubuntu 18.04: Netplan Guide

Setting a static IP address on your server is a smart move. It ensures your…

16 hours ago

Install Xrdp on Ubuntu 18.04: Remote Desktop Setup Guide

Xrdp is an open-source implementation of the Microsoft Remote Desktop Protocol (RDP). It lets you access…

16 hours ago

Add and Delete Users on Ubuntu 18.04: A Practical Guide

Managing user accounts is one of the most basic system administration tasks on any Linux…

17 hours ago

Install Wine on Ubuntu 18.04: Run Windows Apps on Linux

Wine (short for "Wine Is Not an Emulator") is a compatibility layer that lets you run…

17 hours ago

Install KVM on Ubuntu 18.04: Setup, Network, and Create VMs

KVM (Kernel-based Virtual Machine) is an open-source virtualization technology built into the Linux kernel. It lets…

17 hours ago

Upgrade to Ubuntu 20.04 LTS: Prepare, Update, and Confirm

Ubuntu 20.04 LTS (code name Focal Fossa) was released on April 23, 2020. It is a…

2 days ago