Certificates are used in the authentication process to establish secure connections between devices, such as web browsers and servers, or to digitally sign files or emails.
In the context of threat intelligence, certificate information is useful in a number of ways:
Identifying malicious websites and phishing attacks. Many attackers use fake or stolen certificates to make their websites appear legitimate, but analyzing certificate information helps to detect these fraudulent sites.
Tracking the activities of threat actors. By analyzing certificate information, security analysts can identify patterns and connections between different attacks, as well as the infrastructure and resources used by specific threat actors.
Verifying the authenticity of digital communications. By using certificate information to confirm the identity of a sender or the authenticity of a file, security teams can reduce the risk of falling victim to phishing, malware, or other attacks.
Silent Push allows you to search through data from our daily scans of the Internet's IPv4 range to obtain information on a broad range of elements related to individual certificates.
Get certificate information
Navigate to Advanced Query Builder > IPv4 Queries > Scan Data - Certificates Usage.
Specify an IP address and (optional) netmask for a range.
(Optional) Enter a certificate fingerprint (fingerprint_sha1).
(Optional) Specify a domain (wildcards supported).
(Optional) Select expired_certs_only for expired certificates.
Optional) Set a window (days) for recent scan results.
(Optional) Limit or skip results.
Click Search.
Save Queries
Organizational users can save queries for future use or sharing.
Specify query parameters.
Click Save Query.
Provide a Name and Description for context.
Click Save. The query appears in Private Queries.